# Email Security # Investigate ## Search email messages `client.emailSecurity.investigate.list(InvestigateListParamsparams, RequestOptionsoptions?): V4PagePaginationArray` **get** `/accounts/{account_id}/email-security/investigate` Returns information for each email that matches the search parameter(s). ### Parameters - `params: InvestigateListParams` - `account_id: string` Path param: Identifier. - `alert_id?: string` Query param - `cursor?: string` Query param - `delivery_status?: "delivered" | "moved" | "quarantined" | 4 more` Query param: Delivery status to filter by. - `"delivered"` - `"moved"` - `"quarantined"` - `"rejected"` - `"deferred"` - `"bounced"` - `"queued"` - `detections_only?: boolean` Query param: Whether to include only detections in search results. - `domain?: string` Query param: Sender domains to filter by. - `end?: string` Query param: The end of the search date range. Defaults to `now`. - `final_disposition?: "MALICIOUS" | "SUSPICIOUS" | "SPOOF" | 3 more` Query param: Dispositions to filter by. - `"MALICIOUS"` - `"SUSPICIOUS"` - `"SPOOF"` - `"SPAM"` - `"BULK"` - `"NONE"` - `message_action?: "PREVIEW" | "QUARANTINE_RELEASED" | "MOVED"` Query param: Message actions to filter by. - `"PREVIEW"` - `"QUARANTINE_RELEASED"` - `"MOVED"` - `message_id?: string` Query param - `metric?: string` Query param - `page?: number | null` Query param: Deprecated: Use cursor pagination instead. End of life: November 1, 2026. - `per_page?: number` Query param: The number of results per page. Maximum value is 1000. - `query?: string` Query param: Space-delimited search term. Case-insensitive. - `recipient?: string` Query param - `sender?: string` Query param - `start?: string` Query param: The beginning of the search date range. Defaults to `now - 30 days`. Must not be in the future. - `subject?: string` Query param ### Returns - `InvestigateListResponse` - `id: string` Unique identifier for a message retrieved from investigation - `action_log: Array` Deprecated, use `GET /investigate/{investigate_id}/action_log` instead. End of life: November 1, 2026. - `completed_at: string` Timestamp when action completed - `operation: "MOVE" | "RELEASE" | "RECLASSIFY" | 3 more` Type of action performed - `"MOVE"` - `"RELEASE"` - `"RECLASSIFY"` - `"SUBMISSION"` - `"QUARANTINE_RELEASE"` - `"PREVIEW"` - `completed_timestamp?: string` Deprecated, use `completed_at` instead. End of life: November 1, 2026. - `properties?: Properties` Additional properties for the action - `folder?: string` Target folder for move operations - `requested_by?: string` User who requested the action - `status?: string | null` Status of the action - `client_recipients: Array` - `detection_reasons: Array` - `is_phish_submission: boolean` - `is_quarantined: boolean` - `postfix_id: string` The identifier of the message - `properties: Properties` Message processing properties - `allowlisted_pattern?: string | null` Pattern that allowlisted this message - `allowlisted_pattern_type?: "quarantine_release" | "acceptable_sender" | "allowed_sender" | 5 more | null` Type of allowlist pattern - `"quarantine_release"` - `"acceptable_sender"` - `"allowed_sender"` - `"allowed_recipient"` - `"domain_similarity"` - `"domain_recency"` - `"managed_acceptable_sender"` - `"outbound_ndr"` - `blocklisted_message?: boolean | null` Whether message was blocklisted - `blocklisted_pattern?: string | null` Pattern that blocklisted this message - `whitelisted_pattern_type?: "quarantine_release" | "acceptable_sender" | "allowed_sender" | 5 more | null` Legacy field for allowlist pattern type - `"quarantine_release"` - `"acceptable_sender"` - `"allowed_sender"` - `"allowed_recipient"` - `"domain_similarity"` - `"domain_recency"` - `"managed_acceptable_sender"` - `"outbound_ndr"` - `ts: string` Deprecated, use `scanned_at` instead. End of life: November 1, 2026. - `alert_id?: string | null` - `delivery_mode?: "DIRECT" | "BCC" | "JOURNAL" | 8 more` - `"DIRECT"` - `"BCC"` - `"JOURNAL"` - `"REVIEW_SUBMISSION"` - `"DMARC_UNVERIFIED"` - `"DMARC_FAILURE_REPORT"` - `"DMARC_AGGREGATE_REPORT"` - `"THREAT_INTEL_SUBMISSION"` - `"SIMULATION_SUBMISSION"` - `"API"` - `"RETRO_SCAN"` - `delivery_status?: Array<"delivered" | "moved" | "quarantined" | 4 more> | null` - `"delivered"` - `"moved"` - `"quarantined"` - `"rejected"` - `"deferred"` - `"bounced"` - `"queued"` - `edf_hash?: string | null` - `envelope_from?: string | null` - `envelope_to?: Array | null` - `final_disposition?: "MALICIOUS" | "MALICIOUS-BEC" | "SUSPICIOUS" | 7 more` - `"MALICIOUS"` - `"MALICIOUS-BEC"` - `"SUSPICIOUS"` - `"SPOOF"` - `"SPAM"` - `"BULK"` - `"ENCRYPTED"` - `"EXTERNAL"` - `"UNKNOWN"` - `"NONE"` - `findings?: Array | null` Deprecated, use the `findings` field from `GET /investigate/{investigate_id}/detections` instead. End of life: November 1, 2026. Detection findings for this message. - `attachment?: string | null` - `detail?: string | null` - `detection?: "MALICIOUS" | "MALICIOUS-BEC" | "SUSPICIOUS" | 7 more` - `"MALICIOUS"` - `"MALICIOUS-BEC"` - `"SUSPICIOUS"` - `"SPOOF"` - `"SPAM"` - `"BULK"` - `"ENCRYPTED"` - `"EXTERNAL"` - `"UNKNOWN"` - `"NONE"` - `field?: string | null` - `name?: string | null` - `portion?: string | null` - `reason?: string | null` - `score?: number | null` - `value?: string | null` - `from?: string | null` - `from_name?: string | null` - `htmltext_structure_hash?: string | null` - `message_id?: string | null` - `post_delivery_operations?: Array<"PREVIEW" | "QUARANTINE_RELEASE" | "SUBMISSION" | "MOVE"> | null` Post-delivery operations performed on this message - `"PREVIEW"` - `"QUARANTINE_RELEASE"` - `"SUBMISSION"` - `"MOVE"` - `postfix_id_outbound?: string | null` - `replyto?: string | null` - `scanned_at?: string | null` When the message was scanned (UTC) - `sent_at?: string | null` When the message was sent (UTC) - `sent_date?: string | null` - `smtp_helo_server_ip?: string | null` - `smtp_previous_hop_ip?: string | null` - `subject?: string | null` - `threat_categories?: Array | null` - `to?: Array | null` - `to_name?: Array | null` - `validation?: Validation` - `comment?: string | null` - `dkim?: "pass" | "neutral" | "fail" | 2 more` - `"pass"` - `"neutral"` - `"fail"` - `"error"` - `"none"` - `dmarc?: "pass" | "neutral" | "fail" | 2 more` - `"pass"` - `"neutral"` - `"fail"` - `"error"` - `"none"` - `spf?: "pass" | "neutral" | "fail" | 2 more` - `"pass"` - `"neutral"` - `"fail"` - `"error"` - `"none"` - `x_originating_ip?: string | null` ### Example ```typescript import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted }); // Automatically fetches more pages as needed. for await (const investigateListResponse of client.emailSecurity.investigate.list({ account_id: '023e105f4ecef8ad9ca31a8372d0c353', })) { console.log(investigateListResponse.id); } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": [ { "id": "4Njp3P0STMz2c02Q-2024-01-05T10:00:00-12345678", "action_log": [ { "completed_at": "2019-12-27T18:11:19.117Z", "operation": "MOVE", "completed_timestamp": "completed_timestamp", "properties": { "folder": "folder", "requested_by": "requested_by" }, "status": "status" } ], "client_recipients": [ "string" ], "detection_reasons": [ "string" ], "is_phish_submission": true, "is_quarantined": true, "postfix_id": "4Njp3P0STMz2c02Q", "properties": { "allowlisted_pattern": "allowlisted_pattern", "allowlisted_pattern_type": "quarantine_release", "blocklisted_message": true, "blocklisted_pattern": "blocklisted_pattern", "whitelisted_pattern_type": "quarantine_release" }, "ts": "ts", "alert_id": "alert_id", "delivery_mode": "DIRECT", "delivery_status": [ "delivered" ], "edf_hash": "edf_hash", "envelope_from": "envelope_from", "envelope_to": [ "string" ], "final_disposition": "MALICIOUS", "findings": [ { "attachment": "attachment", "detail": "detail", "detection": "MALICIOUS", "field": "field", "name": "name", "portion": "portion", "reason": "reason", "score": 0, "value": "value" } ], "from": "from", "from_name": "from_name", "htmltext_structure_hash": "htmltext_structure_hash", "message_id": "message_id", "post_delivery_operations": [ "PREVIEW" ], "postfix_id_outbound": "postfix_id_outbound", "replyto": "replyto", "scanned_at": "2019-12-27T18:11:19.117Z", "sent_at": "2019-12-27T18:11:19.117Z", "sent_date": "sent_date", "smtp_helo_server_ip": "smtp_helo_server_ip", "smtp_previous_hop_ip": "smtp_previous_hop_ip", "subject": "subject", "threat_categories": [ "string" ], "to": [ "string" ], "to_name": [ "string" ], "validation": { "comment": "comment", "dkim": "pass", "dmarc": "pass", "spf": "pass" }, "x_originating_ip": "x_originating_ip" } ], "result_info": { "count": 0, "per_page": 0, "total_count": 0, "next": "next", "page": 0, "previous": "previous" }, "success": true } ``` ## Get message details `client.emailSecurity.investigate.get(stringinvestigateID, InvestigateGetParamsparams, RequestOptionsoptions?): InvestigateGetResponse` **get** `/accounts/{account_id}/email-security/investigate/{investigate_id}` Retrieves comprehensive details for a specific email message including headers, recipients, sender information, and current quarantine status. Use the investigate_id from search results to fetch detailed information. ### Parameters - `investigateID: string` Unique identifier for a message retrieved from investigation - `params: InvestigateGetParams` - `account_id: string` Path param: Identifier. - `submission?: boolean` Query param: When true, search the submissions datastore only. When false or omitted, search the regular datastore only. ### Returns - `InvestigateGetResponse` - `id: string` Unique identifier for a message retrieved from investigation - `action_log: Array` Deprecated, use `GET /investigate/{investigate_id}/action_log` instead. End of life: November 1, 2026. - `completed_at: string` Timestamp when action completed - `operation: "MOVE" | "RELEASE" | "RECLASSIFY" | 3 more` Type of action performed - `"MOVE"` - `"RELEASE"` - `"RECLASSIFY"` - `"SUBMISSION"` - `"QUARANTINE_RELEASE"` - `"PREVIEW"` - `completed_timestamp?: string` Deprecated, use `completed_at` instead. End of life: November 1, 2026. - `properties?: Properties` Additional properties for the action - `folder?: string` Target folder for move operations - `requested_by?: string` User who requested the action - `status?: string | null` Status of the action - `client_recipients: Array` - `detection_reasons: Array` - `is_phish_submission: boolean` - `is_quarantined: boolean` - `postfix_id: string` The identifier of the message - `properties: Properties` Message processing properties - `allowlisted_pattern?: string | null` Pattern that allowlisted this message - `allowlisted_pattern_type?: "quarantine_release" | "acceptable_sender" | "allowed_sender" | 5 more | null` Type of allowlist pattern - `"quarantine_release"` - `"acceptable_sender"` - `"allowed_sender"` - `"allowed_recipient"` - `"domain_similarity"` - `"domain_recency"` - `"managed_acceptable_sender"` - `"outbound_ndr"` - `blocklisted_message?: boolean | null` Whether message was blocklisted - `blocklisted_pattern?: string | null` Pattern that blocklisted this message - `whitelisted_pattern_type?: "quarantine_release" | "acceptable_sender" | "allowed_sender" | 5 more | null` Legacy field for allowlist pattern type - `"quarantine_release"` - `"acceptable_sender"` - `"allowed_sender"` - `"allowed_recipient"` - `"domain_similarity"` - `"domain_recency"` - `"managed_acceptable_sender"` - `"outbound_ndr"` - `ts: string` Deprecated, use `scanned_at` instead. End of life: November 1, 2026. - `alert_id?: string | null` - `delivery_mode?: "DIRECT" | "BCC" | "JOURNAL" | 8 more` - `"DIRECT"` - `"BCC"` - `"JOURNAL"` - `"REVIEW_SUBMISSION"` - `"DMARC_UNVERIFIED"` - `"DMARC_FAILURE_REPORT"` - `"DMARC_AGGREGATE_REPORT"` - `"THREAT_INTEL_SUBMISSION"` - `"SIMULATION_SUBMISSION"` - `"API"` - `"RETRO_SCAN"` - `delivery_status?: Array<"delivered" | "moved" | "quarantined" | 4 more> | null` - `"delivered"` - `"moved"` - `"quarantined"` - `"rejected"` - `"deferred"` - `"bounced"` - `"queued"` - `edf_hash?: string | null` - `envelope_from?: string | null` - `envelope_to?: Array | null` - `final_disposition?: "MALICIOUS" | "MALICIOUS-BEC" | "SUSPICIOUS" | 7 more` - `"MALICIOUS"` - `"MALICIOUS-BEC"` - `"SUSPICIOUS"` - `"SPOOF"` - `"SPAM"` - `"BULK"` - `"ENCRYPTED"` - `"EXTERNAL"` - `"UNKNOWN"` - `"NONE"` - `findings?: Array | null` Deprecated, use the `findings` field from `GET /investigate/{investigate_id}/detections` instead. End of life: November 1, 2026. Detection findings for this message. - `attachment?: string | null` - `detail?: string | null` - `detection?: "MALICIOUS" | "MALICIOUS-BEC" | "SUSPICIOUS" | 7 more` - `"MALICIOUS"` - `"MALICIOUS-BEC"` - `"SUSPICIOUS"` - `"SPOOF"` - `"SPAM"` - `"BULK"` - `"ENCRYPTED"` - `"EXTERNAL"` - `"UNKNOWN"` - `"NONE"` - `field?: string | null` - `name?: string | null` - `portion?: string | null` - `reason?: string | null` - `score?: number | null` - `value?: string | null` - `from?: string | null` - `from_name?: string | null` - `htmltext_structure_hash?: string | null` - `message_id?: string | null` - `post_delivery_operations?: Array<"PREVIEW" | "QUARANTINE_RELEASE" | "SUBMISSION" | "MOVE"> | null` Post-delivery operations performed on this message - `"PREVIEW"` - `"QUARANTINE_RELEASE"` - `"SUBMISSION"` - `"MOVE"` - `postfix_id_outbound?: string | null` - `replyto?: string | null` - `scanned_at?: string | null` When the message was scanned (UTC) - `sent_at?: string | null` When the message was sent (UTC) - `sent_date?: string | null` - `smtp_helo_server_ip?: string | null` - `smtp_previous_hop_ip?: string | null` - `subject?: string | null` - `threat_categories?: Array | null` - `to?: Array | null` - `to_name?: Array | null` - `validation?: Validation` - `comment?: string | null` - `dkim?: "pass" | "neutral" | "fail" | 2 more` - `"pass"` - `"neutral"` - `"fail"` - `"error"` - `"none"` - `dmarc?: "pass" | "neutral" | "fail" | 2 more` - `"pass"` - `"neutral"` - `"fail"` - `"error"` - `"none"` - `spf?: "pass" | "neutral" | "fail" | 2 more` - `"pass"` - `"neutral"` - `"fail"` - `"error"` - `"none"` - `x_originating_ip?: string | null` ### Example ```typescript import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted }); const investigate = await client.emailSecurity.investigate.get( '4Njp3P0STMz2c02Q-2024-01-05T10:00:00-12345678', { account_id: '023e105f4ecef8ad9ca31a8372d0c353' }, ); console.log(investigate.id); ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": { "id": "4Njp3P0STMz2c02Q-2024-01-05T10:00:00-12345678", "action_log": [ { "completed_at": "2019-12-27T18:11:19.117Z", "operation": "MOVE", "completed_timestamp": "completed_timestamp", "properties": { "folder": "folder", "requested_by": "requested_by" }, "status": "status" } ], "client_recipients": [ "string" ], "detection_reasons": [ "string" ], "is_phish_submission": true, "is_quarantined": true, "postfix_id": "4Njp3P0STMz2c02Q", "properties": { "allowlisted_pattern": "allowlisted_pattern", "allowlisted_pattern_type": "quarantine_release", "blocklisted_message": true, "blocklisted_pattern": "blocklisted_pattern", "whitelisted_pattern_type": "quarantine_release" }, "ts": "ts", "alert_id": "alert_id", "delivery_mode": "DIRECT", "delivery_status": [ "delivered" ], "edf_hash": "edf_hash", "envelope_from": "envelope_from", "envelope_to": [ "string" ], "final_disposition": "MALICIOUS", "findings": [ { "attachment": "attachment", "detail": "detail", "detection": "MALICIOUS", "field": "field", "name": "name", "portion": "portion", "reason": "reason", "score": 0, "value": "value" } ], "from": "from", "from_name": "from_name", "htmltext_structure_hash": "htmltext_structure_hash", "message_id": "message_id", "post_delivery_operations": [ "PREVIEW" ], "postfix_id_outbound": "postfix_id_outbound", "replyto": "replyto", "scanned_at": "2019-12-27T18:11:19.117Z", "sent_at": "2019-12-27T18:11:19.117Z", "sent_date": "sent_date", "smtp_helo_server_ip": "smtp_helo_server_ip", "smtp_previous_hop_ip": "smtp_previous_hop_ip", "subject": "subject", "threat_categories": [ "string" ], "to": [ "string" ], "to_name": [ "string" ], "validation": { "comment": "comment", "dkim": "pass", "dmarc": "pass", "spf": "pass" }, "x_originating_ip": "x_originating_ip" }, "success": true } ``` ## Domain Types ### Investigate List Response - `InvestigateListResponse` - `id: string` Unique identifier for a message retrieved from investigation - `action_log: Array` Deprecated, use `GET /investigate/{investigate_id}/action_log` instead. End of life: November 1, 2026. - `completed_at: string` Timestamp when action completed - `operation: "MOVE" | "RELEASE" | "RECLASSIFY" | 3 more` Type of action performed - `"MOVE"` - `"RELEASE"` - `"RECLASSIFY"` - `"SUBMISSION"` - `"QUARANTINE_RELEASE"` - `"PREVIEW"` - `completed_timestamp?: string` Deprecated, use `completed_at` instead. End of life: November 1, 2026. - `properties?: Properties` Additional properties for the action - `folder?: string` Target folder for move operations - `requested_by?: string` User who requested the action - `status?: string | null` Status of the action - `client_recipients: Array` - `detection_reasons: Array` - `is_phish_submission: boolean` - `is_quarantined: boolean` - `postfix_id: string` The identifier of the message - `properties: Properties` Message processing properties - `allowlisted_pattern?: string | null` Pattern that allowlisted this message - `allowlisted_pattern_type?: "quarantine_release" | "acceptable_sender" | "allowed_sender" | 5 more | null` Type of allowlist pattern - `"quarantine_release"` - `"acceptable_sender"` - `"allowed_sender"` - `"allowed_recipient"` - `"domain_similarity"` - `"domain_recency"` - `"managed_acceptable_sender"` - `"outbound_ndr"` - `blocklisted_message?: boolean | null` Whether message was blocklisted - `blocklisted_pattern?: string | null` Pattern that blocklisted this message - `whitelisted_pattern_type?: "quarantine_release" | "acceptable_sender" | "allowed_sender" | 5 more | null` Legacy field for allowlist pattern type - `"quarantine_release"` - `"acceptable_sender"` - `"allowed_sender"` - `"allowed_recipient"` - `"domain_similarity"` - `"domain_recency"` - `"managed_acceptable_sender"` - `"outbound_ndr"` - `ts: string` Deprecated, use `scanned_at` instead. End of life: November 1, 2026. - `alert_id?: string | null` - `delivery_mode?: "DIRECT" | "BCC" | "JOURNAL" | 8 more` - `"DIRECT"` - `"BCC"` - `"JOURNAL"` - `"REVIEW_SUBMISSION"` - `"DMARC_UNVERIFIED"` - `"DMARC_FAILURE_REPORT"` - `"DMARC_AGGREGATE_REPORT"` - `"THREAT_INTEL_SUBMISSION"` - `"SIMULATION_SUBMISSION"` - `"API"` - `"RETRO_SCAN"` - `delivery_status?: Array<"delivered" | "moved" | "quarantined" | 4 more> | null` - `"delivered"` - `"moved"` - `"quarantined"` - `"rejected"` - `"deferred"` - `"bounced"` - `"queued"` - `edf_hash?: string | null` - `envelope_from?: string | null` - `envelope_to?: Array | null` - `final_disposition?: "MALICIOUS" | "MALICIOUS-BEC" | "SUSPICIOUS" | 7 more` - `"MALICIOUS"` - `"MALICIOUS-BEC"` - `"SUSPICIOUS"` - `"SPOOF"` - `"SPAM"` - `"BULK"` - `"ENCRYPTED"` - `"EXTERNAL"` - `"UNKNOWN"` - `"NONE"` - `findings?: Array | null` Deprecated, use the `findings` field from `GET /investigate/{investigate_id}/detections` instead. End of life: November 1, 2026. Detection findings for this message. - `attachment?: string | null` - `detail?: string | null` - `detection?: "MALICIOUS" | "MALICIOUS-BEC" | "SUSPICIOUS" | 7 more` - `"MALICIOUS"` - `"MALICIOUS-BEC"` - `"SUSPICIOUS"` - `"SPOOF"` - `"SPAM"` - `"BULK"` - `"ENCRYPTED"` - `"EXTERNAL"` - `"UNKNOWN"` - `"NONE"` - `field?: string | null` - `name?: string | null` - `portion?: string | null` - `reason?: string | null` - `score?: number | null` - `value?: string | null` - `from?: string | null` - `from_name?: string | null` - `htmltext_structure_hash?: string | null` - `message_id?: string | null` - `post_delivery_operations?: Array<"PREVIEW" | "QUARANTINE_RELEASE" | "SUBMISSION" | "MOVE"> | null` Post-delivery operations performed on this message - `"PREVIEW"` - `"QUARANTINE_RELEASE"` - `"SUBMISSION"` - `"MOVE"` - `postfix_id_outbound?: string | null` - `replyto?: string | null` - `scanned_at?: string | null` When the message was scanned (UTC) - `sent_at?: string | null` When the message was sent (UTC) - `sent_date?: string | null` - `smtp_helo_server_ip?: string | null` - `smtp_previous_hop_ip?: string | null` - `subject?: string | null` - `threat_categories?: Array | null` - `to?: Array | null` - `to_name?: Array | null` - `validation?: Validation` - `comment?: string | null` - `dkim?: "pass" | "neutral" | "fail" | 2 more` - `"pass"` - `"neutral"` - `"fail"` - `"error"` - `"none"` - `dmarc?: "pass" | "neutral" | "fail" | 2 more` - `"pass"` - `"neutral"` - `"fail"` - `"error"` - `"none"` - `spf?: "pass" | "neutral" | "fail" | 2 more` - `"pass"` - `"neutral"` - `"fail"` - `"error"` - `"none"` - `x_originating_ip?: string | null` ### Investigate Get Response - `InvestigateGetResponse` - `id: string` Unique identifier for a message retrieved from investigation - `action_log: Array` Deprecated, use `GET /investigate/{investigate_id}/action_log` instead. End of life: November 1, 2026. - `completed_at: string` Timestamp when action completed - `operation: "MOVE" | "RELEASE" | "RECLASSIFY" | 3 more` Type of action performed - `"MOVE"` - `"RELEASE"` - `"RECLASSIFY"` - `"SUBMISSION"` - `"QUARANTINE_RELEASE"` - `"PREVIEW"` - `completed_timestamp?: string` Deprecated, use `completed_at` instead. End of life: November 1, 2026. - `properties?: Properties` Additional properties for the action - `folder?: string` Target folder for move operations - `requested_by?: string` User who requested the action - `status?: string | null` Status of the action - `client_recipients: Array` - `detection_reasons: Array` - `is_phish_submission: boolean` - `is_quarantined: boolean` - `postfix_id: string` The identifier of the message - `properties: Properties` Message processing properties - `allowlisted_pattern?: string | null` Pattern that allowlisted this message - `allowlisted_pattern_type?: "quarantine_release" | "acceptable_sender" | "allowed_sender" | 5 more | null` Type of allowlist pattern - `"quarantine_release"` - `"acceptable_sender"` - `"allowed_sender"` - `"allowed_recipient"` - `"domain_similarity"` - `"domain_recency"` - `"managed_acceptable_sender"` - `"outbound_ndr"` - `blocklisted_message?: boolean | null` Whether message was blocklisted - `blocklisted_pattern?: string | null` Pattern that blocklisted this message - `whitelisted_pattern_type?: "quarantine_release" | "acceptable_sender" | "allowed_sender" | 5 more | null` Legacy field for allowlist pattern type - `"quarantine_release"` - `"acceptable_sender"` - `"allowed_sender"` - `"allowed_recipient"` - `"domain_similarity"` - `"domain_recency"` - `"managed_acceptable_sender"` - `"outbound_ndr"` - `ts: string` Deprecated, use `scanned_at` instead. End of life: November 1, 2026. - `alert_id?: string | null` - `delivery_mode?: "DIRECT" | "BCC" | "JOURNAL" | 8 more` - `"DIRECT"` - `"BCC"` - `"JOURNAL"` - `"REVIEW_SUBMISSION"` - `"DMARC_UNVERIFIED"` - `"DMARC_FAILURE_REPORT"` - `"DMARC_AGGREGATE_REPORT"` - `"THREAT_INTEL_SUBMISSION"` - `"SIMULATION_SUBMISSION"` - `"API"` - `"RETRO_SCAN"` - `delivery_status?: Array<"delivered" | "moved" | "quarantined" | 4 more> | null` - `"delivered"` - `"moved"` - `"quarantined"` - `"rejected"` - `"deferred"` - `"bounced"` - `"queued"` - `edf_hash?: string | null` - `envelope_from?: string | null` - `envelope_to?: Array | null` - `final_disposition?: "MALICIOUS" | "MALICIOUS-BEC" | "SUSPICIOUS" | 7 more` - `"MALICIOUS"` - `"MALICIOUS-BEC"` - `"SUSPICIOUS"` - `"SPOOF"` - `"SPAM"` - `"BULK"` - `"ENCRYPTED"` - `"EXTERNAL"` - `"UNKNOWN"` - `"NONE"` - `findings?: Array | null` Deprecated, use the `findings` field from `GET /investigate/{investigate_id}/detections` instead. End of life: November 1, 2026. Detection findings for this message. - `attachment?: string | null` - `detail?: string | null` - `detection?: "MALICIOUS" | "MALICIOUS-BEC" | "SUSPICIOUS" | 7 more` - `"MALICIOUS"` - `"MALICIOUS-BEC"` - `"SUSPICIOUS"` - `"SPOOF"` - `"SPAM"` - `"BULK"` - `"ENCRYPTED"` - `"EXTERNAL"` - `"UNKNOWN"` - `"NONE"` - `field?: string | null` - `name?: string | null` - `portion?: string | null` - `reason?: string | null` - `score?: number | null` - `value?: string | null` - `from?: string | null` - `from_name?: string | null` - `htmltext_structure_hash?: string | null` - `message_id?: string | null` - `post_delivery_operations?: Array<"PREVIEW" | "QUARANTINE_RELEASE" | "SUBMISSION" | "MOVE"> | null` Post-delivery operations performed on this message - `"PREVIEW"` - `"QUARANTINE_RELEASE"` - `"SUBMISSION"` - `"MOVE"` - `postfix_id_outbound?: string | null` - `replyto?: string | null` - `scanned_at?: string | null` When the message was scanned (UTC) - `sent_at?: string | null` When the message was sent (UTC) - `sent_date?: string | null` - `smtp_helo_server_ip?: string | null` - `smtp_previous_hop_ip?: string | null` - `subject?: string | null` - `threat_categories?: Array | null` - `to?: Array | null` - `to_name?: Array | null` - `validation?: Validation` - `comment?: string | null` - `dkim?: "pass" | "neutral" | "fail" | 2 more` - `"pass"` - `"neutral"` - `"fail"` - `"error"` - `"none"` - `dmarc?: "pass" | "neutral" | "fail" | 2 more` - `"pass"` - `"neutral"` - `"fail"` - `"error"` - `"none"` - `spf?: "pass" | "neutral" | "fail" | 2 more` - `"pass"` - `"neutral"` - `"fail"` - `"error"` - `"none"` - `x_originating_ip?: string | null` # Detections ## Get message detection details `client.emailSecurity.investigate.detections.get(stringinvestigateID, DetectionGetParamsparams, RequestOptionsoptions?): DetectionGetResponse` **get** `/accounts/{account_id}/email-security/investigate/{investigate_id}/detections` Returns detection details such as threat categories and sender information for non-benign messages. ### Parameters - `investigateID: string` Unique identifier for a message retrieved from investigation - `params: DetectionGetParams` - `account_id: string` Identifier. ### Returns - `DetectionGetResponse` - `action: string` - `attachments: Array` - `size: number` Size of the attachment in bytes - `content_type?: string | null` MIME type of the attachment - `detection?: "MALICIOUS" | "MALICIOUS-BEC" | "SUSPICIOUS" | 7 more | null` Detection result for this attachment - `"MALICIOUS"` - `"MALICIOUS-BEC"` - `"SUSPICIOUS"` - `"SPOOF"` - `"SPAM"` - `"BULK"` - `"ENCRYPTED"` - `"EXTERNAL"` - `"UNKNOWN"` - `"NONE"` - `encrypted?: boolean | null` Whether the attachment is encrypted - `filename?: string | null` Name of the attached file - `md5?: string | null` MD5 hash of the attachment - `name?: string | null` Attachment name (alternative to filename) - `sha1?: string | null` SHA1 hash of the attachment - `sha256?: string | null` SHA256 hash of the attachment - `findings: Array | null` - `attachment?: string | null` - `detail?: string | null` - `detection?: "MALICIOUS" | "MALICIOUS-BEC" | "SUSPICIOUS" | 7 more` - `"MALICIOUS"` - `"MALICIOUS-BEC"` - `"SUSPICIOUS"` - `"SPOOF"` - `"SPAM"` - `"BULK"` - `"ENCRYPTED"` - `"EXTERNAL"` - `"UNKNOWN"` - `"NONE"` - `field?: string | null` - `name?: string | null` - `portion?: string | null` - `reason?: string | null` - `score?: number | null` - `value?: string | null` - `headers: Array
` - `name: string` - `value: string` - `links: Array` - `href: string` - `text?: string | null` - `sender_info: SenderInfo` - `as_name?: string | null` The name of the autonomous system. - `as_number?: number | null` The number of the autonomous system. - `geo?: string | null` - `ip?: string | null` - `pld?: string | null` - `threat_categories: Array` - `id?: number` - `description?: string | null` - `name?: string | null` - `validation: Validation` - `comment?: string | null` - `dkim?: "pass" | "neutral" | "fail" | 2 more` - `"pass"` - `"neutral"` - `"fail"` - `"error"` - `"none"` - `dmarc?: "pass" | "neutral" | "fail" | 2 more` - `"pass"` - `"neutral"` - `"fail"` - `"error"` - `"none"` - `spf?: "pass" | "neutral" | "fail" | 2 more` - `"pass"` - `"neutral"` - `"fail"` - `"error"` - `"none"` - `final_disposition?: "MALICIOUS" | "MALICIOUS-BEC" | "SUSPICIOUS" | 7 more` - `"MALICIOUS"` - `"MALICIOUS-BEC"` - `"SUSPICIOUS"` - `"SPOOF"` - `"SPAM"` - `"BULK"` - `"ENCRYPTED"` - `"EXTERNAL"` - `"UNKNOWN"` - `"NONE"` ### Example ```typescript import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted }); const detection = await client.emailSecurity.investigate.detections.get( '4Njp3P0STMz2c02Q-2024-01-05T10:00:00-12345678', { account_id: '023e105f4ecef8ad9ca31a8372d0c353' }, ); console.log(detection.validation); ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": { "action": "action", "attachments": [ { "size": 0, "content_type": "content_type", "detection": "MALICIOUS", "encrypted": true, "filename": "filename", "md5": "md5", "name": "name", "sha1": "sha1", "sha256": "sha256" } ], "findings": [ { "attachment": "attachment", "detail": "detail", "detection": "MALICIOUS", "field": "field", "name": "name", "portion": "portion", "reason": "reason", "score": 0, "value": "value" } ], "headers": [ { "name": "name", "value": "value" } ], "links": [ { "href": "href", "text": "text" } ], "sender_info": { "as_name": "as_name", "as_number": 0, "geo": "geo", "ip": "ip", "pld": "pld" }, "threat_categories": [ { "id": 0, "description": "description", "name": "name" } ], "validation": { "comment": "comment", "dkim": "pass", "dmarc": "pass", "spf": "pass" }, "final_disposition": "MALICIOUS" }, "success": true } ``` ## Domain Types ### Detection Get Response - `DetectionGetResponse` - `action: string` - `attachments: Array` - `size: number` Size of the attachment in bytes - `content_type?: string | null` MIME type of the attachment - `detection?: "MALICIOUS" | "MALICIOUS-BEC" | "SUSPICIOUS" | 7 more | null` Detection result for this attachment - `"MALICIOUS"` - `"MALICIOUS-BEC"` - `"SUSPICIOUS"` - `"SPOOF"` - `"SPAM"` - `"BULK"` - `"ENCRYPTED"` - `"EXTERNAL"` - `"UNKNOWN"` - `"NONE"` - `encrypted?: boolean | null` Whether the attachment is encrypted - `filename?: string | null` Name of the attached file - `md5?: string | null` MD5 hash of the attachment - `name?: string | null` Attachment name (alternative to filename) - `sha1?: string | null` SHA1 hash of the attachment - `sha256?: string | null` SHA256 hash of the attachment - `findings: Array | null` - `attachment?: string | null` - `detail?: string | null` - `detection?: "MALICIOUS" | "MALICIOUS-BEC" | "SUSPICIOUS" | 7 more` - `"MALICIOUS"` - `"MALICIOUS-BEC"` - `"SUSPICIOUS"` - `"SPOOF"` - `"SPAM"` - `"BULK"` - `"ENCRYPTED"` - `"EXTERNAL"` - `"UNKNOWN"` - `"NONE"` - `field?: string | null` - `name?: string | null` - `portion?: string | null` - `reason?: string | null` - `score?: number | null` - `value?: string | null` - `headers: Array
` - `name: string` - `value: string` - `links: Array` - `href: string` - `text?: string | null` - `sender_info: SenderInfo` - `as_name?: string | null` The name of the autonomous system. - `as_number?: number | null` The number of the autonomous system. - `geo?: string | null` - `ip?: string | null` - `pld?: string | null` - `threat_categories: Array` - `id?: number` - `description?: string | null` - `name?: string | null` - `validation: Validation` - `comment?: string | null` - `dkim?: "pass" | "neutral" | "fail" | 2 more` - `"pass"` - `"neutral"` - `"fail"` - `"error"` - `"none"` - `dmarc?: "pass" | "neutral" | "fail" | 2 more` - `"pass"` - `"neutral"` - `"fail"` - `"error"` - `"none"` - `spf?: "pass" | "neutral" | "fail" | 2 more` - `"pass"` - `"neutral"` - `"fail"` - `"error"` - `"none"` - `final_disposition?: "MALICIOUS" | "MALICIOUS-BEC" | "SUSPICIOUS" | 7 more` - `"MALICIOUS"` - `"MALICIOUS-BEC"` - `"SUSPICIOUS"` - `"SPOOF"` - `"SPAM"` - `"BULK"` - `"ENCRYPTED"` - `"EXTERNAL"` - `"UNKNOWN"` - `"NONE"` # Preview ## Get email preview `client.emailSecurity.investigate.preview.get(stringinvestigateID, PreviewGetParamsparams, RequestOptionsoptions?): PreviewGetResponse` **get** `/accounts/{account_id}/email-security/investigate/{investigate_id}/preview` Returns a preview of the message body as a base64 encoded PNG image for non-benign messages. ### Parameters - `investigateID: string` Unique identifier for a message retrieved from investigation - `params: PreviewGetParams` - `account_id: string` Identifier. ### Returns - `PreviewGetResponse` - `screenshot: string` A base64 encoded PNG image of the email. ### Example ```typescript import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted }); const preview = await client.emailSecurity.investigate.preview.get( '4Njp3P0STMz2c02Q-2024-01-05T10:00:00-12345678', { account_id: '023e105f4ecef8ad9ca31a8372d0c353' }, ); console.log(preview.screenshot); ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": { "screenshot": "screenshot" }, "success": true } ``` ## Preview for non-detection messages `client.emailSecurity.investigate.preview.create(PreviewCreateParamsparams, RequestOptionsoptions?): PreviewCreateResponse` **post** `/accounts/{account_id}/email-security/investigate/preview` Generates a preview image for a message that was not flagged as a detection. Useful for investigating benign messages. Returns a base64-encoded PNG screenshot of the email body. ### Parameters - `params: PreviewCreateParams` - `account_id: string` Path param: Identifier. - `postfix_id: string` Body param: The identifier of the message ### Returns - `PreviewCreateResponse` - `screenshot: string` A base64 encoded PNG image of the email. ### Example ```typescript import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted }); const preview = await client.emailSecurity.investigate.preview.create({ account_id: '023e105f4ecef8ad9ca31a8372d0c353', postfix_id: '4Njp3P0STMz2c02Q', }); console.log(preview.screenshot); ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": { "screenshot": "screenshot" }, "success": true } ``` ## Domain Types ### Preview Get Response - `PreviewGetResponse` - `screenshot: string` A base64 encoded PNG image of the email. ### Preview Create Response - `PreviewCreateResponse` - `screenshot: string` A base64 encoded PNG image of the email. # Raw ## Get raw email content `client.emailSecurity.investigate.raw.get(stringinvestigateID, RawGetParamsparams, RequestOptionsoptions?): RawGetResponse` **get** `/accounts/{account_id}/email-security/investigate/{investigate_id}/raw` Returns the raw eml of any non-benign message. ### Parameters - `investigateID: string` Unique identifier for a message retrieved from investigation - `params: RawGetParams` - `account_id: string` Identifier. ### Returns - `RawGetResponse` - `raw: string` A UTF-8 encoded eml file of the email. ### Example ```typescript import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted }); const raw = await client.emailSecurity.investigate.raw.get( '4Njp3P0STMz2c02Q-2024-01-05T10:00:00-12345678', { account_id: '023e105f4ecef8ad9ca31a8372d0c353' }, ); console.log(raw.raw); ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": { "raw": "raw" }, "success": true } ``` ## Domain Types ### Raw Get Response - `RawGetResponse` - `raw: string` A UTF-8 encoded eml file of the email. # Trace ## Get email trace `client.emailSecurity.investigate.trace.get(stringinvestigateID, TraceGetParamsparams, RequestOptionsoptions?): TraceGetResponse` **get** `/accounts/{account_id}/email-security/investigate/{investigate_id}/trace` Retrieves delivery and processing trace information for an email message. Shows the delivery path, retraction history, and move operations performed on the message. Useful for debugging delivery issues. ### Parameters - `investigateID: string` Unique identifier for a message retrieved from investigation - `params: TraceGetParams` - `account_id: string` Identifier. ### Returns - `TraceGetResponse` - `inbound: Inbound` - `lines?: Array | null` - `lineno?: number` Line number in the trace log - `logged_at?: string | null` - `message?: string` - `ts?: string` Deprecated, use `logged_at` instead. End of life: November 1, 2026. - `pending?: boolean | null` - `outbound: Outbound` - `lines?: Array | null` - `lineno?: number` Line number in the trace log - `logged_at?: string | null` - `message?: string` - `ts?: string` Deprecated, use `logged_at` instead. End of life: November 1, 2026. - `pending?: boolean | null` ### Example ```typescript import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted }); const trace = await client.emailSecurity.investigate.trace.get( '4Njp3P0STMz2c02Q-2024-01-05T10:00:00-12345678', { account_id: '023e105f4ecef8ad9ca31a8372d0c353' }, ); console.log(trace.inbound); ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": { "inbound": { "lines": [ { "lineno": 0, "logged_at": "2019-12-27T18:11:19.117Z", "message": "message", "ts": "ts" } ], "pending": true }, "outbound": { "lines": [ { "lineno": 0, "logged_at": "2019-12-27T18:11:19.117Z", "message": "message", "ts": "ts" } ], "pending": true } }, "success": true } ``` ## Domain Types ### Trace Get Response - `TraceGetResponse` - `inbound: Inbound` - `lines?: Array | null` - `lineno?: number` Line number in the trace log - `logged_at?: string | null` - `message?: string` - `ts?: string` Deprecated, use `logged_at` instead. End of life: November 1, 2026. - `pending?: boolean | null` - `outbound: Outbound` - `lines?: Array | null` - `lineno?: number` Line number in the trace log - `logged_at?: string | null` - `message?: string` - `ts?: string` Deprecated, use `logged_at` instead. End of life: November 1, 2026. - `pending?: boolean | null` # Move ## Move a message `client.emailSecurity.investigate.move.create(stringinvestigateID, MoveCreateParamsparams, RequestOptionsoptions?): SinglePage` **post** `/accounts/{account_id}/email-security/investigate/{investigate_id}/move` Moves a single message to a specified mailbox folder (Inbox, JunkEmail, DeletedItems, RecoverableItemsDeletions, or RecoverableItemsPurges). Requires active integration. ### Parameters - `investigateID: string` Unique identifier for a message retrieved from investigation - `params: MoveCreateParams` - `account_id: string` Path param: Identifier. - `destination: "Inbox" | "JunkEmail" | "DeletedItems" | 2 more` Body param - `"Inbox"` - `"JunkEmail"` - `"DeletedItems"` - `"RecoverableItemsDeletions"` - `"RecoverableItemsPurges"` - `expected_disposition?: "MALICIOUS" | "MALICIOUS-BEC" | "SUSPICIOUS" | 7 more` Body param - `"MALICIOUS"` - `"MALICIOUS-BEC"` - `"SUSPICIOUS"` - `"SPOOF"` - `"SPAM"` - `"BULK"` - `"ENCRYPTED"` - `"EXTERNAL"` - `"UNKNOWN"` - `"NONE"` ### Returns - `MoveCreateResponse` - `success: boolean` Whether the operation succeeded - `completed_at?: string | null` When the move operation completed (UTC) - `completed_timestamp?: string` Deprecated, use `completed_at` instead. End of life: November 1, 2026. - `destination?: string | null` Destination folder for the message - `item_count?: number` Number of items moved. End of life: November 1, 2026. - `message_id?: string | null` Message identifier - `operation?: string | null` Type of operation performed - `recipient?: string | null` Recipient email address - `status?: string | null` Operation status ### Example ```typescript import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted }); // Automatically fetches more pages as needed. for await (const moveCreateResponse of client.emailSecurity.investigate.move.create( '4Njp3P0STMz2c02Q-2024-01-05T10:00:00-12345678', { account_id: '023e105f4ecef8ad9ca31a8372d0c353', destination: 'Inbox' }, )) { console.log(moveCreateResponse.message_id); } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": [ { "success": true, "completed_at": "2019-12-27T18:11:19.117Z", "completed_timestamp": "2019-12-27T18:11:19.117Z", "destination": "destination", "item_count": 0, "message_id": "message_id", "operation": "operation", "recipient": "recipient", "status": "status" } ], "success": true } ``` ## Move multiple messages `client.emailSecurity.investigate.move.bulk(MoveBulkParamsparams, RequestOptionsoptions?): SinglePage` **post** `/accounts/{account_id}/email-security/investigate/move` Moves multiple messages to a specified mailbox folder (Inbox, JunkEmail, DeletedItems, RecoverableItemsDeletions, or RecoverableItemsPurges). Requires active integration. ### Parameters - `params: MoveBulkParams` - `account_id: string` Path param: Identifier. - `destination: "Inbox" | "JunkEmail" | "DeletedItems" | 2 more` Body param - `"Inbox"` - `"JunkEmail"` - `"DeletedItems"` - `"RecoverableItemsDeletions"` - `"RecoverableItemsPurges"` - `expected_disposition?: "MALICIOUS" | "MALICIOUS-BEC" | "SUSPICIOUS" | 7 more` Body param - `"MALICIOUS"` - `"MALICIOUS-BEC"` - `"SUSPICIOUS"` - `"SPOOF"` - `"SPAM"` - `"BULK"` - `"ENCRYPTED"` - `"EXTERNAL"` - `"UNKNOWN"` - `"NONE"` - `ids?: Array` Body param: List of message IDs to move - `postfix_ids?: Array` Body param: Deprecated, use `ids` instead. End of life: November 1, 2026. List of message IDs to move. ### Returns - `MoveBulkResponse` - `success: boolean` Whether the operation succeeded - `completed_at?: string | null` When the move operation completed (UTC) - `completed_timestamp?: string` Deprecated, use `completed_at` instead. End of life: November 1, 2026. - `destination?: string | null` Destination folder for the message - `item_count?: number` Number of items moved. End of life: November 1, 2026. - `message_id?: string | null` Message identifier - `operation?: string | null` Type of operation performed - `recipient?: string | null` Recipient email address - `status?: string | null` Operation status ### Example ```typescript import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted }); // Automatically fetches more pages as needed. for await (const moveBulkResponse of client.emailSecurity.investigate.move.bulk({ account_id: '023e105f4ecef8ad9ca31a8372d0c353', destination: 'Inbox', })) { console.log(moveBulkResponse.message_id); } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": [ { "success": true, "completed_at": "2019-12-27T18:11:19.117Z", "completed_timestamp": "2019-12-27T18:11:19.117Z", "destination": "destination", "item_count": 0, "message_id": "message_id", "operation": "operation", "recipient": "recipient", "status": "status" } ], "success": true } ``` ## Domain Types ### Move Create Response - `MoveCreateResponse` - `success: boolean` Whether the operation succeeded - `completed_at?: string | null` When the move operation completed (UTC) - `completed_timestamp?: string` Deprecated, use `completed_at` instead. End of life: November 1, 2026. - `destination?: string | null` Destination folder for the message - `item_count?: number` Number of items moved. End of life: November 1, 2026. - `message_id?: string | null` Message identifier - `operation?: string | null` Type of operation performed - `recipient?: string | null` Recipient email address - `status?: string | null` Operation status ### Move Bulk Response - `MoveBulkResponse` - `success: boolean` Whether the operation succeeded - `completed_at?: string | null` When the move operation completed (UTC) - `completed_timestamp?: string` Deprecated, use `completed_at` instead. End of life: November 1, 2026. - `destination?: string | null` Destination folder for the message - `item_count?: number` Number of items moved. End of life: November 1, 2026. - `message_id?: string | null` Message identifier - `operation?: string | null` Type of operation performed - `recipient?: string | null` Recipient email address - `status?: string | null` Operation status # Reclassify ## Change email classification `client.emailSecurity.investigate.reclassify.create(stringinvestigateID, ReclassifyCreateParamsparams, RequestOptionsoptions?): ReclassifyCreateResponse` **post** `/accounts/{account_id}/email-security/investigate/{investigate_id}/reclassify` Submits a request to reclassify an email's disposition. Use for reporting false positives or false negatives. Optionally provide the raw EML content for reanalysis. The reclassification is processed asynchronously. ### Parameters - `investigateID: string` Unique identifier for a message retrieved from investigation - `params: ReclassifyCreateParams` - `account_id: string` Path param: Identifier. - `expected_disposition: "NONE" | "BULK" | "MALICIOUS" | 3 more` Body param - `"NONE"` - `"BULK"` - `"MALICIOUS"` - `"SPAM"` - `"SPOOF"` - `"SUSPICIOUS"` - `eml_content?: string` Body param: Base64 encoded content of the EML file. - `escalated_submission_id?: string` Body param ### Returns - `ReclassifyCreateResponse = unknown` ### Example ```typescript import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted }); const reclassify = await client.emailSecurity.investigate.reclassify.create( '4Njp3P0STMz2c02Q-2024-01-05T10:00:00-12345678', { account_id: '023e105f4ecef8ad9ca31a8372d0c353', expected_disposition: 'NONE' }, ); console.log(reclassify); ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": {}, "success": true } ``` ## Domain Types ### Reclassify Create Response - `ReclassifyCreateResponse = unknown` # Release ## Release messages from quarantine `client.emailSecurity.investigate.release.bulk(ReleaseBulkParamsparams, RequestOptionsoptions?): SinglePage` **post** `/accounts/{account_id}/email-security/investigate/release` Releases one or more quarantined messages, delivering them to the intended recipients. Use when a message was incorrectly quarantined. Returns delivery status for each recipient. ### Parameters - `params: ReleaseBulkParams` - `account_id: string` Path param: Identifier. - `body: Array` Body param ### Returns - `ReleaseBulkResponse` - `id: string` Unique identifier for a message retrieved from investigation - `delivered?: Array | null` - `failed?: Array | null` - `postfix_id?: string` Deprecated, use `id` instead. End of life: November 1, 2026. - `undelivered?: Array | null` ### Example ```typescript import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted }); // Automatically fetches more pages as needed. for await (const releaseBulkResponse of client.emailSecurity.investigate.release.bulk({ account_id: '023e105f4ecef8ad9ca31a8372d0c353', body: ['4Njp3P0STMz2c02Q-2024-01-05T10:00:00-12345678'], })) { console.log(releaseBulkResponse.id); } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": [ { "id": "4Njp3P0STMz2c02Q-2024-01-05T10:00:00-12345678", "delivered": [ "string" ], "failed": [ "string" ], "postfix_id": "4Njp3P0STMz2c02Q", "undelivered": [ "string" ] } ], "success": true } ``` ## Domain Types ### Release Bulk Response - `ReleaseBulkResponse` - `id: string` Unique identifier for a message retrieved from investigation - `delivered?: Array | null` - `failed?: Array | null` - `postfix_id?: string` Deprecated, use `id` instead. End of life: November 1, 2026. - `undelivered?: Array | null` # Bulk ## List bulk action jobs `client.emailSecurity.investigate.bulk.list(BulkListParamsparams, RequestOptionsoptions?): V4PagePaginationArray` **get** `/accounts/{account_id}/email-security/investigate/bulk` Returns a paginated list of bulk action jobs for the account. ### Parameters - `params: BulkListParams` - `account_id: string` Path param: Identifier. - `action_type?: "MOVE" | "RELEASE"` Query param - `"MOVE"` - `"RELEASE"` - `page?: number` Query param: Current page within paginated list of results. - `per_page?: number` Query param: The number of results per page. Maximum value is 1000. - `status?: "PENDING" | "DISCOVERING" | "PROCESSING" | 4 more` Query param - `"PENDING"` - `"DISCOVERING"` - `"PROCESSING"` - `"COMPLETED"` - `"FAILED"` - `"CANCELLED"` - `"SKIPPED"` ### Returns - `BulkListResponse` - `action_params: Move | Release` - `Move` - `destination: "Inbox" | "JunkEmail" | "DeletedItems" | 2 more` - `"Inbox"` - `"JunkEmail"` - `"DeletedItems"` - `"RecoverableItemsDeletions"` - `"RecoverableItemsPurges"` - `type: "MOVE"` - `"MOVE"` - `expected_disposition?: "MALICIOUS" | "MALICIOUS-BEC" | "SUSPICIOUS" | 7 more` - `"MALICIOUS"` - `"MALICIOUS-BEC"` - `"SUSPICIOUS"` - `"SPOOF"` - `"SPAM"` - `"BULK"` - `"ENCRYPTED"` - `"EXTERNAL"` - `"UNKNOWN"` - `"NONE"` - `Release` - `type: "RELEASE"` - `"RELEASE"` - `action_type: "MOVE" | "RELEASE"` - `"MOVE"` - `"RELEASE"` - `created_at: string` - `job_id: string` - `messages_failed: number` - `messages_pending: number` - `messages_successful: number` - `search_params: SearchParams` - `action_log?: boolean` Deprecated, use `GET /investigate/{investigate_id}/action_log` instead. End of life: November 1, 2026. - `alert_id?: string | null` - `delivery_status?: "delivered" | "moved" | "quarantined" | 4 more` Delivery status of the message. - `"delivered"` - `"moved"` - `"quarantined"` - `"rejected"` - `"deferred"` - `"bounced"` - `"queued"` - `detections_only?: boolean` - `domain?: string | null` - `end?: string` End of search date range - `exact_subject?: string | null` - `final_disposition?: "MALICIOUS" | "MALICIOUS-BEC" | "SUSPICIOUS" | 7 more` - `"MALICIOUS"` - `"MALICIOUS-BEC"` - `"SUSPICIOUS"` - `"SPOOF"` - `"SPAM"` - `"BULK"` - `"ENCRYPTED"` - `"EXTERNAL"` - `"UNKNOWN"` - `"NONE"` - `message_action?: "PREVIEW" | "QUARANTINE_RELEASED" | "MOVED" | null` - `"PREVIEW"` - `"QUARANTINE_RELEASED"` - `"MOVED"` - `message_id?: string | null` - `metric?: string | null` - `query?: string | null` - `recipient?: string | null` - `sender?: string | null` - `start?: string` Beginning of search date range - `subject?: string | null` - `submissions?: boolean` - `status: "PENDING" | "DISCOVERING" | "PROCESSING" | 4 more` - `"PENDING"` - `"DISCOVERING"` - `"PROCESSING"` - `"COMPLETED"` - `"FAILED"` - `"CANCELLED"` - `"SKIPPED"` - `total_messages_discovered: number` - `comment?: string | null` - `completed_at?: string | null` - `started_at?: string | null` - `status_message?: string | null` ### Example ```typescript import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted }); // Automatically fetches more pages as needed. for await (const bulkListResponse of client.emailSecurity.investigate.bulk.list({ account_id: '023e105f4ecef8ad9ca31a8372d0c353', })) { console.log(bulkListResponse.job_id); } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": [ { "action_params": { "destination": "Inbox", "type": "MOVE", "expected_disposition": "MALICIOUS" }, "action_type": "MOVE", "created_at": "2019-12-27T18:11:19.117Z", "job_id": "182bd5e5-6e1a-4fe4-a799-aa6d9a6ab26e", "messages_failed": 0, "messages_pending": 0, "messages_successful": 0, "search_params": { "action_log": true, "alert_id": "alert_id", "delivery_status": "delivered", "detections_only": true, "domain": "domain", "end": "2022-07-25T14:30:00Z", "exact_subject": "exact_subject", "final_disposition": "MALICIOUS", "message_action": "PREVIEW", "message_id": "message_id", "metric": "metric", "query": "query", "recipient": "recipient", "sender": "sender", "start": "2022-06-25T14:30:00Z", "subject": "subject", "submissions": true }, "status": "PENDING", "total_messages_discovered": 0, "comment": "comment", "completed_at": "2019-12-27T18:11:19.117Z", "started_at": "2019-12-27T18:11:19.117Z", "status_message": "status_message" } ], "result_info": { "count": 0, "per_page": 0, "total_count": 0, "next": "next", "page": 0, "previous": "previous" }, "success": true } ``` ## Create a bulk action job `client.emailSecurity.investigate.bulk.create(BulkCreateParamsparams, RequestOptionsoptions?): BulkCreateResponse` **post** `/accounts/{account_id}/email-security/investigate/bulk` Creates a new bulk action job to move or release messages that match the provided search parameters. ### Parameters - `params: BulkCreateParams` - `account_id: string` Path param: Identifier. - `action: "MOVE" | "RELEASE"` Body param - `"MOVE"` - `"RELEASE"` - `search_params: SearchParams` Body param - `action_log?: boolean` Deprecated, use `GET /investigate/{investigate_id}/action_log` instead. End of life: November 1, 2026. - `alert_id?: string | null` - `delivery_status?: "delivered" | "moved" | "quarantined" | 4 more` Delivery status of the message. - `"delivered"` - `"moved"` - `"quarantined"` - `"rejected"` - `"deferred"` - `"bounced"` - `"queued"` - `detections_only?: boolean` - `domain?: string | null` - `end?: string` End of search date range - `exact_subject?: string | null` - `final_disposition?: "MALICIOUS" | "MALICIOUS-BEC" | "SUSPICIOUS" | 7 more` - `"MALICIOUS"` - `"MALICIOUS-BEC"` - `"SUSPICIOUS"` - `"SPOOF"` - `"SPAM"` - `"BULK"` - `"ENCRYPTED"` - `"EXTERNAL"` - `"UNKNOWN"` - `"NONE"` - `message_action?: "PREVIEW" | "QUARANTINE_RELEASED" | "MOVED" | null` - `"PREVIEW"` - `"QUARANTINE_RELEASED"` - `"MOVED"` - `message_id?: string | null` - `metric?: string | null` - `query?: string | null` - `recipient?: string | null` - `sender?: string | null` - `start?: string` Beginning of search date range - `subject?: string | null` - `submissions?: boolean` - `comment?: string | null` Body param - `destination?: "Inbox" | "JunkEmail" | "DeletedItems" | 2 more` Body param - `"Inbox"` - `"JunkEmail"` - `"DeletedItems"` - `"RecoverableItemsDeletions"` - `"RecoverableItemsPurges"` - `expected_disposition?: "MALICIOUS" | "MALICIOUS-BEC" | "SUSPICIOUS" | 7 more` Body param - `"MALICIOUS"` - `"MALICIOUS-BEC"` - `"SUSPICIOUS"` - `"SPOOF"` - `"SPAM"` - `"BULK"` - `"ENCRYPTED"` - `"EXTERNAL"` - `"UNKNOWN"` - `"NONE"` ### Returns - `BulkCreateResponse` - `action_params: Move | Release` - `Move` - `destination: "Inbox" | "JunkEmail" | "DeletedItems" | 2 more` - `"Inbox"` - `"JunkEmail"` - `"DeletedItems"` - `"RecoverableItemsDeletions"` - `"RecoverableItemsPurges"` - `type: "MOVE"` - `"MOVE"` - `expected_disposition?: "MALICIOUS" | "MALICIOUS-BEC" | "SUSPICIOUS" | 7 more` - `"MALICIOUS"` - `"MALICIOUS-BEC"` - `"SUSPICIOUS"` - `"SPOOF"` - `"SPAM"` - `"BULK"` - `"ENCRYPTED"` - `"EXTERNAL"` - `"UNKNOWN"` - `"NONE"` - `Release` - `type: "RELEASE"` - `"RELEASE"` - `action_type: "MOVE" | "RELEASE"` - `"MOVE"` - `"RELEASE"` - `created_at: string` - `job_id: string` - `messages_failed: number` - `messages_pending: number` - `messages_successful: number` - `search_params: SearchParams` - `action_log?: boolean` Deprecated, use `GET /investigate/{investigate_id}/action_log` instead. End of life: November 1, 2026. - `alert_id?: string | null` - `delivery_status?: "delivered" | "moved" | "quarantined" | 4 more` Delivery status of the message. - `"delivered"` - `"moved"` - `"quarantined"` - `"rejected"` - `"deferred"` - `"bounced"` - `"queued"` - `detections_only?: boolean` - `domain?: string | null` - `end?: string` End of search date range - `exact_subject?: string | null` - `final_disposition?: "MALICIOUS" | "MALICIOUS-BEC" | "SUSPICIOUS" | 7 more` - `"MALICIOUS"` - `"MALICIOUS-BEC"` - `"SUSPICIOUS"` - `"SPOOF"` - `"SPAM"` - `"BULK"` - `"ENCRYPTED"` - `"EXTERNAL"` - `"UNKNOWN"` - `"NONE"` - `message_action?: "PREVIEW" | "QUARANTINE_RELEASED" | "MOVED" | null` - `"PREVIEW"` - `"QUARANTINE_RELEASED"` - `"MOVED"` - `message_id?: string | null` - `metric?: string | null` - `query?: string | null` - `recipient?: string | null` - `sender?: string | null` - `start?: string` Beginning of search date range - `subject?: string | null` - `submissions?: boolean` - `status: "PENDING" | "DISCOVERING" | "PROCESSING" | 4 more` - `"PENDING"` - `"DISCOVERING"` - `"PROCESSING"` - `"COMPLETED"` - `"FAILED"` - `"CANCELLED"` - `"SKIPPED"` - `total_messages_discovered: number` - `comment?: string | null` - `completed_at?: string | null` - `started_at?: string | null` - `status_message?: string | null` ### Example ```typescript import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted }); const bulk = await client.emailSecurity.investigate.bulk.create({ account_id: '023e105f4ecef8ad9ca31a8372d0c353', action: 'MOVE', search_params: {}, }); console.log(bulk.job_id); ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": { "action_params": { "destination": "Inbox", "type": "MOVE", "expected_disposition": "MALICIOUS" }, "action_type": "MOVE", "created_at": "2019-12-27T18:11:19.117Z", "job_id": "182bd5e5-6e1a-4fe4-a799-aa6d9a6ab26e", "messages_failed": 0, "messages_pending": 0, "messages_successful": 0, "search_params": { "action_log": true, "alert_id": "alert_id", "delivery_status": "delivered", "detections_only": true, "domain": "domain", "end": "2022-07-25T14:30:00Z", "exact_subject": "exact_subject", "final_disposition": "MALICIOUS", "message_action": "PREVIEW", "message_id": "message_id", "metric": "metric", "query": "query", "recipient": "recipient", "sender": "sender", "start": "2022-06-25T14:30:00Z", "subject": "subject", "submissions": true }, "status": "PENDING", "total_messages_discovered": 0, "comment": "comment", "completed_at": "2019-12-27T18:11:19.117Z", "started_at": "2019-12-27T18:11:19.117Z", "status_message": "status_message" }, "success": true } ``` ## Get bulk action job details `client.emailSecurity.investigate.bulk.get(stringjobID, BulkGetParamsparams, RequestOptionsoptions?): BulkGetResponse` **get** `/accounts/{account_id}/email-security/investigate/bulk/{job_id}` Returns the status and details of a specific bulk action job. ### Parameters - `jobID: string` - `params: BulkGetParams` - `account_id: string` Identifier. ### Returns - `BulkGetResponse` - `action_params: Move | Release` - `Move` - `destination: "Inbox" | "JunkEmail" | "DeletedItems" | 2 more` - `"Inbox"` - `"JunkEmail"` - `"DeletedItems"` - `"RecoverableItemsDeletions"` - `"RecoverableItemsPurges"` - `type: "MOVE"` - `"MOVE"` - `expected_disposition?: "MALICIOUS" | "MALICIOUS-BEC" | "SUSPICIOUS" | 7 more` - `"MALICIOUS"` - `"MALICIOUS-BEC"` - `"SUSPICIOUS"` - `"SPOOF"` - `"SPAM"` - `"BULK"` - `"ENCRYPTED"` - `"EXTERNAL"` - `"UNKNOWN"` - `"NONE"` - `Release` - `type: "RELEASE"` - `"RELEASE"` - `action_type: "MOVE" | "RELEASE"` - `"MOVE"` - `"RELEASE"` - `created_at: string` - `job_id: string` - `messages_failed: number` - `messages_pending: number` - `messages_successful: number` - `search_params: SearchParams` - `action_log?: boolean` Deprecated, use `GET /investigate/{investigate_id}/action_log` instead. End of life: November 1, 2026. - `alert_id?: string | null` - `delivery_status?: "delivered" | "moved" | "quarantined" | 4 more` Delivery status of the message. - `"delivered"` - `"moved"` - `"quarantined"` - `"rejected"` - `"deferred"` - `"bounced"` - `"queued"` - `detections_only?: boolean` - `domain?: string | null` - `end?: string` End of search date range - `exact_subject?: string | null` - `final_disposition?: "MALICIOUS" | "MALICIOUS-BEC" | "SUSPICIOUS" | 7 more` - `"MALICIOUS"` - `"MALICIOUS-BEC"` - `"SUSPICIOUS"` - `"SPOOF"` - `"SPAM"` - `"BULK"` - `"ENCRYPTED"` - `"EXTERNAL"` - `"UNKNOWN"` - `"NONE"` - `message_action?: "PREVIEW" | "QUARANTINE_RELEASED" | "MOVED" | null` - `"PREVIEW"` - `"QUARANTINE_RELEASED"` - `"MOVED"` - `message_id?: string | null` - `metric?: string | null` - `query?: string | null` - `recipient?: string | null` - `sender?: string | null` - `start?: string` Beginning of search date range - `subject?: string | null` - `submissions?: boolean` - `status: "PENDING" | "DISCOVERING" | "PROCESSING" | 4 more` - `"PENDING"` - `"DISCOVERING"` - `"PROCESSING"` - `"COMPLETED"` - `"FAILED"` - `"CANCELLED"` - `"SKIPPED"` - `total_messages_discovered: number` - `comment?: string | null` - `completed_at?: string | null` - `started_at?: string | null` - `status_message?: string | null` ### Example ```typescript import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted }); const bulk = await client.emailSecurity.investigate.bulk.get( '182bd5e5-6e1a-4fe4-a799-aa6d9a6ab26e', { account_id: '023e105f4ecef8ad9ca31a8372d0c353' }, ); console.log(bulk.job_id); ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": { "action_params": { "destination": "Inbox", "type": "MOVE", "expected_disposition": "MALICIOUS" }, "action_type": "MOVE", "created_at": "2019-12-27T18:11:19.117Z", "job_id": "182bd5e5-6e1a-4fe4-a799-aa6d9a6ab26e", "messages_failed": 0, "messages_pending": 0, "messages_successful": 0, "search_params": { "action_log": true, "alert_id": "alert_id", "delivery_status": "delivered", "detections_only": true, "domain": "domain", "end": "2022-07-25T14:30:00Z", "exact_subject": "exact_subject", "final_disposition": "MALICIOUS", "message_action": "PREVIEW", "message_id": "message_id", "metric": "metric", "query": "query", "recipient": "recipient", "sender": "sender", "start": "2022-06-25T14:30:00Z", "subject": "subject", "submissions": true }, "status": "PENDING", "total_messages_discovered": 0, "comment": "comment", "completed_at": "2019-12-27T18:11:19.117Z", "started_at": "2019-12-27T18:11:19.117Z", "status_message": "status_message" }, "success": true } ``` ## Delete a bulk action job `client.emailSecurity.investigate.bulk.delete(stringjobID, BulkDeleteParamsparams, RequestOptionsoptions?): BulkDeleteResponse` **delete** `/accounts/{account_id}/email-security/investigate/bulk/{job_id}` Deletes the job, removing it from all list and detail endpoints. Only jobs in a terminal state (`COMPLETED`, `CANCELLED`, `FAILED`, or `SKIPPED`) can be deleted. To stop an in-progress job without removing it, use the cancel endpoint instead. ### Parameters - `jobID: string` - `params: BulkDeleteParams` - `account_id: string` Identifier. ### Returns - `BulkDeleteResponse` - `id: string` ### Example ```typescript import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted }); const bulk = await client.emailSecurity.investigate.bulk.delete( '182bd5e5-6e1a-4fe4-a799-aa6d9a6ab26e', { account_id: '023e105f4ecef8ad9ca31a8372d0c353' }, ); console.log(bulk.id); ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": { "id": "182bd5e5-6e1a-4fe4-a799-aa6d9a6ab26e" }, "success": true } ``` ## Domain Types ### Bulk List Response - `BulkListResponse` - `action_params: Move | Release` - `Move` - `destination: "Inbox" | "JunkEmail" | "DeletedItems" | 2 more` - `"Inbox"` - `"JunkEmail"` - `"DeletedItems"` - `"RecoverableItemsDeletions"` - `"RecoverableItemsPurges"` - `type: "MOVE"` - `"MOVE"` - `expected_disposition?: "MALICIOUS" | "MALICIOUS-BEC" | "SUSPICIOUS" | 7 more` - `"MALICIOUS"` - `"MALICIOUS-BEC"` - `"SUSPICIOUS"` - `"SPOOF"` - `"SPAM"` - `"BULK"` - `"ENCRYPTED"` - `"EXTERNAL"` - `"UNKNOWN"` - `"NONE"` - `Release` - `type: "RELEASE"` - `"RELEASE"` - `action_type: "MOVE" | "RELEASE"` - `"MOVE"` - `"RELEASE"` - `created_at: string` - `job_id: string` - `messages_failed: number` - `messages_pending: number` - `messages_successful: number` - `search_params: SearchParams` - `action_log?: boolean` Deprecated, use `GET /investigate/{investigate_id}/action_log` instead. End of life: November 1, 2026. - `alert_id?: string | null` - `delivery_status?: "delivered" | "moved" | "quarantined" | 4 more` Delivery status of the message. - `"delivered"` - `"moved"` - `"quarantined"` - `"rejected"` - `"deferred"` - `"bounced"` - `"queued"` - `detections_only?: boolean` - `domain?: string | null` - `end?: string` End of search date range - `exact_subject?: string | null` - `final_disposition?: "MALICIOUS" | "MALICIOUS-BEC" | "SUSPICIOUS" | 7 more` - `"MALICIOUS"` - `"MALICIOUS-BEC"` - `"SUSPICIOUS"` - `"SPOOF"` - `"SPAM"` - `"BULK"` - `"ENCRYPTED"` - `"EXTERNAL"` - `"UNKNOWN"` - `"NONE"` - `message_action?: "PREVIEW" | "QUARANTINE_RELEASED" | "MOVED" | null` - `"PREVIEW"` - `"QUARANTINE_RELEASED"` - `"MOVED"` - `message_id?: string | null` - `metric?: string | null` - `query?: string | null` - `recipient?: string | null` - `sender?: string | null` - `start?: string` Beginning of search date range - `subject?: string | null` - `submissions?: boolean` - `status: "PENDING" | "DISCOVERING" | "PROCESSING" | 4 more` - `"PENDING"` - `"DISCOVERING"` - `"PROCESSING"` - `"COMPLETED"` - `"FAILED"` - `"CANCELLED"` - `"SKIPPED"` - `total_messages_discovered: number` - `comment?: string | null` - `completed_at?: string | null` - `started_at?: string | null` - `status_message?: string | null` ### Bulk Create Response - `BulkCreateResponse` - `action_params: Move | Release` - `Move` - `destination: "Inbox" | "JunkEmail" | "DeletedItems" | 2 more` - `"Inbox"` - `"JunkEmail"` - `"DeletedItems"` - `"RecoverableItemsDeletions"` - `"RecoverableItemsPurges"` - `type: "MOVE"` - `"MOVE"` - `expected_disposition?: "MALICIOUS" | "MALICIOUS-BEC" | "SUSPICIOUS" | 7 more` - `"MALICIOUS"` - `"MALICIOUS-BEC"` - `"SUSPICIOUS"` - `"SPOOF"` - `"SPAM"` - `"BULK"` - `"ENCRYPTED"` - `"EXTERNAL"` - `"UNKNOWN"` - `"NONE"` - `Release` - `type: "RELEASE"` - `"RELEASE"` - `action_type: "MOVE" | "RELEASE"` - `"MOVE"` - `"RELEASE"` - `created_at: string` - `job_id: string` - `messages_failed: number` - `messages_pending: number` - `messages_successful: number` - `search_params: SearchParams` - `action_log?: boolean` Deprecated, use `GET /investigate/{investigate_id}/action_log` instead. End of life: November 1, 2026. - `alert_id?: string | null` - `delivery_status?: "delivered" | "moved" | "quarantined" | 4 more` Delivery status of the message. - `"delivered"` - `"moved"` - `"quarantined"` - `"rejected"` - `"deferred"` - `"bounced"` - `"queued"` - `detections_only?: boolean` - `domain?: string | null` - `end?: string` End of search date range - `exact_subject?: string | null` - `final_disposition?: "MALICIOUS" | "MALICIOUS-BEC" | "SUSPICIOUS" | 7 more` - `"MALICIOUS"` - `"MALICIOUS-BEC"` - `"SUSPICIOUS"` - `"SPOOF"` - `"SPAM"` - `"BULK"` - `"ENCRYPTED"` - `"EXTERNAL"` - `"UNKNOWN"` - `"NONE"` - `message_action?: "PREVIEW" | "QUARANTINE_RELEASED" | "MOVED" | null` - `"PREVIEW"` - `"QUARANTINE_RELEASED"` - `"MOVED"` - `message_id?: string | null` - `metric?: string | null` - `query?: string | null` - `recipient?: string | null` - `sender?: string | null` - `start?: string` Beginning of search date range - `subject?: string | null` - `submissions?: boolean` - `status: "PENDING" | "DISCOVERING" | "PROCESSING" | 4 more` - `"PENDING"` - `"DISCOVERING"` - `"PROCESSING"` - `"COMPLETED"` - `"FAILED"` - `"CANCELLED"` - `"SKIPPED"` - `total_messages_discovered: number` - `comment?: string | null` - `completed_at?: string | null` - `started_at?: string | null` - `status_message?: string | null` ### Bulk Get Response - `BulkGetResponse` - `action_params: Move | Release` - `Move` - `destination: "Inbox" | "JunkEmail" | "DeletedItems" | 2 more` - `"Inbox"` - `"JunkEmail"` - `"DeletedItems"` - `"RecoverableItemsDeletions"` - `"RecoverableItemsPurges"` - `type: "MOVE"` - `"MOVE"` - `expected_disposition?: "MALICIOUS" | "MALICIOUS-BEC" | "SUSPICIOUS" | 7 more` - `"MALICIOUS"` - `"MALICIOUS-BEC"` - `"SUSPICIOUS"` - `"SPOOF"` - `"SPAM"` - `"BULK"` - `"ENCRYPTED"` - `"EXTERNAL"` - `"UNKNOWN"` - `"NONE"` - `Release` - `type: "RELEASE"` - `"RELEASE"` - `action_type: "MOVE" | "RELEASE"` - `"MOVE"` - `"RELEASE"` - `created_at: string` - `job_id: string` - `messages_failed: number` - `messages_pending: number` - `messages_successful: number` - `search_params: SearchParams` - `action_log?: boolean` Deprecated, use `GET /investigate/{investigate_id}/action_log` instead. End of life: November 1, 2026. - `alert_id?: string | null` - `delivery_status?: "delivered" | "moved" | "quarantined" | 4 more` Delivery status of the message. - `"delivered"` - `"moved"` - `"quarantined"` - `"rejected"` - `"deferred"` - `"bounced"` - `"queued"` - `detections_only?: boolean` - `domain?: string | null` - `end?: string` End of search date range - `exact_subject?: string | null` - `final_disposition?: "MALICIOUS" | "MALICIOUS-BEC" | "SUSPICIOUS" | 7 more` - `"MALICIOUS"` - `"MALICIOUS-BEC"` - `"SUSPICIOUS"` - `"SPOOF"` - `"SPAM"` - `"BULK"` - `"ENCRYPTED"` - `"EXTERNAL"` - `"UNKNOWN"` - `"NONE"` - `message_action?: "PREVIEW" | "QUARANTINE_RELEASED" | "MOVED" | null` - `"PREVIEW"` - `"QUARANTINE_RELEASED"` - `"MOVED"` - `message_id?: string | null` - `metric?: string | null` - `query?: string | null` - `recipient?: string | null` - `sender?: string | null` - `start?: string` Beginning of search date range - `subject?: string | null` - `submissions?: boolean` - `status: "PENDING" | "DISCOVERING" | "PROCESSING" | 4 more` - `"PENDING"` - `"DISCOVERING"` - `"PROCESSING"` - `"COMPLETED"` - `"FAILED"` - `"CANCELLED"` - `"SKIPPED"` - `total_messages_discovered: number` - `comment?: string | null` - `completed_at?: string | null` - `started_at?: string | null` - `status_message?: string | null` ### Bulk Delete Response - `BulkDeleteResponse` - `id: string` # Cancel ## Cancel a bulk action job `client.emailSecurity.investigate.bulk.cancel.create(stringjobID, CancelCreateParamsparams, RequestOptionsoptions?): CancelCreateResponse` **post** `/accounts/{account_id}/email-security/investigate/bulk/{job_id}/cancel` Marks the job as cancelled and stops any pending message processing. The job record remains visible in list and detail endpoints. ### Parameters - `jobID: string` - `params: CancelCreateParams` - `account_id: string` Identifier. ### Returns - `CancelCreateResponse` - `action_params: Move | Release` - `Move` - `destination: "Inbox" | "JunkEmail" | "DeletedItems" | 2 more` - `"Inbox"` - `"JunkEmail"` - `"DeletedItems"` - `"RecoverableItemsDeletions"` - `"RecoverableItemsPurges"` - `type: "MOVE"` - `"MOVE"` - `expected_disposition?: "MALICIOUS" | "MALICIOUS-BEC" | "SUSPICIOUS" | 7 more` - `"MALICIOUS"` - `"MALICIOUS-BEC"` - `"SUSPICIOUS"` - `"SPOOF"` - `"SPAM"` - `"BULK"` - `"ENCRYPTED"` - `"EXTERNAL"` - `"UNKNOWN"` - `"NONE"` - `Release` - `type: "RELEASE"` - `"RELEASE"` - `action_type: "MOVE" | "RELEASE"` - `"MOVE"` - `"RELEASE"` - `created_at: string` - `job_id: string` - `messages_failed: number` - `messages_pending: number` - `messages_successful: number` - `search_params: SearchParams` - `action_log?: boolean` Deprecated, use `GET /investigate/{investigate_id}/action_log` instead. End of life: November 1, 2026. - `alert_id?: string | null` - `delivery_status?: "delivered" | "moved" | "quarantined" | 4 more` Delivery status of the message. - `"delivered"` - `"moved"` - `"quarantined"` - `"rejected"` - `"deferred"` - `"bounced"` - `"queued"` - `detections_only?: boolean` - `domain?: string | null` - `end?: string` End of search date range - `exact_subject?: string | null` - `final_disposition?: "MALICIOUS" | "MALICIOUS-BEC" | "SUSPICIOUS" | 7 more` - `"MALICIOUS"` - `"MALICIOUS-BEC"` - `"SUSPICIOUS"` - `"SPOOF"` - `"SPAM"` - `"BULK"` - `"ENCRYPTED"` - `"EXTERNAL"` - `"UNKNOWN"` - `"NONE"` - `message_action?: "PREVIEW" | "QUARANTINE_RELEASED" | "MOVED" | null` - `"PREVIEW"` - `"QUARANTINE_RELEASED"` - `"MOVED"` - `message_id?: string | null` - `metric?: string | null` - `query?: string | null` - `recipient?: string | null` - `sender?: string | null` - `start?: string` Beginning of search date range - `subject?: string | null` - `submissions?: boolean` - `status: "PENDING" | "DISCOVERING" | "PROCESSING" | 4 more` - `"PENDING"` - `"DISCOVERING"` - `"PROCESSING"` - `"COMPLETED"` - `"FAILED"` - `"CANCELLED"` - `"SKIPPED"` - `total_messages_discovered: number` - `comment?: string | null` - `completed_at?: string | null` - `started_at?: string | null` - `status_message?: string | null` ### Example ```typescript import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted }); const cancel = await client.emailSecurity.investigate.bulk.cancel.create( '182bd5e5-6e1a-4fe4-a799-aa6d9a6ab26e', { account_id: '023e105f4ecef8ad9ca31a8372d0c353' }, ); console.log(cancel.job_id); ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": { "action_params": { "destination": "Inbox", "type": "MOVE", "expected_disposition": "MALICIOUS" }, "action_type": "MOVE", "created_at": "2019-12-27T18:11:19.117Z", "job_id": "182bd5e5-6e1a-4fe4-a799-aa6d9a6ab26e", "messages_failed": 0, "messages_pending": 0, "messages_successful": 0, "search_params": { "action_log": true, "alert_id": "alert_id", "delivery_status": "delivered", "detections_only": true, "domain": "domain", "end": "2022-07-25T14:30:00Z", "exact_subject": "exact_subject", "final_disposition": "MALICIOUS", "message_action": "PREVIEW", "message_id": "message_id", "metric": "metric", "query": "query", "recipient": "recipient", "sender": "sender", "start": "2022-06-25T14:30:00Z", "subject": "subject", "submissions": true }, "status": "PENDING", "total_messages_discovered": 0, "comment": "comment", "completed_at": "2019-12-27T18:11:19.117Z", "started_at": "2019-12-27T18:11:19.117Z", "status_message": "status_message" }, "success": true } ``` ## Domain Types ### Cancel Create Response - `CancelCreateResponse` - `action_params: Move | Release` - `Move` - `destination: "Inbox" | "JunkEmail" | "DeletedItems" | 2 more` - `"Inbox"` - `"JunkEmail"` - `"DeletedItems"` - `"RecoverableItemsDeletions"` - `"RecoverableItemsPurges"` - `type: "MOVE"` - `"MOVE"` - `expected_disposition?: "MALICIOUS" | "MALICIOUS-BEC" | "SUSPICIOUS" | 7 more` - `"MALICIOUS"` - `"MALICIOUS-BEC"` - `"SUSPICIOUS"` - `"SPOOF"` - `"SPAM"` - `"BULK"` - `"ENCRYPTED"` - `"EXTERNAL"` - `"UNKNOWN"` - `"NONE"` - `Release` - `type: "RELEASE"` - `"RELEASE"` - `action_type: "MOVE" | "RELEASE"` - `"MOVE"` - `"RELEASE"` - `created_at: string` - `job_id: string` - `messages_failed: number` - `messages_pending: number` - `messages_successful: number` - `search_params: SearchParams` - `action_log?: boolean` Deprecated, use `GET /investigate/{investigate_id}/action_log` instead. End of life: November 1, 2026. - `alert_id?: string | null` - `delivery_status?: "delivered" | "moved" | "quarantined" | 4 more` Delivery status of the message. - `"delivered"` - `"moved"` - `"quarantined"` - `"rejected"` - `"deferred"` - `"bounced"` - `"queued"` - `detections_only?: boolean` - `domain?: string | null` - `end?: string` End of search date range - `exact_subject?: string | null` - `final_disposition?: "MALICIOUS" | "MALICIOUS-BEC" | "SUSPICIOUS" | 7 more` - `"MALICIOUS"` - `"MALICIOUS-BEC"` - `"SUSPICIOUS"` - `"SPOOF"` - `"SPAM"` - `"BULK"` - `"ENCRYPTED"` - `"EXTERNAL"` - `"UNKNOWN"` - `"NONE"` - `message_action?: "PREVIEW" | "QUARANTINE_RELEASED" | "MOVED" | null` - `"PREVIEW"` - `"QUARANTINE_RELEASED"` - `"MOVED"` - `message_id?: string | null` - `metric?: string | null` - `query?: string | null` - `recipient?: string | null` - `sender?: string | null` - `start?: string` Beginning of search date range - `subject?: string | null` - `submissions?: boolean` - `status: "PENDING" | "DISCOVERING" | "PROCESSING" | 4 more` - `"PENDING"` - `"DISCOVERING"` - `"PROCESSING"` - `"COMPLETED"` - `"FAILED"` - `"CANCELLED"` - `"SKIPPED"` - `total_messages_discovered: number` - `comment?: string | null` - `completed_at?: string | null` - `started_at?: string | null` - `status_message?: string | null` # Messages ## List messages for a bulk action job `client.emailSecurity.investigate.bulk.messages.list(stringjobID, MessageListParamsparams, RequestOptionsoptions?): V4PagePaginationArray` **get** `/accounts/{account_id}/email-security/investigate/bulk/{job_id}/messages` Returns the individual messages associated with a bulk action job, including their processing status. ### Parameters - `jobID: string` - `params: MessageListParams` - `account_id: string` Path param: Identifier. - `page?: number` Query param: Current page within paginated list of results. - `per_page?: number` Query param: The number of results per page. Maximum value is 1000. - `status?: "PENDING" | "DISCOVERING" | "PROCESSING" | 4 more` Query param - `"PENDING"` - `"DISCOVERING"` - `"PROCESSING"` - `"COMPLETED"` - `"FAILED"` - `"CANCELLED"` - `"SKIPPED"` ### Returns - `MessageListResponse` - `action_params: Move | Release` - `Move` - `client_recipient: string` - `destination: "Inbox" | "JunkEmail" | "DeletedItems" | 2 more` - `"Inbox"` - `"JunkEmail"` - `"DeletedItems"` - `"RecoverableItemsDeletions"` - `"RecoverableItemsPurges"` - `type: "MOVE"` - `"MOVE"` - `expected_disposition?: "MALICIOUS" | "MALICIOUS-BEC" | "SUSPICIOUS" | 7 more` - `"MALICIOUS"` - `"MALICIOUS-BEC"` - `"SUSPICIOUS"` - `"SPOOF"` - `"SPAM"` - `"BULK"` - `"ENCRYPTED"` - `"EXTERNAL"` - `"UNKNOWN"` - `"NONE"` - `Release` - `client_recipient: string` - `type: "RELEASE"` - `"RELEASE"` - `action_type: "MOVE" | "RELEASE"` - `"MOVE"` - `"RELEASE"` - `created_at: string` - `message_id: string` - `postfix_id: string` - `retry_count: number` - `status: "PENDING" | "DISCOVERING" | "PROCESSING" | 4 more` - `"PENDING"` - `"DISCOVERING"` - `"PROCESSING"` - `"COMPLETED"` - `"FAILED"` - `"CANCELLED"` - `"SKIPPED"` - `alert_id?: string | null` - `email_message_id?: string | null` - `processed_at?: string | null` - `retry_after?: string | null` When to retry the action if it failed - `status_message?: string | null` ### Example ```typescript import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted }); // Automatically fetches more pages as needed. for await (const messageListResponse of client.emailSecurity.investigate.bulk.messages.list( '182bd5e5-6e1a-4fe4-a799-aa6d9a6ab26e', { account_id: '023e105f4ecef8ad9ca31a8372d0c353' }, )) { console.log(messageListResponse.message_id); } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": [ { "action_params": { "client_recipient": "client_recipient", "destination": "Inbox", "type": "MOVE", "expected_disposition": "MALICIOUS" }, "action_type": "MOVE", "created_at": "2019-12-27T18:11:19.117Z", "message_id": "182bd5e5-6e1a-4fe4-a799-aa6d9a6ab26e", "postfix_id": "postfix_id", "retry_count": 0, "status": "PENDING", "alert_id": "alert_id", "email_message_id": "email_message_id", "processed_at": "2019-12-27T18:11:19.117Z", "retry_after": "2019-12-27T18:11:19.117Z", "status_message": "status_message" } ], "result_info": { "count": 0, "per_page": 0, "total_count": 0, "next": "next", "page": 0, "previous": "previous" }, "success": true } ``` ## Domain Types ### Message List Response - `MessageListResponse` - `action_params: Move | Release` - `Move` - `client_recipient: string` - `destination: "Inbox" | "JunkEmail" | "DeletedItems" | 2 more` - `"Inbox"` - `"JunkEmail"` - `"DeletedItems"` - `"RecoverableItemsDeletions"` - `"RecoverableItemsPurges"` - `type: "MOVE"` - `"MOVE"` - `expected_disposition?: "MALICIOUS" | "MALICIOUS-BEC" | "SUSPICIOUS" | 7 more` - `"MALICIOUS"` - `"MALICIOUS-BEC"` - `"SUSPICIOUS"` - `"SPOOF"` - `"SPAM"` - `"BULK"` - `"ENCRYPTED"` - `"EXTERNAL"` - `"UNKNOWN"` - `"NONE"` - `Release` - `client_recipient: string` - `type: "RELEASE"` - `"RELEASE"` - `action_type: "MOVE" | "RELEASE"` - `"MOVE"` - `"RELEASE"` - `created_at: string` - `message_id: string` - `postfix_id: string` - `retry_count: number` - `status: "PENDING" | "DISCOVERING" | "PROCESSING" | 4 more` - `"PENDING"` - `"DISCOVERING"` - `"PROCESSING"` - `"COMPLETED"` - `"FAILED"` - `"CANCELLED"` - `"SKIPPED"` - `alert_id?: string | null` - `email_message_id?: string | null` - `processed_at?: string | null` - `retry_after?: string | null` When to retry the action if it failed - `status_message?: string | null` # Phishguard # Reports ## Get PhishGuard reports `client.emailSecurity.phishguard.reports.list(ReportListParamsparams, RequestOptionsoptions?): SinglePage` **get** `/accounts/{account_id}/email-security/phishguard/reports` Retrieves PhishGuard security alert reports for a specified date range. Reports include detected threats, dispositions, and contextual information. Use for security monitoring and threat analysis. ### Parameters - `params: ReportListParams` - `account_id: string` Path param: Identifier. - `end?: string` Query param: End of the time range (RFC3339). Takes precedence over to_date. - `from_date?: string` Query param: Deprecated, use `start` instead. Start date in YYYY-MM-DD format. - `start?: string` Query param: Start of the time range (RFC3339). Takes precedence over from_date. - `to_date?: string` Query param: Deprecated, use `end` instead. End date in YYYY-MM-DD format. ### Returns - `ReportListResponse` - `id: number` - `content: string` - `disposition: "MALICIOUS" | "MALICIOUS-BEC" | "SUSPICIOUS" | 7 more` - `"MALICIOUS"` - `"MALICIOUS-BEC"` - `"SUSPICIOUS"` - `"SPOOF"` - `"SPAM"` - `"BULK"` - `"ENCRYPTED"` - `"EXTERNAL"` - `"UNKNOWN"` - `"NONE"` - `fields: Fields` - `to: Array` - `from?: string | null` - `occurred_at?: string` - `postfix_id?: string | null` - `ts?: string` Deprecated, use `occurred_at` instead - `priority: string` - `title: string` - `created_at?: string | null` - `tags?: Array | null` - `category: string` - `value: string` - `ts?: string` Deprecated, use `created_at` instead - `updated_at?: string | null` ### Example ```typescript import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted }); // Automatically fetches more pages as needed. for await (const reportListResponse of client.emailSecurity.phishguard.reports.list({ account_id: '023e105f4ecef8ad9ca31a8372d0c353', })) { console.log(reportListResponse.id); } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": [ { "id": 0, "content": "content", "disposition": "MALICIOUS", "fields": { "to": [ "string" ], "from": "from", "occurred_at": "2019-12-27T18:11:19.117Z", "postfix_id": "postfix_id", "ts": "2019-12-27T18:11:19.117Z" }, "priority": "priority", "title": "title", "created_at": "2019-12-27T18:11:19.117Z", "tags": [ { "category": "category", "value": "value" } ], "ts": "2019-12-27T18:11:19.117Z", "updated_at": "2019-12-27T18:11:19.117Z" } ], "success": true } ``` ## Domain Types ### Report List Response - `ReportListResponse` - `id: number` - `content: string` - `disposition: "MALICIOUS" | "MALICIOUS-BEC" | "SUSPICIOUS" | 7 more` - `"MALICIOUS"` - `"MALICIOUS-BEC"` - `"SUSPICIOUS"` - `"SPOOF"` - `"SPAM"` - `"BULK"` - `"ENCRYPTED"` - `"EXTERNAL"` - `"UNKNOWN"` - `"NONE"` - `fields: Fields` - `to: Array` - `from?: string | null` - `occurred_at?: string` - `postfix_id?: string | null` - `ts?: string` Deprecated, use `occurred_at` instead - `priority: string` - `title: string` - `created_at?: string | null` - `tags?: Array | null` - `category: string` - `value: string` - `ts?: string` Deprecated, use `created_at` instead - `updated_at?: string | null` # Settings # Allow Policies ## List email allow policies `client.emailSecurity.settings.allowPolicies.list(AllowPolicyListParamsparams, RequestOptionsoptions?): V4PagePaginationArray` **get** `/accounts/{account_id}/email-security/settings/allow_policies` Returns a paginated list of email allow policies. These policies exempt matching emails from security detection, allowing them to bypass disposition actions. Supports filtering by pattern type and policy attributes. ### Parameters - `params: AllowPolicyListParams` - `account_id: string` Path param: Identifier. - `direction?: "asc" | "desc"` Query param: The sorting direction. - `"asc"` - `"desc"` - `is_acceptable_sender?: boolean` Query param: Filter to show only policies where messages from the sender are exempted from Spam, Spoof, and Bulk dispositions (not Malicious or Suspicious). - `is_exempt_recipient?: boolean` Query param: Filter to show only policies where messages to the recipient bypass all detections. - `is_trusted_sender?: boolean` Query param: Filter to show only policies where messages from the sender bypass all detections and link following. - `order?: "pattern" | "created_at"` Query param: Field to sort by. - `"pattern"` - `"created_at"` - `page?: number` Query param: Current page within paginated list of results. - `pattern?: string` Query param - `pattern_type?: "EMAIL" | "DOMAIN" | "IP" | "UNKNOWN"` Query param: Type of pattern matching. - EMAIL: matches a full email address (e.g. `user@example.com`) - DOMAIN: matches a domain name (e.g. `example.com`) - IP: matches a plain IPv4 address (e.g. `1.2.3.4`) or an IPv4 CIDR block (e.g. `1.2.3.0/24`). Only globally reachable addresses are accepted. - UNKNOWN: deprecated, cannot be used when creating or updating policies, but may be returned for existing entries. - `"EMAIL"` - `"DOMAIN"` - `"IP"` - `"UNKNOWN"` - `per_page?: number` Query param: The number of results per page. Maximum value is 1000. - `search?: string` Query param: Search term for filtering records. Behavior may change. - `verify_sender?: boolean` Query param: Filter to show only policies that enforce DMARC, SPF, or DKIM authentication. ### Returns - `AllowPolicyListResponse` An email allow policy - `id: string` Allow policy identifier - `created_at: string` - `last_modified: string` Deprecated, use `modified_at` instead. End of life: November 1, 2026. - `comments?: string | null` - `is_acceptable_sender?: boolean` Messages from this sender will be exempted from Spam, Spoof and Bulk dispositions. Note - This will not exempt messages with Malicious or Suspicious dispositions. - `is_exempt_recipient?: boolean` Messages to this recipient will bypass all detections - `is_recipient?: boolean` Deprecated as of July 1, 2025. Use `is_exempt_recipient` instead. End of life: July 1, 2026. - `is_regex?: boolean` - `is_sender?: boolean` Deprecated as of July 1, 2025. Use `is_trusted_sender` instead. End of life: July 1, 2026. - `is_spoof?: boolean` Deprecated as of July 1, 2025. Use `is_acceptable_sender` instead. End of life: July 1, 2026. - `is_trusted_sender?: boolean` Messages from this sender will bypass all detections and link following - `modified_at?: string` - `pattern?: string` The pattern value to match against. Format depends on `pattern_type`: - EMAIL: a valid email address, e.g. `user@example.com` - DOMAIN: a valid domain name, e.g. `example.com` - IP: a plain IPv4 address (e.g. `1.2.3.4`) or an IPv4 CIDR block (e.g. `1.2.3.0/24`). Only globally reachable addresses are accepted; private, loopback, link-local, and unspecified addresses are rejected. - `pattern_type?: "EMAIL" | "DOMAIN" | "IP" | "UNKNOWN"` Type of pattern matching. - EMAIL: matches a full email address (e.g. `user@example.com`) - DOMAIN: matches a domain name (e.g. `example.com`) - IP: matches a plain IPv4 address (e.g. `1.2.3.4`) or an IPv4 CIDR block (e.g. `1.2.3.0/24`). Only globally reachable addresses are accepted. - UNKNOWN: deprecated, cannot be used when creating or updating policies, but may be returned for existing entries. - `"EMAIL"` - `"DOMAIN"` - `"IP"` - `"UNKNOWN"` - `verify_sender?: boolean` Enforce DMARC, SPF or DKIM authentication. When on, Email Security only honors policies that pass authentication. ### Example ```typescript import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted }); // Automatically fetches more pages as needed. for await (const allowPolicyListResponse of client.emailSecurity.settings.allowPolicies.list({ account_id: '023e105f4ecef8ad9ca31a8372d0c353', })) { console.log(allowPolicyListResponse.id); } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": [ { "id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415", "created_at": "2014-01-01T05:20:00.12345Z", "last_modified": "2014-01-01T05:20:00.12345Z", "comments": "Trust all messages send from test@example.com", "is_acceptable_sender": false, "is_exempt_recipient": false, "is_recipient": false, "is_regex": false, "is_sender": true, "is_spoof": false, "is_trusted_sender": true, "modified_at": "2014-01-01T05:20:00.12345Z", "pattern": "test@example.com", "pattern_type": "EMAIL", "verify_sender": true } ], "result_info": { "count": 1, "page": 1, "per_page": 20, "total_count": 2000 } } ``` ## Get an email allow policy `client.emailSecurity.settings.allowPolicies.get(stringpolicyID, AllowPolicyGetParamsparams, RequestOptionsoptions?): AllowPolicyGetResponse` **get** `/accounts/{account_id}/email-security/settings/allow_policies/{policy_id}` Retrieves details for a specific allow policy including its pattern, dispositions that are exempted, and whether it applies to all detections. ### Parameters - `policyID: string` Allow policy identifier - `params: AllowPolicyGetParams` - `account_id: string` Identifier. ### Returns - `AllowPolicyGetResponse` An email allow policy - `id: string` Allow policy identifier - `created_at: string` - `last_modified: string` Deprecated, use `modified_at` instead. End of life: November 1, 2026. - `comments?: string | null` - `is_acceptable_sender?: boolean` Messages from this sender will be exempted from Spam, Spoof and Bulk dispositions. Note - This will not exempt messages with Malicious or Suspicious dispositions. - `is_exempt_recipient?: boolean` Messages to this recipient will bypass all detections - `is_recipient?: boolean` Deprecated as of July 1, 2025. Use `is_exempt_recipient` instead. End of life: July 1, 2026. - `is_regex?: boolean` - `is_sender?: boolean` Deprecated as of July 1, 2025. Use `is_trusted_sender` instead. End of life: July 1, 2026. - `is_spoof?: boolean` Deprecated as of July 1, 2025. Use `is_acceptable_sender` instead. End of life: July 1, 2026. - `is_trusted_sender?: boolean` Messages from this sender will bypass all detections and link following - `modified_at?: string` - `pattern?: string` The pattern value to match against. Format depends on `pattern_type`: - EMAIL: a valid email address, e.g. `user@example.com` - DOMAIN: a valid domain name, e.g. `example.com` - IP: a plain IPv4 address (e.g. `1.2.3.4`) or an IPv4 CIDR block (e.g. `1.2.3.0/24`). Only globally reachable addresses are accepted; private, loopback, link-local, and unspecified addresses are rejected. - `pattern_type?: "EMAIL" | "DOMAIN" | "IP" | "UNKNOWN"` Type of pattern matching. - EMAIL: matches a full email address (e.g. `user@example.com`) - DOMAIN: matches a domain name (e.g. `example.com`) - IP: matches a plain IPv4 address (e.g. `1.2.3.4`) or an IPv4 CIDR block (e.g. `1.2.3.0/24`). Only globally reachable addresses are accepted. - UNKNOWN: deprecated, cannot be used when creating or updating policies, but may be returned for existing entries. - `"EMAIL"` - `"DOMAIN"` - `"IP"` - `"UNKNOWN"` - `verify_sender?: boolean` Enforce DMARC, SPF or DKIM authentication. When on, Email Security only honors policies that pass authentication. ### Example ```typescript import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted }); const allowPolicy = await client.emailSecurity.settings.allowPolicies.get( 'f174e90a-fafe-4643-bbbc-4a0ed4fc8415', { account_id: '023e105f4ecef8ad9ca31a8372d0c353' }, ); console.log(allowPolicy.id); ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": { "id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415", "created_at": "2014-01-01T05:20:00.12345Z", "last_modified": "2014-01-01T05:20:00.12345Z", "comments": "Trust all messages send from test@example.com", "is_acceptable_sender": false, "is_exempt_recipient": false, "is_recipient": false, "is_regex": false, "is_sender": true, "is_spoof": false, "is_trusted_sender": true, "modified_at": "2014-01-01T05:20:00.12345Z", "pattern": "test@example.com", "pattern_type": "EMAIL", "verify_sender": true } } ``` ## Create email allow policy `client.emailSecurity.settings.allowPolicies.create(AllowPolicyCreateParamsparams, RequestOptionsoptions?): AllowPolicyCreateResponse` **post** `/accounts/{account_id}/email-security/settings/allow_policies` Creates a new allow policy that exempts matching emails from security detections. Use with caution as this bypasses email security scanning. Policies can match on sender patterns and apply to specific detections or all detections. ### Parameters - `params: AllowPolicyCreateParams` - `account_id: string` Path param: Identifier. - `is_acceptable_sender: boolean` Body param: Messages from this sender will be exempted from Spam, Spoof and Bulk dispositions. Note - This will not exempt messages with Malicious or Suspicious dispositions. - `is_exempt_recipient: boolean` Body param: Messages to this recipient will bypass all detections - `is_regex: boolean` Body param - `is_trusted_sender: boolean` Body param: Messages from this sender will bypass all detections and link following - `pattern: string` Body param: The pattern value to match against. Format depends on `pattern_type`: - EMAIL: a valid email address, e.g. `user@example.com` - DOMAIN: a valid domain name, e.g. `example.com` - IP: a plain IPv4 address (e.g. `1.2.3.4`) or an IPv4 CIDR block (e.g. `1.2.3.0/24`). Only globally reachable addresses are accepted; private, loopback, link-local, and unspecified addresses are rejected. - `pattern_type: "EMAIL" | "DOMAIN" | "IP" | "UNKNOWN"` Body param: Type of pattern matching. - EMAIL: matches a full email address (e.g. `user@example.com`) - DOMAIN: matches a domain name (e.g. `example.com`) - IP: matches a plain IPv4 address (e.g. `1.2.3.4`) or an IPv4 CIDR block (e.g. `1.2.3.0/24`). Only globally reachable addresses are accepted. - UNKNOWN: deprecated, cannot be used when creating or updating policies, but may be returned for existing entries. - `"EMAIL"` - `"DOMAIN"` - `"IP"` - `"UNKNOWN"` - `verify_sender: boolean` Body param: Enforce DMARC, SPF or DKIM authentication. When on, Email Security only honors policies that pass authentication. - `comments?: string | null` Body param - `is_recipient?: boolean` Body param: Deprecated as of July 1, 2025. Use `is_exempt_recipient` instead. End of life: July 1, 2026. - `is_sender?: boolean` Body param: Deprecated as of July 1, 2025. Use `is_trusted_sender` instead. End of life: July 1, 2026. - `is_spoof?: boolean` Body param: Deprecated as of July 1, 2025. Use `is_acceptable_sender` instead. End of life: July 1, 2026. ### Returns - `AllowPolicyCreateResponse` An email allow policy - `id: string` Allow policy identifier - `created_at: string` - `last_modified: string` Deprecated, use `modified_at` instead. End of life: November 1, 2026. - `comments?: string | null` - `is_acceptable_sender?: boolean` Messages from this sender will be exempted from Spam, Spoof and Bulk dispositions. Note - This will not exempt messages with Malicious or Suspicious dispositions. - `is_exempt_recipient?: boolean` Messages to this recipient will bypass all detections - `is_recipient?: boolean` Deprecated as of July 1, 2025. Use `is_exempt_recipient` instead. End of life: July 1, 2026. - `is_regex?: boolean` - `is_sender?: boolean` Deprecated as of July 1, 2025. Use `is_trusted_sender` instead. End of life: July 1, 2026. - `is_spoof?: boolean` Deprecated as of July 1, 2025. Use `is_acceptable_sender` instead. End of life: July 1, 2026. - `is_trusted_sender?: boolean` Messages from this sender will bypass all detections and link following - `modified_at?: string` - `pattern?: string` The pattern value to match against. Format depends on `pattern_type`: - EMAIL: a valid email address, e.g. `user@example.com` - DOMAIN: a valid domain name, e.g. `example.com` - IP: a plain IPv4 address (e.g. `1.2.3.4`) or an IPv4 CIDR block (e.g. `1.2.3.0/24`). Only globally reachable addresses are accepted; private, loopback, link-local, and unspecified addresses are rejected. - `pattern_type?: "EMAIL" | "DOMAIN" | "IP" | "UNKNOWN"` Type of pattern matching. - EMAIL: matches a full email address (e.g. `user@example.com`) - DOMAIN: matches a domain name (e.g. `example.com`) - IP: matches a plain IPv4 address (e.g. `1.2.3.4`) or an IPv4 CIDR block (e.g. `1.2.3.0/24`). Only globally reachable addresses are accepted. - UNKNOWN: deprecated, cannot be used when creating or updating policies, but may be returned for existing entries. - `"EMAIL"` - `"DOMAIN"` - `"IP"` - `"UNKNOWN"` - `verify_sender?: boolean` Enforce DMARC, SPF or DKIM authentication. When on, Email Security only honors policies that pass authentication. ### Example ```typescript import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted }); const allowPolicy = await client.emailSecurity.settings.allowPolicies.create({ account_id: '023e105f4ecef8ad9ca31a8372d0c353', is_acceptable_sender: false, is_exempt_recipient: false, is_regex: false, is_trusted_sender: true, pattern: 'test@example.com', pattern_type: 'EMAIL', verify_sender: true, }); console.log(allowPolicy.id); ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": { "id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415", "created_at": "2014-01-01T05:20:00.12345Z", "last_modified": "2014-01-01T05:20:00.12345Z", "comments": "Trust all messages send from test@example.com", "is_acceptable_sender": false, "is_exempt_recipient": false, "is_recipient": false, "is_regex": false, "is_sender": true, "is_spoof": false, "is_trusted_sender": true, "modified_at": "2014-01-01T05:20:00.12345Z", "pattern": "test@example.com", "pattern_type": "EMAIL", "verify_sender": true } } ``` ## Update an email allow policy `client.emailSecurity.settings.allowPolicies.edit(stringpolicyID, AllowPolicyEditParamsparams, RequestOptionsoptions?): AllowPolicyEditResponse` **patch** `/accounts/{account_id}/email-security/settings/allow_policies/{policy_id}` Updates an existing allow policy. Only provided fields will be modified. Changes take effect for new emails matching the pattern. ### Parameters - `policyID: string` Allow policy identifier - `params: AllowPolicyEditParams` - `account_id: string` Path param: Identifier. - `comments?: string | null` Body param - `is_acceptable_sender?: boolean` Body param: Messages from this sender will be exempted from Spam, Spoof and Bulk dispositions. Note - This will not exempt messages with Malicious or Suspicious dispositions. - `is_exempt_recipient?: boolean` Body param: Messages to this recipient will bypass all detections - `is_recipient?: boolean` Body param: Deprecated as of July 1, 2025. Use `is_exempt_recipient` instead. End of life: July 1, 2026. - `is_regex?: boolean` Body param - `is_sender?: boolean` Body param: Deprecated as of July 1, 2025. Use `is_trusted_sender` instead. End of life: July 1, 2026. - `is_spoof?: boolean` Body param: Deprecated as of July 1, 2025. Use `is_acceptable_sender` instead. End of life: July 1, 2026. - `is_trusted_sender?: boolean` Body param: Messages from this sender will bypass all detections and link following - `pattern?: string` Body param: The pattern value to match against. Format depends on `pattern_type`: - EMAIL: a valid email address, e.g. `user@example.com` - DOMAIN: a valid domain name, e.g. `example.com` - IP: a plain IPv4 address (e.g. `1.2.3.4`) or an IPv4 CIDR block (e.g. `1.2.3.0/24`). Only globally reachable addresses are accepted; private, loopback, link-local, and unspecified addresses are rejected. - `pattern_type?: "EMAIL" | "DOMAIN" | "IP" | "UNKNOWN"` Body param: Type of pattern matching. - EMAIL: matches a full email address (e.g. `user@example.com`) - DOMAIN: matches a domain name (e.g. `example.com`) - IP: matches a plain IPv4 address (e.g. `1.2.3.4`) or an IPv4 CIDR block (e.g. `1.2.3.0/24`). Only globally reachable addresses are accepted. - UNKNOWN: deprecated, cannot be used when creating or updating policies, but may be returned for existing entries. - `"EMAIL"` - `"DOMAIN"` - `"IP"` - `"UNKNOWN"` - `verify_sender?: boolean` Body param: Enforce DMARC, SPF or DKIM authentication. When on, Email Security only honors policies that pass authentication. ### Returns - `AllowPolicyEditResponse` An email allow policy - `id: string` Allow policy identifier - `created_at: string` - `last_modified: string` Deprecated, use `modified_at` instead. End of life: November 1, 2026. - `comments?: string | null` - `is_acceptable_sender?: boolean` Messages from this sender will be exempted from Spam, Spoof and Bulk dispositions. Note - This will not exempt messages with Malicious or Suspicious dispositions. - `is_exempt_recipient?: boolean` Messages to this recipient will bypass all detections - `is_recipient?: boolean` Deprecated as of July 1, 2025. Use `is_exempt_recipient` instead. End of life: July 1, 2026. - `is_regex?: boolean` - `is_sender?: boolean` Deprecated as of July 1, 2025. Use `is_trusted_sender` instead. End of life: July 1, 2026. - `is_spoof?: boolean` Deprecated as of July 1, 2025. Use `is_acceptable_sender` instead. End of life: July 1, 2026. - `is_trusted_sender?: boolean` Messages from this sender will bypass all detections and link following - `modified_at?: string` - `pattern?: string` The pattern value to match against. Format depends on `pattern_type`: - EMAIL: a valid email address, e.g. `user@example.com` - DOMAIN: a valid domain name, e.g. `example.com` - IP: a plain IPv4 address (e.g. `1.2.3.4`) or an IPv4 CIDR block (e.g. `1.2.3.0/24`). Only globally reachable addresses are accepted; private, loopback, link-local, and unspecified addresses are rejected. - `pattern_type?: "EMAIL" | "DOMAIN" | "IP" | "UNKNOWN"` Type of pattern matching. - EMAIL: matches a full email address (e.g. `user@example.com`) - DOMAIN: matches a domain name (e.g. `example.com`) - IP: matches a plain IPv4 address (e.g. `1.2.3.4`) or an IPv4 CIDR block (e.g. `1.2.3.0/24`). Only globally reachable addresses are accepted. - UNKNOWN: deprecated, cannot be used when creating or updating policies, but may be returned for existing entries. - `"EMAIL"` - `"DOMAIN"` - `"IP"` - `"UNKNOWN"` - `verify_sender?: boolean` Enforce DMARC, SPF or DKIM authentication. When on, Email Security only honors policies that pass authentication. ### Example ```typescript import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted }); const response = await client.emailSecurity.settings.allowPolicies.edit( 'f174e90a-fafe-4643-bbbc-4a0ed4fc8415', { account_id: '023e105f4ecef8ad9ca31a8372d0c353' }, ); console.log(response.id); ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": { "id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415", "created_at": "2014-01-01T05:20:00.12345Z", "last_modified": "2014-01-01T05:20:00.12345Z", "comments": "Trust all messages send from test@example.com", "is_acceptable_sender": false, "is_exempt_recipient": false, "is_recipient": false, "is_regex": false, "is_sender": true, "is_spoof": false, "is_trusted_sender": true, "modified_at": "2014-01-01T05:20:00.12345Z", "pattern": "test@example.com", "pattern_type": "EMAIL", "verify_sender": true } } ``` ## Delete an email allow policy `client.emailSecurity.settings.allowPolicies.delete(stringpolicyID, AllowPolicyDeleteParamsparams, RequestOptionsoptions?): AllowPolicyDeleteResponse` **delete** `/accounts/{account_id}/email-security/settings/allow_policies/{policy_id}` Removes an allow policy. After deletion, emails matching this pattern will be subject to normal security scanning and disposition actions. ### Parameters - `policyID: string` Allow policy identifier - `params: AllowPolicyDeleteParams` - `account_id: string` Identifier. ### Returns - `AllowPolicyDeleteResponse` - `id: string` Allow policy identifier ### Example ```typescript import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted }); const allowPolicy = await client.emailSecurity.settings.allowPolicies.delete( 'f174e90a-fafe-4643-bbbc-4a0ed4fc8415', { account_id: '023e105f4ecef8ad9ca31a8372d0c353' }, ); console.log(allowPolicy.id); ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": { "id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415" } } ``` ## Domain Types ### Allow Policy List Response - `AllowPolicyListResponse` An email allow policy - `id: string` Allow policy identifier - `created_at: string` - `last_modified: string` Deprecated, use `modified_at` instead. End of life: November 1, 2026. - `comments?: string | null` - `is_acceptable_sender?: boolean` Messages from this sender will be exempted from Spam, Spoof and Bulk dispositions. Note - This will not exempt messages with Malicious or Suspicious dispositions. - `is_exempt_recipient?: boolean` Messages to this recipient will bypass all detections - `is_recipient?: boolean` Deprecated as of July 1, 2025. Use `is_exempt_recipient` instead. End of life: July 1, 2026. - `is_regex?: boolean` - `is_sender?: boolean` Deprecated as of July 1, 2025. Use `is_trusted_sender` instead. End of life: July 1, 2026. - `is_spoof?: boolean` Deprecated as of July 1, 2025. Use `is_acceptable_sender` instead. End of life: July 1, 2026. - `is_trusted_sender?: boolean` Messages from this sender will bypass all detections and link following - `modified_at?: string` - `pattern?: string` The pattern value to match against. Format depends on `pattern_type`: - EMAIL: a valid email address, e.g. `user@example.com` - DOMAIN: a valid domain name, e.g. `example.com` - IP: a plain IPv4 address (e.g. `1.2.3.4`) or an IPv4 CIDR block (e.g. `1.2.3.0/24`). Only globally reachable addresses are accepted; private, loopback, link-local, and unspecified addresses are rejected. - `pattern_type?: "EMAIL" | "DOMAIN" | "IP" | "UNKNOWN"` Type of pattern matching. - EMAIL: matches a full email address (e.g. `user@example.com`) - DOMAIN: matches a domain name (e.g. `example.com`) - IP: matches a plain IPv4 address (e.g. `1.2.3.4`) or an IPv4 CIDR block (e.g. `1.2.3.0/24`). Only globally reachable addresses are accepted. - UNKNOWN: deprecated, cannot be used when creating or updating policies, but may be returned for existing entries. - `"EMAIL"` - `"DOMAIN"` - `"IP"` - `"UNKNOWN"` - `verify_sender?: boolean` Enforce DMARC, SPF or DKIM authentication. When on, Email Security only honors policies that pass authentication. ### Allow Policy Get Response - `AllowPolicyGetResponse` An email allow policy - `id: string` Allow policy identifier - `created_at: string` - `last_modified: string` Deprecated, use `modified_at` instead. End of life: November 1, 2026. - `comments?: string | null` - `is_acceptable_sender?: boolean` Messages from this sender will be exempted from Spam, Spoof and Bulk dispositions. Note - This will not exempt messages with Malicious or Suspicious dispositions. - `is_exempt_recipient?: boolean` Messages to this recipient will bypass all detections - `is_recipient?: boolean` Deprecated as of July 1, 2025. Use `is_exempt_recipient` instead. End of life: July 1, 2026. - `is_regex?: boolean` - `is_sender?: boolean` Deprecated as of July 1, 2025. Use `is_trusted_sender` instead. End of life: July 1, 2026. - `is_spoof?: boolean` Deprecated as of July 1, 2025. Use `is_acceptable_sender` instead. End of life: July 1, 2026. - `is_trusted_sender?: boolean` Messages from this sender will bypass all detections and link following - `modified_at?: string` - `pattern?: string` The pattern value to match against. Format depends on `pattern_type`: - EMAIL: a valid email address, e.g. `user@example.com` - DOMAIN: a valid domain name, e.g. `example.com` - IP: a plain IPv4 address (e.g. `1.2.3.4`) or an IPv4 CIDR block (e.g. `1.2.3.0/24`). Only globally reachable addresses are accepted; private, loopback, link-local, and unspecified addresses are rejected. - `pattern_type?: "EMAIL" | "DOMAIN" | "IP" | "UNKNOWN"` Type of pattern matching. - EMAIL: matches a full email address (e.g. `user@example.com`) - DOMAIN: matches a domain name (e.g. `example.com`) - IP: matches a plain IPv4 address (e.g. `1.2.3.4`) or an IPv4 CIDR block (e.g. `1.2.3.0/24`). Only globally reachable addresses are accepted. - UNKNOWN: deprecated, cannot be used when creating or updating policies, but may be returned for existing entries. - `"EMAIL"` - `"DOMAIN"` - `"IP"` - `"UNKNOWN"` - `verify_sender?: boolean` Enforce DMARC, SPF or DKIM authentication. When on, Email Security only honors policies that pass authentication. ### Allow Policy Create Response - `AllowPolicyCreateResponse` An email allow policy - `id: string` Allow policy identifier - `created_at: string` - `last_modified: string` Deprecated, use `modified_at` instead. End of life: November 1, 2026. - `comments?: string | null` - `is_acceptable_sender?: boolean` Messages from this sender will be exempted from Spam, Spoof and Bulk dispositions. Note - This will not exempt messages with Malicious or Suspicious dispositions. - `is_exempt_recipient?: boolean` Messages to this recipient will bypass all detections - `is_recipient?: boolean` Deprecated as of July 1, 2025. Use `is_exempt_recipient` instead. End of life: July 1, 2026. - `is_regex?: boolean` - `is_sender?: boolean` Deprecated as of July 1, 2025. Use `is_trusted_sender` instead. End of life: July 1, 2026. - `is_spoof?: boolean` Deprecated as of July 1, 2025. Use `is_acceptable_sender` instead. End of life: July 1, 2026. - `is_trusted_sender?: boolean` Messages from this sender will bypass all detections and link following - `modified_at?: string` - `pattern?: string` The pattern value to match against. Format depends on `pattern_type`: - EMAIL: a valid email address, e.g. `user@example.com` - DOMAIN: a valid domain name, e.g. `example.com` - IP: a plain IPv4 address (e.g. `1.2.3.4`) or an IPv4 CIDR block (e.g. `1.2.3.0/24`). Only globally reachable addresses are accepted; private, loopback, link-local, and unspecified addresses are rejected. - `pattern_type?: "EMAIL" | "DOMAIN" | "IP" | "UNKNOWN"` Type of pattern matching. - EMAIL: matches a full email address (e.g. `user@example.com`) - DOMAIN: matches a domain name (e.g. `example.com`) - IP: matches a plain IPv4 address (e.g. `1.2.3.4`) or an IPv4 CIDR block (e.g. `1.2.3.0/24`). Only globally reachable addresses are accepted. - UNKNOWN: deprecated, cannot be used when creating or updating policies, but may be returned for existing entries. - `"EMAIL"` - `"DOMAIN"` - `"IP"` - `"UNKNOWN"` - `verify_sender?: boolean` Enforce DMARC, SPF or DKIM authentication. When on, Email Security only honors policies that pass authentication. ### Allow Policy Edit Response - `AllowPolicyEditResponse` An email allow policy - `id: string` Allow policy identifier - `created_at: string` - `last_modified: string` Deprecated, use `modified_at` instead. End of life: November 1, 2026. - `comments?: string | null` - `is_acceptable_sender?: boolean` Messages from this sender will be exempted from Spam, Spoof and Bulk dispositions. Note - This will not exempt messages with Malicious or Suspicious dispositions. - `is_exempt_recipient?: boolean` Messages to this recipient will bypass all detections - `is_recipient?: boolean` Deprecated as of July 1, 2025. Use `is_exempt_recipient` instead. End of life: July 1, 2026. - `is_regex?: boolean` - `is_sender?: boolean` Deprecated as of July 1, 2025. Use `is_trusted_sender` instead. End of life: July 1, 2026. - `is_spoof?: boolean` Deprecated as of July 1, 2025. Use `is_acceptable_sender` instead. End of life: July 1, 2026. - `is_trusted_sender?: boolean` Messages from this sender will bypass all detections and link following - `modified_at?: string` - `pattern?: string` The pattern value to match against. Format depends on `pattern_type`: - EMAIL: a valid email address, e.g. `user@example.com` - DOMAIN: a valid domain name, e.g. `example.com` - IP: a plain IPv4 address (e.g. `1.2.3.4`) or an IPv4 CIDR block (e.g. `1.2.3.0/24`). Only globally reachable addresses are accepted; private, loopback, link-local, and unspecified addresses are rejected. - `pattern_type?: "EMAIL" | "DOMAIN" | "IP" | "UNKNOWN"` Type of pattern matching. - EMAIL: matches a full email address (e.g. `user@example.com`) - DOMAIN: matches a domain name (e.g. `example.com`) - IP: matches a plain IPv4 address (e.g. `1.2.3.4`) or an IPv4 CIDR block (e.g. `1.2.3.0/24`). Only globally reachable addresses are accepted. - UNKNOWN: deprecated, cannot be used when creating or updating policies, but may be returned for existing entries. - `"EMAIL"` - `"DOMAIN"` - `"IP"` - `"UNKNOWN"` - `verify_sender?: boolean` Enforce DMARC, SPF or DKIM authentication. When on, Email Security only honors policies that pass authentication. ### Allow Policy Delete Response - `AllowPolicyDeleteResponse` - `id: string` Allow policy identifier # Block Senders ## List blocked email senders `client.emailSecurity.settings.blockSenders.list(BlockSenderListParamsparams, RequestOptionsoptions?): V4PagePaginationArray` **get** `/accounts/{account_id}/email-security/settings/block_senders` Returns a paginated list of blocked email sender patterns. These patterns prevent emails from matching senders from being delivered. Supports filtering by pattern type and searching across patterns. ### Parameters - `params: BlockSenderListParams` - `account_id: string` Path param: Identifier. - `direction?: "asc" | "desc"` Query param: The sorting direction. - `"asc"` - `"desc"` - `order?: "pattern" | "created_at"` Query param: Field to sort by. - `"pattern"` - `"created_at"` - `page?: number` Query param: Current page within paginated list of results. - `pattern?: string` Query param: Filter by pattern value. - `pattern_type?: "EMAIL" | "DOMAIN" | "IP" | "UNKNOWN"` Query param: Filter by pattern type. - `"EMAIL"` - `"DOMAIN"` - `"IP"` - `"UNKNOWN"` - `per_page?: number` Query param: The number of results per page. Maximum value is 1000. - `search?: string` Query param: Search term for filtering records. Behavior may change. ### Returns - `BlockSenderListResponse` A blocked sender pattern - `id?: string` Blocked sender pattern identifier - `comments?: string | null` - `created_at?: string` - `is_regex?: boolean` - `last_modified?: string` Deprecated, use `modified_at` instead. End of life: November 1, 2026. - `modified_at?: string` - `pattern?: string` The pattern value to match against. Format depends on `pattern_type`: - EMAIL: a valid email address, e.g. `user@example.com` - DOMAIN: a valid domain name, e.g. `example.com` - IP: a plain IPv4 address (e.g. `1.2.3.4`) or an IPv4 CIDR block (e.g. `1.2.3.0/24`). Only globally reachable addresses are accepted; private, loopback, link-local, and unspecified addresses are rejected. - `pattern_type?: "EMAIL" | "DOMAIN" | "IP" | "UNKNOWN"` Type of pattern matching. - EMAIL: matches a full email address (e.g. `user@example.com`) - DOMAIN: matches a domain name (e.g. `example.com`) - IP: matches a plain IPv4 address (e.g. `1.2.3.4`) or an IPv4 CIDR block (e.g. `1.2.3.0/24`). Only globally reachable addresses are accepted. - UNKNOWN: deprecated, cannot be used when creating or updating policies, but may be returned for existing entries. - `"EMAIL"` - `"DOMAIN"` - `"IP"` - `"UNKNOWN"` ### Example ```typescript import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted }); // Automatically fetches more pages as needed. for await (const blockSenderListResponse of client.emailSecurity.settings.blockSenders.list({ account_id: '023e105f4ecef8ad9ca31a8372d0c353', })) { console.log(blockSenderListResponse.id); } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": [ { "id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415", "comments": "Block sender with email test@example.com", "created_at": "2014-01-01T05:20:00.12345Z", "is_regex": false, "last_modified": "2014-01-01T05:20:00.12345Z", "modified_at": "2014-01-01T05:20:00.12345Z", "pattern": "test@example.com", "pattern_type": "EMAIL" } ], "result_info": { "count": 1, "page": 1, "per_page": 20, "total_count": 2000 } } ``` ## Get a blocked email sender `client.emailSecurity.settings.blockSenders.get(stringpatternID, BlockSenderGetParamsparams, RequestOptionsoptions?): BlockSenderGetResponse` **get** `/accounts/{account_id}/email-security/settings/block_senders/{pattern_id}` Retrieves details for a specific blocked sender pattern including its pattern type, value, and metadata. ### Parameters - `patternID: string` Blocked sender pattern identifier - `params: BlockSenderGetParams` - `account_id: string` Identifier. ### Returns - `BlockSenderGetResponse` A blocked sender pattern - `id?: string` Blocked sender pattern identifier - `comments?: string | null` - `created_at?: string` - `is_regex?: boolean` - `last_modified?: string` Deprecated, use `modified_at` instead. End of life: November 1, 2026. - `modified_at?: string` - `pattern?: string` The pattern value to match against. Format depends on `pattern_type`: - EMAIL: a valid email address, e.g. `user@example.com` - DOMAIN: a valid domain name, e.g. `example.com` - IP: a plain IPv4 address (e.g. `1.2.3.4`) or an IPv4 CIDR block (e.g. `1.2.3.0/24`). Only globally reachable addresses are accepted; private, loopback, link-local, and unspecified addresses are rejected. - `pattern_type?: "EMAIL" | "DOMAIN" | "IP" | "UNKNOWN"` Type of pattern matching. - EMAIL: matches a full email address (e.g. `user@example.com`) - DOMAIN: matches a domain name (e.g. `example.com`) - IP: matches a plain IPv4 address (e.g. `1.2.3.4`) or an IPv4 CIDR block (e.g. `1.2.3.0/24`). Only globally reachable addresses are accepted. - UNKNOWN: deprecated, cannot be used when creating or updating policies, but may be returned for existing entries. - `"EMAIL"` - `"DOMAIN"` - `"IP"` - `"UNKNOWN"` ### Example ```typescript import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted }); const blockSender = await client.emailSecurity.settings.blockSenders.get( 'f174e90a-fafe-4643-bbbc-4a0ed4fc8415', { account_id: '023e105f4ecef8ad9ca31a8372d0c353' }, ); console.log(blockSender.id); ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": { "id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415", "comments": "Block sender with email test@example.com", "created_at": "2014-01-01T05:20:00.12345Z", "is_regex": false, "last_modified": "2014-01-01T05:20:00.12345Z", "modified_at": "2014-01-01T05:20:00.12345Z", "pattern": "test@example.com", "pattern_type": "EMAIL" } } ``` ## Create blocked email sender `client.emailSecurity.settings.blockSenders.create(BlockSenderCreateParamsparams, RequestOptionsoptions?): BlockSenderCreateResponse` **post** `/accounts/{account_id}/email-security/settings/block_senders` Creates a new blocked sender pattern. Emails matching this pattern will be blocked from delivery. Patterns can be email addresses, domains, or IP addresses, and support regular expressions. ### Parameters - `params: BlockSenderCreateParams` - `account_id: string` Path param: Identifier. - `is_regex: boolean` Body param - `pattern: string` Body param: The pattern value to match against. Format depends on `pattern_type`: - EMAIL: a valid email address, e.g. `user@example.com` - DOMAIN: a valid domain name, e.g. `example.com` - IP: a plain IPv4 address (e.g. `1.2.3.4`) or an IPv4 CIDR block (e.g. `1.2.3.0/24`). Only globally reachable addresses are accepted; private, loopback, link-local, and unspecified addresses are rejected. - `pattern_type: "EMAIL" | "DOMAIN" | "IP" | "UNKNOWN"` Body param: Type of pattern matching. - EMAIL: matches a full email address (e.g. `user@example.com`) - DOMAIN: matches a domain name (e.g. `example.com`) - IP: matches a plain IPv4 address (e.g. `1.2.3.4`) or an IPv4 CIDR block (e.g. `1.2.3.0/24`). Only globally reachable addresses are accepted. - UNKNOWN: deprecated, cannot be used when creating or updating policies, but may be returned for existing entries. - `"EMAIL"` - `"DOMAIN"` - `"IP"` - `"UNKNOWN"` - `comments?: string | null` Body param ### Returns - `BlockSenderCreateResponse` A blocked sender pattern - `id?: string` Blocked sender pattern identifier - `comments?: string | null` - `created_at?: string` - `is_regex?: boolean` - `last_modified?: string` Deprecated, use `modified_at` instead. End of life: November 1, 2026. - `modified_at?: string` - `pattern?: string` The pattern value to match against. Format depends on `pattern_type`: - EMAIL: a valid email address, e.g. `user@example.com` - DOMAIN: a valid domain name, e.g. `example.com` - IP: a plain IPv4 address (e.g. `1.2.3.4`) or an IPv4 CIDR block (e.g. `1.2.3.0/24`). Only globally reachable addresses are accepted; private, loopback, link-local, and unspecified addresses are rejected. - `pattern_type?: "EMAIL" | "DOMAIN" | "IP" | "UNKNOWN"` Type of pattern matching. - EMAIL: matches a full email address (e.g. `user@example.com`) - DOMAIN: matches a domain name (e.g. `example.com`) - IP: matches a plain IPv4 address (e.g. `1.2.3.4`) or an IPv4 CIDR block (e.g. `1.2.3.0/24`). Only globally reachable addresses are accepted. - UNKNOWN: deprecated, cannot be used when creating or updating policies, but may be returned for existing entries. - `"EMAIL"` - `"DOMAIN"` - `"IP"` - `"UNKNOWN"` ### Example ```typescript import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted }); const blockSender = await client.emailSecurity.settings.blockSenders.create({ account_id: '023e105f4ecef8ad9ca31a8372d0c353', is_regex: false, pattern: 'test@example.com', pattern_type: 'EMAIL', }); console.log(blockSender.id); ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": { "id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415", "comments": "Block sender with email test@example.com", "created_at": "2014-01-01T05:20:00.12345Z", "is_regex": false, "last_modified": "2014-01-01T05:20:00.12345Z", "modified_at": "2014-01-01T05:20:00.12345Z", "pattern": "test@example.com", "pattern_type": "EMAIL" } } ``` ## Update a blocked email sender `client.emailSecurity.settings.blockSenders.edit(stringpatternID, BlockSenderEditParamsparams, RequestOptionsoptions?): BlockSenderEditResponse` **patch** `/accounts/{account_id}/email-security/settings/block_senders/{pattern_id}` Updates an existing blocked sender pattern. Only provided fields will be modified. The pattern will continue blocking emails until deleted. ### Parameters - `patternID: string` Blocked sender pattern identifier - `params: BlockSenderEditParams` - `account_id: string` Path param: Identifier. - `comments?: string | null` Body param - `is_regex?: boolean` Body param - `pattern?: string` Body param: The pattern value to match against. Format depends on `pattern_type`: - EMAIL: a valid email address, e.g. `user@example.com` - DOMAIN: a valid domain name, e.g. `example.com` - IP: a plain IPv4 address (e.g. `1.2.3.4`) or an IPv4 CIDR block (e.g. `1.2.3.0/24`). Only globally reachable addresses are accepted; private, loopback, link-local, and unspecified addresses are rejected. - `pattern_type?: "EMAIL" | "DOMAIN" | "IP" | "UNKNOWN"` Body param: Type of pattern matching. - EMAIL: matches a full email address (e.g. `user@example.com`) - DOMAIN: matches a domain name (e.g. `example.com`) - IP: matches a plain IPv4 address (e.g. `1.2.3.4`) or an IPv4 CIDR block (e.g. `1.2.3.0/24`). Only globally reachable addresses are accepted. - UNKNOWN: deprecated, cannot be used when creating or updating policies, but may be returned for existing entries. - `"EMAIL"` - `"DOMAIN"` - `"IP"` - `"UNKNOWN"` ### Returns - `BlockSenderEditResponse` A blocked sender pattern - `id?: string` Blocked sender pattern identifier - `comments?: string | null` - `created_at?: string` - `is_regex?: boolean` - `last_modified?: string` Deprecated, use `modified_at` instead. End of life: November 1, 2026. - `modified_at?: string` - `pattern?: string` The pattern value to match against. Format depends on `pattern_type`: - EMAIL: a valid email address, e.g. `user@example.com` - DOMAIN: a valid domain name, e.g. `example.com` - IP: a plain IPv4 address (e.g. `1.2.3.4`) or an IPv4 CIDR block (e.g. `1.2.3.0/24`). Only globally reachable addresses are accepted; private, loopback, link-local, and unspecified addresses are rejected. - `pattern_type?: "EMAIL" | "DOMAIN" | "IP" | "UNKNOWN"` Type of pattern matching. - EMAIL: matches a full email address (e.g. `user@example.com`) - DOMAIN: matches a domain name (e.g. `example.com`) - IP: matches a plain IPv4 address (e.g. `1.2.3.4`) or an IPv4 CIDR block (e.g. `1.2.3.0/24`). Only globally reachable addresses are accepted. - UNKNOWN: deprecated, cannot be used when creating or updating policies, but may be returned for existing entries. - `"EMAIL"` - `"DOMAIN"` - `"IP"` - `"UNKNOWN"` ### Example ```typescript import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted }); const response = await client.emailSecurity.settings.blockSenders.edit( 'f174e90a-fafe-4643-bbbc-4a0ed4fc8415', { account_id: '023e105f4ecef8ad9ca31a8372d0c353' }, ); console.log(response.id); ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": { "id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415", "comments": "Block sender with email test@example.com", "created_at": "2014-01-01T05:20:00.12345Z", "is_regex": false, "last_modified": "2014-01-01T05:20:00.12345Z", "modified_at": "2014-01-01T05:20:00.12345Z", "pattern": "test@example.com", "pattern_type": "EMAIL" } } ``` ## Delete a blocked email sender `client.emailSecurity.settings.blockSenders.delete(stringpatternID, BlockSenderDeleteParamsparams, RequestOptionsoptions?): BlockSenderDeleteResponse` **delete** `/accounts/{account_id}/email-security/settings/block_senders/{pattern_id}` Removes a blocked sender pattern. After deletion, emails from this sender will no longer be automatically blocked based on this rule. ### Parameters - `patternID: string` Blocked sender pattern identifier - `params: BlockSenderDeleteParams` - `account_id: string` Identifier. ### Returns - `BlockSenderDeleteResponse` - `id: string` Blocked sender pattern identifier ### Example ```typescript import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted }); const blockSender = await client.emailSecurity.settings.blockSenders.delete( 'f174e90a-fafe-4643-bbbc-4a0ed4fc8415', { account_id: '023e105f4ecef8ad9ca31a8372d0c353' }, ); console.log(blockSender.id); ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": { "id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415" } } ``` ## Domain Types ### Block Sender List Response - `BlockSenderListResponse` A blocked sender pattern - `id?: string` Blocked sender pattern identifier - `comments?: string | null` - `created_at?: string` - `is_regex?: boolean` - `last_modified?: string` Deprecated, use `modified_at` instead. End of life: November 1, 2026. - `modified_at?: string` - `pattern?: string` The pattern value to match against. Format depends on `pattern_type`: - EMAIL: a valid email address, e.g. `user@example.com` - DOMAIN: a valid domain name, e.g. `example.com` - IP: a plain IPv4 address (e.g. `1.2.3.4`) or an IPv4 CIDR block (e.g. `1.2.3.0/24`). Only globally reachable addresses are accepted; private, loopback, link-local, and unspecified addresses are rejected. - `pattern_type?: "EMAIL" | "DOMAIN" | "IP" | "UNKNOWN"` Type of pattern matching. - EMAIL: matches a full email address (e.g. `user@example.com`) - DOMAIN: matches a domain name (e.g. `example.com`) - IP: matches a plain IPv4 address (e.g. `1.2.3.4`) or an IPv4 CIDR block (e.g. `1.2.3.0/24`). Only globally reachable addresses are accepted. - UNKNOWN: deprecated, cannot be used when creating or updating policies, but may be returned for existing entries. - `"EMAIL"` - `"DOMAIN"` - `"IP"` - `"UNKNOWN"` ### Block Sender Get Response - `BlockSenderGetResponse` A blocked sender pattern - `id?: string` Blocked sender pattern identifier - `comments?: string | null` - `created_at?: string` - `is_regex?: boolean` - `last_modified?: string` Deprecated, use `modified_at` instead. End of life: November 1, 2026. - `modified_at?: string` - `pattern?: string` The pattern value to match against. Format depends on `pattern_type`: - EMAIL: a valid email address, e.g. `user@example.com` - DOMAIN: a valid domain name, e.g. `example.com` - IP: a plain IPv4 address (e.g. `1.2.3.4`) or an IPv4 CIDR block (e.g. `1.2.3.0/24`). Only globally reachable addresses are accepted; private, loopback, link-local, and unspecified addresses are rejected. - `pattern_type?: "EMAIL" | "DOMAIN" | "IP" | "UNKNOWN"` Type of pattern matching. - EMAIL: matches a full email address (e.g. `user@example.com`) - DOMAIN: matches a domain name (e.g. `example.com`) - IP: matches a plain IPv4 address (e.g. `1.2.3.4`) or an IPv4 CIDR block (e.g. `1.2.3.0/24`). Only globally reachable addresses are accepted. - UNKNOWN: deprecated, cannot be used when creating or updating policies, but may be returned for existing entries. - `"EMAIL"` - `"DOMAIN"` - `"IP"` - `"UNKNOWN"` ### Block Sender Create Response - `BlockSenderCreateResponse` A blocked sender pattern - `id?: string` Blocked sender pattern identifier - `comments?: string | null` - `created_at?: string` - `is_regex?: boolean` - `last_modified?: string` Deprecated, use `modified_at` instead. End of life: November 1, 2026. - `modified_at?: string` - `pattern?: string` The pattern value to match against. Format depends on `pattern_type`: - EMAIL: a valid email address, e.g. `user@example.com` - DOMAIN: a valid domain name, e.g. `example.com` - IP: a plain IPv4 address (e.g. `1.2.3.4`) or an IPv4 CIDR block (e.g. `1.2.3.0/24`). Only globally reachable addresses are accepted; private, loopback, link-local, and unspecified addresses are rejected. - `pattern_type?: "EMAIL" | "DOMAIN" | "IP" | "UNKNOWN"` Type of pattern matching. - EMAIL: matches a full email address (e.g. `user@example.com`) - DOMAIN: matches a domain name (e.g. `example.com`) - IP: matches a plain IPv4 address (e.g. `1.2.3.4`) or an IPv4 CIDR block (e.g. `1.2.3.0/24`). Only globally reachable addresses are accepted. - UNKNOWN: deprecated, cannot be used when creating or updating policies, but may be returned for existing entries. - `"EMAIL"` - `"DOMAIN"` - `"IP"` - `"UNKNOWN"` ### Block Sender Edit Response - `BlockSenderEditResponse` A blocked sender pattern - `id?: string` Blocked sender pattern identifier - `comments?: string | null` - `created_at?: string` - `is_regex?: boolean` - `last_modified?: string` Deprecated, use `modified_at` instead. End of life: November 1, 2026. - `modified_at?: string` - `pattern?: string` The pattern value to match against. Format depends on `pattern_type`: - EMAIL: a valid email address, e.g. `user@example.com` - DOMAIN: a valid domain name, e.g. `example.com` - IP: a plain IPv4 address (e.g. `1.2.3.4`) or an IPv4 CIDR block (e.g. `1.2.3.0/24`). Only globally reachable addresses are accepted; private, loopback, link-local, and unspecified addresses are rejected. - `pattern_type?: "EMAIL" | "DOMAIN" | "IP" | "UNKNOWN"` Type of pattern matching. - EMAIL: matches a full email address (e.g. `user@example.com`) - DOMAIN: matches a domain name (e.g. `example.com`) - IP: matches a plain IPv4 address (e.g. `1.2.3.4`) or an IPv4 CIDR block (e.g. `1.2.3.0/24`). Only globally reachable addresses are accepted. - UNKNOWN: deprecated, cannot be used when creating or updating policies, but may be returned for existing entries. - `"EMAIL"` - `"DOMAIN"` - `"IP"` - `"UNKNOWN"` ### Block Sender Delete Response - `BlockSenderDeleteResponse` - `id: string` Blocked sender pattern identifier # Domains ## List protected email domains `client.emailSecurity.settings.domains.list(DomainListParamsparams, RequestOptionsoptions?): V4PagePaginationArray` **get** `/accounts/{account_id}/email-security/settings/domains` Returns a paginated list of email domains protected by Email Security. Includes domain configuration, delivery modes, and authorization status. Supports filtering by delivery mode and integration ID. ### Parameters - `params: DomainListParams` - `account_id: string` Path param: Identifier. - `active_delivery_mode?: "DIRECT" | "BCC" | "JOURNAL" | 2 more` Query param: Currently active delivery mode to filter by. - `"DIRECT"` - `"BCC"` - `"JOURNAL"` - `"API"` - `"RETRO_SCAN"` - `allowed_delivery_mode?: "DIRECT" | "BCC" | "JOURNAL" | 2 more` Query param: Delivery mode to filter by. - `"DIRECT"` - `"BCC"` - `"JOURNAL"` - `"API"` - `"RETRO_SCAN"` - `direction?: "asc" | "desc"` Query param: The sorting direction. - `"asc"` - `"desc"` - `domain?: Array` Query param: Domain names to filter by. - `integration_id?: string` Query param: Integration ID to filter by. - `order?: "domain" | "created_at"` Query param: Field to sort by. - `"domain"` - `"created_at"` - `page?: number` Query param: Current page within paginated list of results. - `per_page?: number` Query param: The number of results per page. Maximum value is 1000. - `search?: string` Query param: Search term for filtering records. Behavior may change. - `status?: "pending" | "active" | "failed" | "timeout" | null` Query param: Filters response to domains with the provided status. - `"pending"` - `"active"` - `"failed"` - `"timeout"` ### Returns - `DomainListResponse` - `id?: string` Domain identifier - `allowed_delivery_modes?: Array<"DIRECT" | "BCC" | "JOURNAL" | 2 more>` - `"DIRECT"` - `"BCC"` - `"JOURNAL"` - `"API"` - `"RETRO_SCAN"` - `authorization?: Authorization` - `authorized: boolean` - `timestamp: string` - `status_message?: string | null` - `created_at?: string` - `dmarc_status?: "none" | "good" | "invalid" | null` - `"none"` - `"good"` - `"invalid"` - `domain?: string` - `drop_dispositions?: Array<"MALICIOUS" | "MALICIOUS-BEC" | "SUSPICIOUS" | 7 more>` - `"MALICIOUS"` - `"MALICIOUS-BEC"` - `"SUSPICIOUS"` - `"SPOOF"` - `"SPAM"` - `"BULK"` - `"ENCRYPTED"` - `"EXTERNAL"` - `"UNKNOWN"` - `"NONE"` - `emails_processed?: EmailsProcessed` - `timestamp: string` - `total_emails_processed: number` - `total_emails_processed_previous: number` - `folder?: "AllItems" | "Inbox" | null` - `"AllItems"` - `"Inbox"` - `inbox_provider?: "Microsoft" | "Google" | null` - `"Microsoft"` - `"Google"` - `integration_id?: string | null` - `ip_restrictions?: Array` - `last_modified?: string` Deprecated, use `modified_at` instead. End of life: November 1, 2026. - `lookback_hops?: number` - `modified_at?: string` - `o365_tenant_id?: string | null` - `regions?: Array<"GLOBAL" | "AU" | "DE" | 2 more>` - `"GLOBAL"` - `"AU"` - `"DE"` - `"IN"` - `"US"` - `require_tls_inbound?: boolean | null` - `require_tls_outbound?: boolean | null` - `spf_status?: "none" | "good" | "neutral" | 2 more | null` - `"none"` - `"good"` - `"neutral"` - `"open"` - `"invalid"` - `status?: "pending" | "active" | "failed" | "timeout" | null` - `"pending"` - `"active"` - `"failed"` - `"timeout"` - `transport?: string` ### Example ```typescript import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted }); // Automatically fetches more pages as needed. for await (const domainListResponse of client.emailSecurity.settings.domains.list({ account_id: '023e105f4ecef8ad9ca31a8372d0c353', })) { console.log(domainListResponse.id); } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": [ { "id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415", "allowed_delivery_modes": [ "DIRECT" ], "authorization": { "authorized": true, "timestamp": "2019-12-27T18:11:19.117Z", "status_message": "status_message" }, "created_at": "2014-01-01T05:20:00.12345Z", "dmarc_status": "none", "domain": "example.com", "drop_dispositions": [ "MALICIOUS" ], "emails_processed": { "timestamp": "2019-12-27T18:11:19.117Z", "total_emails_processed": 0, "total_emails_processed_previous": 0 }, "folder": "AllItems", "inbox_provider": "Microsoft", "integration_id": "182bd5e5-6e1a-4fe4-a799-aa6d9a6ab26e", "ip_restrictions": [ "192.0.2.0/24", "2001:db8::/32" ], "last_modified": "2014-01-01T05:20:00.12345Z", "lookback_hops": 0, "modified_at": "2014-01-01T05:20:00.12345Z", "o365_tenant_id": "o365_tenant_id", "regions": [ "GLOBAL" ], "require_tls_inbound": true, "require_tls_outbound": true, "spf_status": "none", "status": "pending", "transport": "transport" } ], "result_info": { "count": 1, "page": 1, "per_page": 20, "total_count": 2000 } } ``` ## Get an email domain `client.emailSecurity.settings.domains.get(stringdomainID, DomainGetParamsparams, RequestOptionsoptions?): DomainGetResponse` **get** `/accounts/{account_id}/email-security/settings/domains/{domain_id}` Retrieves detailed information for a specific protected email domain including its delivery configuration, SPF/DMARC status, and authorization state. ### Parameters - `domainID: string` Domain identifier - `params: DomainGetParams` - `account_id: string` Identifier. ### Returns - `DomainGetResponse` - `id?: string` Domain identifier - `allowed_delivery_modes?: Array<"DIRECT" | "BCC" | "JOURNAL" | 2 more>` - `"DIRECT"` - `"BCC"` - `"JOURNAL"` - `"API"` - `"RETRO_SCAN"` - `authorization?: Authorization` - `authorized: boolean` - `timestamp: string` - `status_message?: string | null` - `created_at?: string` - `dmarc_status?: "none" | "good" | "invalid" | null` - `"none"` - `"good"` - `"invalid"` - `domain?: string` - `drop_dispositions?: Array<"MALICIOUS" | "MALICIOUS-BEC" | "SUSPICIOUS" | 7 more>` - `"MALICIOUS"` - `"MALICIOUS-BEC"` - `"SUSPICIOUS"` - `"SPOOF"` - `"SPAM"` - `"BULK"` - `"ENCRYPTED"` - `"EXTERNAL"` - `"UNKNOWN"` - `"NONE"` - `emails_processed?: EmailsProcessed` - `timestamp: string` - `total_emails_processed: number` - `total_emails_processed_previous: number` - `folder?: "AllItems" | "Inbox" | null` - `"AllItems"` - `"Inbox"` - `inbox_provider?: "Microsoft" | "Google" | null` - `"Microsoft"` - `"Google"` - `integration_id?: string | null` - `ip_restrictions?: Array` - `last_modified?: string` Deprecated, use `modified_at` instead. End of life: November 1, 2026. - `lookback_hops?: number` - `modified_at?: string` - `o365_tenant_id?: string | null` - `regions?: Array<"GLOBAL" | "AU" | "DE" | 2 more>` - `"GLOBAL"` - `"AU"` - `"DE"` - `"IN"` - `"US"` - `require_tls_inbound?: boolean | null` - `require_tls_outbound?: boolean | null` - `spf_status?: "none" | "good" | "neutral" | 2 more | null` - `"none"` - `"good"` - `"neutral"` - `"open"` - `"invalid"` - `status?: "pending" | "active" | "failed" | "timeout" | null` - `"pending"` - `"active"` - `"failed"` - `"timeout"` - `transport?: string` ### Example ```typescript import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted }); const domain = await client.emailSecurity.settings.domains.get( 'f174e90a-fafe-4643-bbbc-4a0ed4fc8415', { account_id: '023e105f4ecef8ad9ca31a8372d0c353' }, ); console.log(domain.id); ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": { "id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415", "allowed_delivery_modes": [ "DIRECT" ], "authorization": { "authorized": true, "timestamp": "2019-12-27T18:11:19.117Z", "status_message": "status_message" }, "created_at": "2014-01-01T05:20:00.12345Z", "dmarc_status": "none", "domain": "example.com", "drop_dispositions": [ "MALICIOUS" ], "emails_processed": { "timestamp": "2019-12-27T18:11:19.117Z", "total_emails_processed": 0, "total_emails_processed_previous": 0 }, "folder": "AllItems", "inbox_provider": "Microsoft", "integration_id": "182bd5e5-6e1a-4fe4-a799-aa6d9a6ab26e", "ip_restrictions": [ "192.0.2.0/24", "2001:db8::/32" ], "last_modified": "2014-01-01T05:20:00.12345Z", "lookback_hops": 0, "modified_at": "2014-01-01T05:20:00.12345Z", "o365_tenant_id": "o365_tenant_id", "regions": [ "GLOBAL" ], "require_tls_inbound": true, "require_tls_outbound": true, "spf_status": "none", "status": "pending", "transport": "transport" } } ``` ## Update an email domain `client.emailSecurity.settings.domains.edit(stringdomainID, DomainEditParamsparams, RequestOptionsoptions?): DomainEditResponse` **patch** `/accounts/{account_id}/email-security/settings/domains/{domain_id}` Updates configuration for a protected email domain. Only provided fields will be modified. Changes affect delivery mode, security settings, and regional processing. ### Parameters - `domainID: string` Domain identifier - `params: DomainEditParams` - `account_id: string` Path param: Identifier. - `allowed_delivery_modes?: Array<"DIRECT" | "BCC" | "JOURNAL" | 2 more>` Body param - `"DIRECT"` - `"BCC"` - `"JOURNAL"` - `"API"` - `"RETRO_SCAN"` - `domain?: string` Body param - `drop_dispositions?: Array<"MALICIOUS" | "MALICIOUS-BEC" | "SUSPICIOUS" | 7 more>` Body param - `"MALICIOUS"` - `"MALICIOUS-BEC"` - `"SUSPICIOUS"` - `"SPOOF"` - `"SPAM"` - `"BULK"` - `"ENCRYPTED"` - `"EXTERNAL"` - `"UNKNOWN"` - `"NONE"` - `folder?: "AllItems" | "Inbox" | null` Body param - `"AllItems"` - `"Inbox"` - `integration_id?: string | null` Body param - `ip_restrictions?: Array` Body param - `lookback_hops?: number` Body param - `regions?: Array<"GLOBAL" | "AU" | "DE" | 2 more>` Body param - `"GLOBAL"` - `"AU"` - `"DE"` - `"IN"` - `"US"` - `require_tls_inbound?: boolean` Body param - `require_tls_outbound?: boolean` Body param - `transport?: string` Body param ### Returns - `DomainEditResponse` - `id?: string` Domain identifier - `allowed_delivery_modes?: Array<"DIRECT" | "BCC" | "JOURNAL" | 2 more>` - `"DIRECT"` - `"BCC"` - `"JOURNAL"` - `"API"` - `"RETRO_SCAN"` - `authorization?: Authorization` - `authorized: boolean` - `timestamp: string` - `status_message?: string | null` - `created_at?: string` - `dmarc_status?: "none" | "good" | "invalid" | null` - `"none"` - `"good"` - `"invalid"` - `domain?: string` - `drop_dispositions?: Array<"MALICIOUS" | "MALICIOUS-BEC" | "SUSPICIOUS" | 7 more>` - `"MALICIOUS"` - `"MALICIOUS-BEC"` - `"SUSPICIOUS"` - `"SPOOF"` - `"SPAM"` - `"BULK"` - `"ENCRYPTED"` - `"EXTERNAL"` - `"UNKNOWN"` - `"NONE"` - `emails_processed?: EmailsProcessed` - `timestamp: string` - `total_emails_processed: number` - `total_emails_processed_previous: number` - `folder?: "AllItems" | "Inbox" | null` - `"AllItems"` - `"Inbox"` - `inbox_provider?: "Microsoft" | "Google" | null` - `"Microsoft"` - `"Google"` - `integration_id?: string | null` - `ip_restrictions?: Array` - `last_modified?: string` Deprecated, use `modified_at` instead. End of life: November 1, 2026. - `lookback_hops?: number` - `modified_at?: string` - `o365_tenant_id?: string | null` - `regions?: Array<"GLOBAL" | "AU" | "DE" | 2 more>` - `"GLOBAL"` - `"AU"` - `"DE"` - `"IN"` - `"US"` - `require_tls_inbound?: boolean | null` - `require_tls_outbound?: boolean | null` - `spf_status?: "none" | "good" | "neutral" | 2 more | null` - `"none"` - `"good"` - `"neutral"` - `"open"` - `"invalid"` - `status?: "pending" | "active" | "failed" | "timeout" | null` - `"pending"` - `"active"` - `"failed"` - `"timeout"` - `transport?: string` ### Example ```typescript import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted }); const response = await client.emailSecurity.settings.domains.edit( 'f174e90a-fafe-4643-bbbc-4a0ed4fc8415', { account_id: '023e105f4ecef8ad9ca31a8372d0c353' }, ); console.log(response.id); ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": { "id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415", "allowed_delivery_modes": [ "DIRECT" ], "authorization": { "authorized": true, "timestamp": "2019-12-27T18:11:19.117Z", "status_message": "status_message" }, "created_at": "2014-01-01T05:20:00.12345Z", "dmarc_status": "none", "domain": "example.com", "drop_dispositions": [ "MALICIOUS" ], "emails_processed": { "timestamp": "2019-12-27T18:11:19.117Z", "total_emails_processed": 0, "total_emails_processed_previous": 0 }, "folder": "AllItems", "inbox_provider": "Microsoft", "integration_id": "182bd5e5-6e1a-4fe4-a799-aa6d9a6ab26e", "ip_restrictions": [ "192.0.2.0/24", "2001:db8::/32" ], "last_modified": "2014-01-01T05:20:00.12345Z", "lookback_hops": 0, "modified_at": "2014-01-01T05:20:00.12345Z", "o365_tenant_id": "o365_tenant_id", "regions": [ "GLOBAL" ], "require_tls_inbound": true, "require_tls_outbound": true, "spf_status": "none", "status": "pending", "transport": "transport" } } ``` ## Unprotect an email domain `client.emailSecurity.settings.domains.delete(stringdomainID, DomainDeleteParamsparams, RequestOptionsoptions?): DomainDeleteResponse` **delete** `/accounts/{account_id}/email-security/settings/domains/{domain_id}` Removes email security protection from a domain. After deletion, emails for this domain will no longer be processed by Email Security. This action cannot be undone. ### Parameters - `domainID: string` Domain identifier - `params: DomainDeleteParams` - `account_id: string` Identifier. ### Returns - `DomainDeleteResponse` - `id: string` Domain identifier ### Example ```typescript import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted }); const domain = await client.emailSecurity.settings.domains.delete( 'f174e90a-fafe-4643-bbbc-4a0ed4fc8415', { account_id: '023e105f4ecef8ad9ca31a8372d0c353' }, ); console.log(domain.id); ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": { "id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415" } } ``` ## Unprotect multiple email domains `client.emailSecurity.settings.domains.bulkDelete(DomainBulkDeleteParamsparams, RequestOptionsoptions?): SinglePage` **delete** `/accounts/{account_id}/email-security/settings/domains` Deprecated. Use the batch endpoint instead. ### Parameters - `params: DomainBulkDeleteParams` - `account_id: string` Identifier. ### Returns - `DomainBulkDeleteResponse` - `id: string` Domain identifier ### Example ```typescript import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted }); // Automatically fetches more pages as needed. for await (const domainBulkDeleteResponse of client.emailSecurity.settings.domains.bulkDelete({ account_id: '023e105f4ecef8ad9ca31a8372d0c353', })) { console.log(domainBulkDeleteResponse.id); } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": [ { "id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415" } ] } ``` ## Domain Types ### Domain List Response - `DomainListResponse` - `id?: string` Domain identifier - `allowed_delivery_modes?: Array<"DIRECT" | "BCC" | "JOURNAL" | 2 more>` - `"DIRECT"` - `"BCC"` - `"JOURNAL"` - `"API"` - `"RETRO_SCAN"` - `authorization?: Authorization` - `authorized: boolean` - `timestamp: string` - `status_message?: string | null` - `created_at?: string` - `dmarc_status?: "none" | "good" | "invalid" | null` - `"none"` - `"good"` - `"invalid"` - `domain?: string` - `drop_dispositions?: Array<"MALICIOUS" | "MALICIOUS-BEC" | "SUSPICIOUS" | 7 more>` - `"MALICIOUS"` - `"MALICIOUS-BEC"` - `"SUSPICIOUS"` - `"SPOOF"` - `"SPAM"` - `"BULK"` - `"ENCRYPTED"` - `"EXTERNAL"` - `"UNKNOWN"` - `"NONE"` - `emails_processed?: EmailsProcessed` - `timestamp: string` - `total_emails_processed: number` - `total_emails_processed_previous: number` - `folder?: "AllItems" | "Inbox" | null` - `"AllItems"` - `"Inbox"` - `inbox_provider?: "Microsoft" | "Google" | null` - `"Microsoft"` - `"Google"` - `integration_id?: string | null` - `ip_restrictions?: Array` - `last_modified?: string` Deprecated, use `modified_at` instead. End of life: November 1, 2026. - `lookback_hops?: number` - `modified_at?: string` - `o365_tenant_id?: string | null` - `regions?: Array<"GLOBAL" | "AU" | "DE" | 2 more>` - `"GLOBAL"` - `"AU"` - `"DE"` - `"IN"` - `"US"` - `require_tls_inbound?: boolean | null` - `require_tls_outbound?: boolean | null` - `spf_status?: "none" | "good" | "neutral" | 2 more | null` - `"none"` - `"good"` - `"neutral"` - `"open"` - `"invalid"` - `status?: "pending" | "active" | "failed" | "timeout" | null` - `"pending"` - `"active"` - `"failed"` - `"timeout"` - `transport?: string` ### Domain Get Response - `DomainGetResponse` - `id?: string` Domain identifier - `allowed_delivery_modes?: Array<"DIRECT" | "BCC" | "JOURNAL" | 2 more>` - `"DIRECT"` - `"BCC"` - `"JOURNAL"` - `"API"` - `"RETRO_SCAN"` - `authorization?: Authorization` - `authorized: boolean` - `timestamp: string` - `status_message?: string | null` - `created_at?: string` - `dmarc_status?: "none" | "good" | "invalid" | null` - `"none"` - `"good"` - `"invalid"` - `domain?: string` - `drop_dispositions?: Array<"MALICIOUS" | "MALICIOUS-BEC" | "SUSPICIOUS" | 7 more>` - `"MALICIOUS"` - `"MALICIOUS-BEC"` - `"SUSPICIOUS"` - `"SPOOF"` - `"SPAM"` - `"BULK"` - `"ENCRYPTED"` - `"EXTERNAL"` - `"UNKNOWN"` - `"NONE"` - `emails_processed?: EmailsProcessed` - `timestamp: string` - `total_emails_processed: number` - `total_emails_processed_previous: number` - `folder?: "AllItems" | "Inbox" | null` - `"AllItems"` - `"Inbox"` - `inbox_provider?: "Microsoft" | "Google" | null` - `"Microsoft"` - `"Google"` - `integration_id?: string | null` - `ip_restrictions?: Array` - `last_modified?: string` Deprecated, use `modified_at` instead. End of life: November 1, 2026. - `lookback_hops?: number` - `modified_at?: string` - `o365_tenant_id?: string | null` - `regions?: Array<"GLOBAL" | "AU" | "DE" | 2 more>` - `"GLOBAL"` - `"AU"` - `"DE"` - `"IN"` - `"US"` - `require_tls_inbound?: boolean | null` - `require_tls_outbound?: boolean | null` - `spf_status?: "none" | "good" | "neutral" | 2 more | null` - `"none"` - `"good"` - `"neutral"` - `"open"` - `"invalid"` - `status?: "pending" | "active" | "failed" | "timeout" | null` - `"pending"` - `"active"` - `"failed"` - `"timeout"` - `transport?: string` ### Domain Edit Response - `DomainEditResponse` - `id?: string` Domain identifier - `allowed_delivery_modes?: Array<"DIRECT" | "BCC" | "JOURNAL" | 2 more>` - `"DIRECT"` - `"BCC"` - `"JOURNAL"` - `"API"` - `"RETRO_SCAN"` - `authorization?: Authorization` - `authorized: boolean` - `timestamp: string` - `status_message?: string | null` - `created_at?: string` - `dmarc_status?: "none" | "good" | "invalid" | null` - `"none"` - `"good"` - `"invalid"` - `domain?: string` - `drop_dispositions?: Array<"MALICIOUS" | "MALICIOUS-BEC" | "SUSPICIOUS" | 7 more>` - `"MALICIOUS"` - `"MALICIOUS-BEC"` - `"SUSPICIOUS"` - `"SPOOF"` - `"SPAM"` - `"BULK"` - `"ENCRYPTED"` - `"EXTERNAL"` - `"UNKNOWN"` - `"NONE"` - `emails_processed?: EmailsProcessed` - `timestamp: string` - `total_emails_processed: number` - `total_emails_processed_previous: number` - `folder?: "AllItems" | "Inbox" | null` - `"AllItems"` - `"Inbox"` - `inbox_provider?: "Microsoft" | "Google" | null` - `"Microsoft"` - `"Google"` - `integration_id?: string | null` - `ip_restrictions?: Array` - `last_modified?: string` Deprecated, use `modified_at` instead. End of life: November 1, 2026. - `lookback_hops?: number` - `modified_at?: string` - `o365_tenant_id?: string | null` - `regions?: Array<"GLOBAL" | "AU" | "DE" | 2 more>` - `"GLOBAL"` - `"AU"` - `"DE"` - `"IN"` - `"US"` - `require_tls_inbound?: boolean | null` - `require_tls_outbound?: boolean | null` - `spf_status?: "none" | "good" | "neutral" | 2 more | null` - `"none"` - `"good"` - `"neutral"` - `"open"` - `"invalid"` - `status?: "pending" | "active" | "failed" | "timeout" | null` - `"pending"` - `"active"` - `"failed"` - `"timeout"` - `transport?: string` ### Domain Delete Response - `DomainDeleteResponse` - `id: string` Domain identifier ### Domain Bulk Delete Response - `DomainBulkDeleteResponse` - `id: string` Domain identifier # Impersonation Registry ## List entries in impersonation registry `client.emailSecurity.settings.impersonationRegistry.list(ImpersonationRegistryListParamsparams, RequestOptionsoptions?): V4PagePaginationArray` **get** `/accounts/{account_id}/email-security/settings/impersonation_registry` Returns a paginated list of protected identities in the impersonation registry. These entries define identities and email addresses to protect from impersonation attacks. Can be manually added or automatically synced from directory integrations. ### Parameters - `params: ImpersonationRegistryListParams` - `account_id: string` Path param: Identifier. - `direction?: "asc" | "desc"` Query param: The sorting direction. - `"asc"` - `"desc"` - `order?: "name" | "email" | "created_at"` Query param: Field to sort by. - `"name"` - `"email"` - `"created_at"` - `page?: number` Query param: Current page within paginated list of results. - `per_page?: number` Query param: The number of results per page. Maximum value is 1000. - `provenance?: "A1S_INTERNAL" | "SNOOPY-CASB_OFFICE_365" | "SNOOPY-OFFICE_365" | "SNOOPY-GOOGLE_DIRECTORY"` Query param - `"A1S_INTERNAL"` - `"SNOOPY-CASB_OFFICE_365"` - `"SNOOPY-OFFICE_365"` - `"SNOOPY-GOOGLE_DIRECTORY"` - `search?: string` Query param: Search term for filtering records. Behavior may change. ### Returns - `ImpersonationRegistryListResponse` An impersonation registry entry - `id?: string` Impersonation registry entry identifier - `comments?: string | null` - `created_at?: string` - `directory_id?: number | null` - `directory_node_id?: number | null` - `email?: string` - `external_directory_node_id?: string | null` - `is_email_regex?: boolean` - `last_modified?: string` Deprecated, use `modified_at` instead. End of life: November 1, 2026. - `modified_at?: string` - `name?: string` - `provenance?: "A1S_INTERNAL" | "SNOOPY-CASB_OFFICE_365" | "SNOOPY-OFFICE_365" | "SNOOPY-GOOGLE_DIRECTORY"` - `"A1S_INTERNAL"` - `"SNOOPY-CASB_OFFICE_365"` - `"SNOOPY-OFFICE_365"` - `"SNOOPY-GOOGLE_DIRECTORY"` ### Example ```typescript import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted }); // Automatically fetches more pages as needed. for await (const impersonationRegistryListResponse of client.emailSecurity.settings.impersonationRegistry.list( { account_id: '023e105f4ecef8ad9ca31a8372d0c353' }, )) { console.log(impersonationRegistryListResponse.id); } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": [ { "id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415", "comments": "comments", "created_at": "2014-01-01T05:20:00.12345Z", "directory_id": 0, "directory_node_id": 0, "email": "john.doe@example.com", "external_directory_node_id": "external_directory_node_id", "is_email_regex": false, "last_modified": "2014-01-01T05:20:00.12345Z", "modified_at": "2014-01-01T05:20:00.12345Z", "name": "John Doe", "provenance": "A1S_INTERNAL" } ], "result_info": { "count": 1, "page": 1, "per_page": 20, "total_count": 2000 } } ``` ## Get an impersonation registry entry `client.emailSecurity.settings.impersonationRegistry.get(stringimpersonationRegistryID, ImpersonationRegistryGetParamsparams, RequestOptionsoptions?): ImpersonationRegistryGetResponse` **get** `/accounts/{account_id}/email-security/settings/impersonation_registry/{impersonation_registry_id}` Retrieves details for a specific impersonation registry entry including the protected identity, email pattern, and synchronization source if directory-synced. ### Parameters - `impersonationRegistryID: string` Impersonation registry entry identifier - `params: ImpersonationRegistryGetParams` - `account_id: string` Identifier. ### Returns - `ImpersonationRegistryGetResponse` An impersonation registry entry - `id?: string` Impersonation registry entry identifier - `comments?: string | null` - `created_at?: string` - `directory_id?: number | null` - `directory_node_id?: number | null` - `email?: string` - `external_directory_node_id?: string | null` - `is_email_regex?: boolean` - `last_modified?: string` Deprecated, use `modified_at` instead. End of life: November 1, 2026. - `modified_at?: string` - `name?: string` - `provenance?: "A1S_INTERNAL" | "SNOOPY-CASB_OFFICE_365" | "SNOOPY-OFFICE_365" | "SNOOPY-GOOGLE_DIRECTORY"` - `"A1S_INTERNAL"` - `"SNOOPY-CASB_OFFICE_365"` - `"SNOOPY-OFFICE_365"` - `"SNOOPY-GOOGLE_DIRECTORY"` ### Example ```typescript import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted }); const impersonationRegistry = await client.emailSecurity.settings.impersonationRegistry.get( 'f174e90a-fafe-4643-bbbc-4a0ed4fc8415', { account_id: '023e105f4ecef8ad9ca31a8372d0c353' }, ); console.log(impersonationRegistry.id); ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": { "id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415", "comments": "comments", "created_at": "2014-01-01T05:20:00.12345Z", "directory_id": 0, "directory_node_id": 0, "email": "john.doe@example.com", "external_directory_node_id": "external_directory_node_id", "is_email_regex": false, "last_modified": "2014-01-01T05:20:00.12345Z", "modified_at": "2014-01-01T05:20:00.12345Z", "name": "John Doe", "provenance": "A1S_INTERNAL" } } ``` ## Create impersonation registry entry `client.emailSecurity.settings.impersonationRegistry.create(ImpersonationRegistryCreateParamsparams, RequestOptionsoptions?): ImpersonationRegistryCreateResponse` **post** `/accounts/{account_id}/email-security/settings/impersonation_registry` Creates a new entry in the impersonation registry to protect against impersonation. Emails attempting to impersonate this identity will be flagged. Supports regex patterns for flexible email matching. ### Parameters - `params: ImpersonationRegistryCreateParams` - `account_id: string` Path param: Identifier. - `email: string` Body param - `is_email_regex: boolean` Body param - `name: string` Body param - `comments?: string | null` Body param - `directory_id?: number | null` Body param - `directory_node_id?: number | null` Body param - `external_directory_node_id?: string | null` Body param - `provenance?: "A1S_INTERNAL" | "SNOOPY-CASB_OFFICE_365" | "SNOOPY-OFFICE_365" | "SNOOPY-GOOGLE_DIRECTORY"` Body param - `"A1S_INTERNAL"` - `"SNOOPY-CASB_OFFICE_365"` - `"SNOOPY-OFFICE_365"` - `"SNOOPY-GOOGLE_DIRECTORY"` ### Returns - `ImpersonationRegistryCreateResponse` An impersonation registry entry - `id?: string` Impersonation registry entry identifier - `comments?: string | null` - `created_at?: string` - `directory_id?: number | null` - `directory_node_id?: number | null` - `email?: string` - `external_directory_node_id?: string | null` - `is_email_regex?: boolean` - `last_modified?: string` Deprecated, use `modified_at` instead. End of life: November 1, 2026. - `modified_at?: string` - `name?: string` - `provenance?: "A1S_INTERNAL" | "SNOOPY-CASB_OFFICE_365" | "SNOOPY-OFFICE_365" | "SNOOPY-GOOGLE_DIRECTORY"` - `"A1S_INTERNAL"` - `"SNOOPY-CASB_OFFICE_365"` - `"SNOOPY-OFFICE_365"` - `"SNOOPY-GOOGLE_DIRECTORY"` ### Example ```typescript import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted }); const impersonationRegistry = await client.emailSecurity.settings.impersonationRegistry.create({ account_id: '023e105f4ecef8ad9ca31a8372d0c353', email: 'john.doe@example.com', is_email_regex: false, name: 'John Doe', }); console.log(impersonationRegistry.id); ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": { "id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415", "comments": "comments", "created_at": "2014-01-01T05:20:00.12345Z", "directory_id": 0, "directory_node_id": 0, "email": "john.doe@example.com", "external_directory_node_id": "external_directory_node_id", "is_email_regex": false, "last_modified": "2014-01-01T05:20:00.12345Z", "modified_at": "2014-01-01T05:20:00.12345Z", "name": "John Doe", "provenance": "A1S_INTERNAL" } } ``` ## Update an impersonation registry entry `client.emailSecurity.settings.impersonationRegistry.edit(stringimpersonationRegistryID, ImpersonationRegistryEditParamsparams, RequestOptionsoptions?): ImpersonationRegistryEditResponse` **patch** `/accounts/{account_id}/email-security/settings/impersonation_registry/{impersonation_registry_id}` Updates an existing impersonation registry entry. Only provided fields will be modified. Directory-synced entries can't be updated. ### Parameters - `impersonationRegistryID: string` Impersonation registry entry identifier - `params: ImpersonationRegistryEditParams` - `account_id: string` Path param: Identifier. - `comments?: string | null` Body param - `directory_id?: number | null` Body param - `directory_node_id?: number | null` Body param - `email?: string` Body param - `external_directory_node_id?: string | null` Body param - `is_email_regex?: boolean` Body param - `name?: string` Body param - `provenance?: "A1S_INTERNAL" | "SNOOPY-CASB_OFFICE_365" | "SNOOPY-OFFICE_365" | "SNOOPY-GOOGLE_DIRECTORY"` Body param - `"A1S_INTERNAL"` - `"SNOOPY-CASB_OFFICE_365"` - `"SNOOPY-OFFICE_365"` - `"SNOOPY-GOOGLE_DIRECTORY"` ### Returns - `ImpersonationRegistryEditResponse` An impersonation registry entry - `id?: string` Impersonation registry entry identifier - `comments?: string | null` - `created_at?: string` - `directory_id?: number | null` - `directory_node_id?: number | null` - `email?: string` - `external_directory_node_id?: string | null` - `is_email_regex?: boolean` - `last_modified?: string` Deprecated, use `modified_at` instead. End of life: November 1, 2026. - `modified_at?: string` - `name?: string` - `provenance?: "A1S_INTERNAL" | "SNOOPY-CASB_OFFICE_365" | "SNOOPY-OFFICE_365" | "SNOOPY-GOOGLE_DIRECTORY"` - `"A1S_INTERNAL"` - `"SNOOPY-CASB_OFFICE_365"` - `"SNOOPY-OFFICE_365"` - `"SNOOPY-GOOGLE_DIRECTORY"` ### Example ```typescript import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted }); const response = await client.emailSecurity.settings.impersonationRegistry.edit( 'f174e90a-fafe-4643-bbbc-4a0ed4fc8415', { account_id: '023e105f4ecef8ad9ca31a8372d0c353' }, ); console.log(response.id); ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": { "id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415", "comments": "comments", "created_at": "2014-01-01T05:20:00.12345Z", "directory_id": 0, "directory_node_id": 0, "email": "john.doe@example.com", "external_directory_node_id": "external_directory_node_id", "is_email_regex": false, "last_modified": "2014-01-01T05:20:00.12345Z", "modified_at": "2014-01-01T05:20:00.12345Z", "name": "John Doe", "provenance": "A1S_INTERNAL" } } ``` ## Delete an impersonation registry entry `client.emailSecurity.settings.impersonationRegistry.delete(stringimpersonationRegistryID, ImpersonationRegistryDeleteParamsparams, RequestOptionsoptions?): ImpersonationRegistryDeleteResponse` **delete** `/accounts/{account_id}/email-security/settings/impersonation_registry/{impersonation_registry_id}` Removes an entry from the impersonation registry. After deletion, this identity will no longer be protected from impersonation. ### Parameters - `impersonationRegistryID: string` Impersonation registry entry identifier - `params: ImpersonationRegistryDeleteParams` - `account_id: string` Identifier. ### Returns - `ImpersonationRegistryDeleteResponse` - `id: string` Impersonation registry entry identifier ### Example ```typescript import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted }); const impersonationRegistry = await client.emailSecurity.settings.impersonationRegistry.delete( 'f174e90a-fafe-4643-bbbc-4a0ed4fc8415', { account_id: '023e105f4ecef8ad9ca31a8372d0c353' }, ); console.log(impersonationRegistry.id); ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": { "id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415" } } ``` ## Domain Types ### Impersonation Registry List Response - `ImpersonationRegistryListResponse` An impersonation registry entry - `id?: string` Impersonation registry entry identifier - `comments?: string | null` - `created_at?: string` - `directory_id?: number | null` - `directory_node_id?: number | null` - `email?: string` - `external_directory_node_id?: string | null` - `is_email_regex?: boolean` - `last_modified?: string` Deprecated, use `modified_at` instead. End of life: November 1, 2026. - `modified_at?: string` - `name?: string` - `provenance?: "A1S_INTERNAL" | "SNOOPY-CASB_OFFICE_365" | "SNOOPY-OFFICE_365" | "SNOOPY-GOOGLE_DIRECTORY"` - `"A1S_INTERNAL"` - `"SNOOPY-CASB_OFFICE_365"` - `"SNOOPY-OFFICE_365"` - `"SNOOPY-GOOGLE_DIRECTORY"` ### Impersonation Registry Get Response - `ImpersonationRegistryGetResponse` An impersonation registry entry - `id?: string` Impersonation registry entry identifier - `comments?: string | null` - `created_at?: string` - `directory_id?: number | null` - `directory_node_id?: number | null` - `email?: string` - `external_directory_node_id?: string | null` - `is_email_regex?: boolean` - `last_modified?: string` Deprecated, use `modified_at` instead. End of life: November 1, 2026. - `modified_at?: string` - `name?: string` - `provenance?: "A1S_INTERNAL" | "SNOOPY-CASB_OFFICE_365" | "SNOOPY-OFFICE_365" | "SNOOPY-GOOGLE_DIRECTORY"` - `"A1S_INTERNAL"` - `"SNOOPY-CASB_OFFICE_365"` - `"SNOOPY-OFFICE_365"` - `"SNOOPY-GOOGLE_DIRECTORY"` ### Impersonation Registry Create Response - `ImpersonationRegistryCreateResponse` An impersonation registry entry - `id?: string` Impersonation registry entry identifier - `comments?: string | null` - `created_at?: string` - `directory_id?: number | null` - `directory_node_id?: number | null` - `email?: string` - `external_directory_node_id?: string | null` - `is_email_regex?: boolean` - `last_modified?: string` Deprecated, use `modified_at` instead. End of life: November 1, 2026. - `modified_at?: string` - `name?: string` - `provenance?: "A1S_INTERNAL" | "SNOOPY-CASB_OFFICE_365" | "SNOOPY-OFFICE_365" | "SNOOPY-GOOGLE_DIRECTORY"` - `"A1S_INTERNAL"` - `"SNOOPY-CASB_OFFICE_365"` - `"SNOOPY-OFFICE_365"` - `"SNOOPY-GOOGLE_DIRECTORY"` ### Impersonation Registry Edit Response - `ImpersonationRegistryEditResponse` An impersonation registry entry - `id?: string` Impersonation registry entry identifier - `comments?: string | null` - `created_at?: string` - `directory_id?: number | null` - `directory_node_id?: number | null` - `email?: string` - `external_directory_node_id?: string | null` - `is_email_regex?: boolean` - `last_modified?: string` Deprecated, use `modified_at` instead. End of life: November 1, 2026. - `modified_at?: string` - `name?: string` - `provenance?: "A1S_INTERNAL" | "SNOOPY-CASB_OFFICE_365" | "SNOOPY-OFFICE_365" | "SNOOPY-GOOGLE_DIRECTORY"` - `"A1S_INTERNAL"` - `"SNOOPY-CASB_OFFICE_365"` - `"SNOOPY-OFFICE_365"` - `"SNOOPY-GOOGLE_DIRECTORY"` ### Impersonation Registry Delete Response - `ImpersonationRegistryDeleteResponse` - `id: string` Impersonation registry entry identifier # Sending Domain Restrictions ## List sending domain restrictions `client.emailSecurity.settings.sendingDomainRestrictions.list(SendingDomainRestrictionListParamsparams, RequestOptionsoptions?): V4PagePaginationArray` **get** `/accounts/{account_id}/email-security/settings/sending_domain_restrictions` Returns a paginated list of sending domain restrictions. These restrictions enforce TLS requirements for emails from specific domains. Mail without TLS from restricted domains will be dropped unless the subdomain is in the exclude list. Supports sorting and searching. ### Parameters - `params: SendingDomainRestrictionListParams` - `account_id: string` Path param: Identifier. - `direction?: "asc" | "desc"` Query param: The sorting direction. - `"asc"` - `"desc"` - `order?: "domain" | "created_at"` Query param: Field to sort by. - `"domain"` - `"created_at"` - `page?: number` Query param: Current page within paginated list of results. - `per_page?: number` Query param: The number of results per page. Maximum value is 1000. - `search?: string` Query param: Search term for filtering records. Behavior may change. ### Returns - `SendingDomainRestrictionListResponse` A sending domain restriction that enforces TLS (Transport Layer Security) requirements for emails from specific domains. If TLS is required, mail without TLS from the specified domain will be dropped. - `id?: string` Sending domain restriction identifier. - `comments?: string | null` - `created_at?: string` - `domain?: string` Domain that requires TLS enforcement. - `exclude?: Array` Excluded subdomains that are exempt from TLS requirements. - `last_modified?: string` Deprecated, use `modified_at` instead. End of life: November 1, 2026. - `modified_at?: string` ### Example ```typescript import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted }); // Automatically fetches more pages as needed. for await (const sendingDomainRestrictionListResponse of client.emailSecurity.settings.sendingDomainRestrictions.list( { account_id: '023e105f4ecef8ad9ca31a8372d0c353' }, )) { console.log(sendingDomainRestrictionListResponse.id); } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": [ { "id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415", "comments": "Enforce TLS for all mail from this domain", "created_at": "2014-01-01T05:20:00.12345Z", "domain": "example.com", "exclude": [ "subdomain.example.com" ], "last_modified": "2014-01-01T05:20:00.12345Z", "modified_at": "2014-01-01T05:20:00.12345Z" } ], "result_info": { "count": 1, "page": 1, "per_page": 20, "total_count": 2000 } } ``` ## Get a sending domain restriction `client.emailSecurity.settings.sendingDomainRestrictions.get(stringsendingDomainRestrictionID, SendingDomainRestrictionGetParamsparams, RequestOptionsoptions?): SendingDomainRestrictionGetResponse` **get** `/accounts/{account_id}/email-security/settings/sending_domain_restrictions/{sending_domain_restriction_id}` Retrieves details for a specific sending domain restriction including the domain requiring TLS and any excluded subdomains exempt from the TLS requirement. ### Parameters - `sendingDomainRestrictionID: string` Sending domain restriction identifier. - `params: SendingDomainRestrictionGetParams` - `account_id: string` Identifier. ### Returns - `SendingDomainRestrictionGetResponse` A sending domain restriction that enforces TLS (Transport Layer Security) requirements for emails from specific domains. If TLS is required, mail without TLS from the specified domain will be dropped. - `id?: string` Sending domain restriction identifier. - `comments?: string | null` - `created_at?: string` - `domain?: string` Domain that requires TLS enforcement. - `exclude?: Array` Excluded subdomains that are exempt from TLS requirements. - `last_modified?: string` Deprecated, use `modified_at` instead. End of life: November 1, 2026. - `modified_at?: string` ### Example ```typescript import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted }); const sendingDomainRestriction = await client.emailSecurity.settings.sendingDomainRestrictions.get( 'f174e90a-fafe-4643-bbbc-4a0ed4fc8415', { account_id: '023e105f4ecef8ad9ca31a8372d0c353' }, ); console.log(sendingDomainRestriction.id); ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": { "id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415", "comments": "Enforce TLS for all mail from this domain", "created_at": "2014-01-01T05:20:00.12345Z", "domain": "example.com", "exclude": [ "subdomain.example.com" ], "last_modified": "2014-01-01T05:20:00.12345Z", "modified_at": "2014-01-01T05:20:00.12345Z" } } ``` ## Create a sending domain restriction `client.emailSecurity.settings.sendingDomainRestrictions.create(SendingDomainRestrictionCreateParamsparams, RequestOptionsoptions?): SendingDomainRestrictionCreateResponse` **post** `/accounts/{account_id}/email-security/settings/sending_domain_restrictions` Creates a new sending domain restriction to enforce TLS requirements for a domain. Emails without TLS from this domain will be dropped unless the subdomain is in the exclude list. ### Parameters - `params: SendingDomainRestrictionCreateParams` - `account_id: string` Path param: Identifier. - `domain: string` Body param: Domain that requires TLS enforcement. - `exclude: Array` Body param: Excluded subdomains that are exempt from TLS requirements. - `comments?: string | null` Body param ### Returns - `SendingDomainRestrictionCreateResponse` A sending domain restriction that enforces TLS (Transport Layer Security) requirements for emails from specific domains. If TLS is required, mail without TLS from the specified domain will be dropped. - `id?: string` Sending domain restriction identifier. - `comments?: string | null` - `created_at?: string` - `domain?: string` Domain that requires TLS enforcement. - `exclude?: Array` Excluded subdomains that are exempt from TLS requirements. - `last_modified?: string` Deprecated, use `modified_at` instead. End of life: November 1, 2026. - `modified_at?: string` ### Example ```typescript import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted }); const sendingDomainRestriction = await client.emailSecurity.settings.sendingDomainRestrictions.create({ account_id: '023e105f4ecef8ad9ca31a8372d0c353', domain: 'example.com', exclude: ['subdomain.example.com'], }); console.log(sendingDomainRestriction.id); ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": { "id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415", "comments": "Enforce TLS for all mail from this domain", "created_at": "2014-01-01T05:20:00.12345Z", "domain": "example.com", "exclude": [ "subdomain.example.com" ], "last_modified": "2014-01-01T05:20:00.12345Z", "modified_at": "2014-01-01T05:20:00.12345Z" } } ``` ## Update a sending domain restriction `client.emailSecurity.settings.sendingDomainRestrictions.edit(stringsendingDomainRestrictionID, SendingDomainRestrictionEditParamsparams, RequestOptionsoptions?): SendingDomainRestrictionEditResponse` **patch** `/accounts/{account_id}/email-security/settings/sending_domain_restrictions/{sending_domain_restriction_id}` Updates an existing sending domain restriction. Only provided fields will be modified. Changes affect which domains require TLS and which subdomains are excluded. ### Parameters - `sendingDomainRestrictionID: string` Sending domain restriction identifier. - `params: SendingDomainRestrictionEditParams` - `account_id: string` Path param: Identifier. - `comments?: string | null` Body param - `domain?: string` Body param: Domain that requires TLS enforcement. - `exclude?: Array` Body param: Excluded subdomains that are exempt from TLS requirements. ### Returns - `SendingDomainRestrictionEditResponse` A sending domain restriction that enforces TLS (Transport Layer Security) requirements for emails from specific domains. If TLS is required, mail without TLS from the specified domain will be dropped. - `id?: string` Sending domain restriction identifier. - `comments?: string | null` - `created_at?: string` - `domain?: string` Domain that requires TLS enforcement. - `exclude?: Array` Excluded subdomains that are exempt from TLS requirements. - `last_modified?: string` Deprecated, use `modified_at` instead. End of life: November 1, 2026. - `modified_at?: string` ### Example ```typescript import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted }); const response = await client.emailSecurity.settings.sendingDomainRestrictions.edit( 'f174e90a-fafe-4643-bbbc-4a0ed4fc8415', { account_id: '023e105f4ecef8ad9ca31a8372d0c353' }, ); console.log(response.id); ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": { "id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415", "comments": "Enforce TLS for all mail from this domain", "created_at": "2014-01-01T05:20:00.12345Z", "domain": "example.com", "exclude": [ "subdomain.example.com" ], "last_modified": "2014-01-01T05:20:00.12345Z", "modified_at": "2014-01-01T05:20:00.12345Z" } } ``` ## Delete a sending domain restriction `client.emailSecurity.settings.sendingDomainRestrictions.delete(stringsendingDomainRestrictionID, SendingDomainRestrictionDeleteParamsparams, RequestOptionsoptions?): SendingDomainRestrictionDeleteResponse` **delete** `/accounts/{account_id}/email-security/settings/sending_domain_restrictions/{sending_domain_restriction_id}` Removes a sending domain restriction. After deletion, TLS will no longer be enforced for emails from this domain. ### Parameters - `sendingDomainRestrictionID: string` Sending domain restriction identifier. - `params: SendingDomainRestrictionDeleteParams` - `account_id: string` Identifier. ### Returns - `SendingDomainRestrictionDeleteResponse` - `id: string` Sending domain restriction identifier. ### Example ```typescript import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted }); const sendingDomainRestriction = await client.emailSecurity.settings.sendingDomainRestrictions.delete( 'f174e90a-fafe-4643-bbbc-4a0ed4fc8415', { account_id: '023e105f4ecef8ad9ca31a8372d0c353' }, ); console.log(sendingDomainRestriction.id); ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": { "id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415" } } ``` ## Domain Types ### Sending Domain Restriction List Response - `SendingDomainRestrictionListResponse` A sending domain restriction that enforces TLS (Transport Layer Security) requirements for emails from specific domains. If TLS is required, mail without TLS from the specified domain will be dropped. - `id?: string` Sending domain restriction identifier. - `comments?: string | null` - `created_at?: string` - `domain?: string` Domain that requires TLS enforcement. - `exclude?: Array` Excluded subdomains that are exempt from TLS requirements. - `last_modified?: string` Deprecated, use `modified_at` instead. End of life: November 1, 2026. - `modified_at?: string` ### Sending Domain Restriction Get Response - `SendingDomainRestrictionGetResponse` A sending domain restriction that enforces TLS (Transport Layer Security) requirements for emails from specific domains. If TLS is required, mail without TLS from the specified domain will be dropped. - `id?: string` Sending domain restriction identifier. - `comments?: string | null` - `created_at?: string` - `domain?: string` Domain that requires TLS enforcement. - `exclude?: Array` Excluded subdomains that are exempt from TLS requirements. - `last_modified?: string` Deprecated, use `modified_at` instead. End of life: November 1, 2026. - `modified_at?: string` ### Sending Domain Restriction Create Response - `SendingDomainRestrictionCreateResponse` A sending domain restriction that enforces TLS (Transport Layer Security) requirements for emails from specific domains. If TLS is required, mail without TLS from the specified domain will be dropped. - `id?: string` Sending domain restriction identifier. - `comments?: string | null` - `created_at?: string` - `domain?: string` Domain that requires TLS enforcement. - `exclude?: Array` Excluded subdomains that are exempt from TLS requirements. - `last_modified?: string` Deprecated, use `modified_at` instead. End of life: November 1, 2026. - `modified_at?: string` ### Sending Domain Restriction Edit Response - `SendingDomainRestrictionEditResponse` A sending domain restriction that enforces TLS (Transport Layer Security) requirements for emails from specific domains. If TLS is required, mail without TLS from the specified domain will be dropped. - `id?: string` Sending domain restriction identifier. - `comments?: string | null` - `created_at?: string` - `domain?: string` Domain that requires TLS enforcement. - `exclude?: Array` Excluded subdomains that are exempt from TLS requirements. - `last_modified?: string` Deprecated, use `modified_at` instead. End of life: November 1, 2026. - `modified_at?: string` ### Sending Domain Restriction Delete Response - `SendingDomainRestrictionDeleteResponse` - `id: string` Sending domain restriction identifier. # Trusted Domains ## List trusted email domains `client.emailSecurity.settings.trustedDomains.list(TrustedDomainListParamsparams, RequestOptionsoptions?): V4PagePaginationArray` **get** `/accounts/{account_id}/email-security/settings/trusted_domains` Returns a paginated list of trusted domain patterns. Trusted domains prevent false positives for recently registered domains and lookalike domain detections. Patterns can use regular expressions for flexible matching. ### Parameters - `params: TrustedDomainListParams` - `account_id: string` Path param: Identifier. - `direction?: "asc" | "desc"` Query param: The sorting direction. - `"asc"` - `"desc"` - `is_recent?: boolean` Query param: Filter to show only recently registered domains that are trusted to prevent triggering Suspicious or Malicious dispositions. - `is_similarity?: boolean` Query param: Filter to show only proximity domains (partner or approved domains with similar spelling to connected domains) that prevent Spoof dispositions. - `order?: "pattern" | "created_at"` Query param: Field to sort by. - `"pattern"` - `"created_at"` - `page?: number` Query param: Current page within paginated list of results. - `pattern?: string` Query param - `per_page?: number` Query param: The number of results per page. Maximum value is 1000. - `search?: string` Query param: Search term for filtering records. Behavior may change. ### Returns - `TrustedDomainListResponse` A trusted email domain - `id?: string` Trusted domain identifier - `comments?: string | null` - `created_at?: string` - `is_recent?: boolean` Select to prevent recently registered domains from triggering a Suspicious or Malicious disposition. - `is_regex?: boolean` - `is_similarity?: boolean` Select for partner or other approved domains that have similar spelling to your connected domains. Prevents listed domains from triggering a Spoof disposition. - `last_modified?: string` Deprecated, use `modified_at` instead. End of life: November 1, 2026. - `modified_at?: string` - `pattern?: string` ### Example ```typescript import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted }); // Automatically fetches more pages as needed. for await (const trustedDomainListResponse of client.emailSecurity.settings.trustedDomains.list({ account_id: '023e105f4ecef8ad9ca31a8372d0c353', })) { console.log(trustedDomainListResponse.id); } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": [ { "id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415", "comments": "Trusted partner domain", "created_at": "2014-01-01T05:20:00.12345Z", "is_recent": true, "is_regex": false, "is_similarity": false, "last_modified": "2014-01-01T05:20:00.12345Z", "modified_at": "2014-01-01T05:20:00.12345Z", "pattern": "example.com" } ], "result_info": { "count": 1, "page": 1, "per_page": 20, "total_count": 2000 } } ``` ## Get a trusted email domain `client.emailSecurity.settings.trustedDomains.get(stringtrustedDomainID, TrustedDomainGetParamsparams, RequestOptionsoptions?): TrustedDomainGetResponse` **get** `/accounts/{account_id}/email-security/settings/trusted_domains/{trusted_domain_id}` Retrieves details for a specific trusted domain pattern including its pattern value, whether it uses regex matching, and which detection types it affects. ### Parameters - `trustedDomainID: string` Trusted domain identifier - `params: TrustedDomainGetParams` - `account_id: string` Identifier. ### Returns - `TrustedDomainGetResponse` A trusted email domain - `id?: string` Trusted domain identifier - `comments?: string | null` - `created_at?: string` - `is_recent?: boolean` Select to prevent recently registered domains from triggering a Suspicious or Malicious disposition. - `is_regex?: boolean` - `is_similarity?: boolean` Select for partner or other approved domains that have similar spelling to your connected domains. Prevents listed domains from triggering a Spoof disposition. - `last_modified?: string` Deprecated, use `modified_at` instead. End of life: November 1, 2026. - `modified_at?: string` - `pattern?: string` ### Example ```typescript import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted }); const trustedDomain = await client.emailSecurity.settings.trustedDomains.get( 'f174e90a-fafe-4643-bbbc-4a0ed4fc8415', { account_id: '023e105f4ecef8ad9ca31a8372d0c353' }, ); console.log(trustedDomain.id); ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": { "id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415", "comments": "Trusted partner domain", "created_at": "2014-01-01T05:20:00.12345Z", "is_recent": true, "is_regex": false, "is_similarity": false, "last_modified": "2014-01-01T05:20:00.12345Z", "modified_at": "2014-01-01T05:20:00.12345Z", "pattern": "example.com" } } ``` ## Create trusted email domain `client.emailSecurity.settings.trustedDomains.create(TrustedDomainCreateParamsparams, RequestOptionsoptions?): TrustedDomainCreateResponse` **post** `/accounts/{account_id}/email-security/settings/trusted_domains` Creates a new trusted domain pattern. Use for partner domains or approved senders that should bypass recent domain registration and similarity checks. Configure whether it prevents recent domain or spoof dispositions. ### Parameters - `params: TrustedDomainCreateParams` - `account_id: string` Path param: Identifier. - `is_recent: boolean` Body param: Select to prevent recently registered domains from triggering a Suspicious or Malicious disposition. - `is_regex: boolean` Body param - `is_similarity: boolean` Body param: Select for partner or other approved domains that have similar spelling to your connected domains. Prevents listed domains from triggering a Spoof disposition. - `pattern: string` Body param - `comments?: string | null` Body param ### Returns - `TrustedDomainCreateResponse` A trusted email domain - `id?: string` Trusted domain identifier - `comments?: string | null` - `created_at?: string` - `is_recent?: boolean` Select to prevent recently registered domains from triggering a Suspicious or Malicious disposition. - `is_regex?: boolean` - `is_similarity?: boolean` Select for partner or other approved domains that have similar spelling to your connected domains. Prevents listed domains from triggering a Spoof disposition. - `last_modified?: string` Deprecated, use `modified_at` instead. End of life: November 1, 2026. - `modified_at?: string` - `pattern?: string` ### Example ```typescript import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted }); const trustedDomain = await client.emailSecurity.settings.trustedDomains.create({ account_id: '023e105f4ecef8ad9ca31a8372d0c353', is_recent: true, is_regex: false, is_similarity: false, pattern: 'example.com', }); console.log(trustedDomain.id); ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": { "id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415", "comments": "Trusted partner domain", "created_at": "2014-01-01T05:20:00.12345Z", "is_recent": true, "is_regex": false, "is_similarity": false, "last_modified": "2014-01-01T05:20:00.12345Z", "modified_at": "2014-01-01T05:20:00.12345Z", "pattern": "example.com" } } ``` ## Update a trusted email domain `client.emailSecurity.settings.trustedDomains.edit(stringtrustedDomainID, TrustedDomainEditParamsparams, RequestOptionsoptions?): TrustedDomainEditResponse` **patch** `/accounts/{account_id}/email-security/settings/trusted_domains/{trusted_domain_id}` Updates an existing trusted domain pattern. Only provided fields will be modified. Changes take effect for new emails matching the pattern. ### Parameters - `trustedDomainID: string` Trusted domain identifier - `params: TrustedDomainEditParams` - `account_id: string` Path param: Identifier. - `comments?: string | null` Body param - `is_recent?: boolean` Body param: Select to prevent recently registered domains from triggering a Suspicious or Malicious disposition. - `is_regex?: boolean` Body param - `is_similarity?: boolean` Body param: Select for partner or other approved domains that have similar spelling to your connected domains. Prevents listed domains from triggering a Spoof disposition. - `pattern?: string` Body param ### Returns - `TrustedDomainEditResponse` A trusted email domain - `id?: string` Trusted domain identifier - `comments?: string | null` - `created_at?: string` - `is_recent?: boolean` Select to prevent recently registered domains from triggering a Suspicious or Malicious disposition. - `is_regex?: boolean` - `is_similarity?: boolean` Select for partner or other approved domains that have similar spelling to your connected domains. Prevents listed domains from triggering a Spoof disposition. - `last_modified?: string` Deprecated, use `modified_at` instead. End of life: November 1, 2026. - `modified_at?: string` - `pattern?: string` ### Example ```typescript import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted }); const response = await client.emailSecurity.settings.trustedDomains.edit( 'f174e90a-fafe-4643-bbbc-4a0ed4fc8415', { account_id: '023e105f4ecef8ad9ca31a8372d0c353' }, ); console.log(response.id); ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": { "id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415", "comments": "Trusted partner domain", "created_at": "2014-01-01T05:20:00.12345Z", "is_recent": true, "is_regex": false, "is_similarity": false, "last_modified": "2014-01-01T05:20:00.12345Z", "modified_at": "2014-01-01T05:20:00.12345Z", "pattern": "example.com" } } ``` ## Delete a trusted email domain `client.emailSecurity.settings.trustedDomains.delete(stringtrustedDomainID, TrustedDomainDeleteParamsparams, RequestOptionsoptions?): TrustedDomainDeleteResponse` **delete** `/accounts/{account_id}/email-security/settings/trusted_domains/{trusted_domain_id}` Removes a trusted domain pattern. After deletion, emails from this domain will be subject to normal recent domain and similarity checks. ### Parameters - `trustedDomainID: string` Trusted domain identifier - `params: TrustedDomainDeleteParams` - `account_id: string` Identifier. ### Returns - `TrustedDomainDeleteResponse` - `id: string` Trusted domain identifier ### Example ```typescript import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted }); const trustedDomain = await client.emailSecurity.settings.trustedDomains.delete( 'f174e90a-fafe-4643-bbbc-4a0ed4fc8415', { account_id: '023e105f4ecef8ad9ca31a8372d0c353' }, ); console.log(trustedDomain.id); ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": { "id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415" } } ``` ## Domain Types ### Trusted Domain List Response - `TrustedDomainListResponse` A trusted email domain - `id?: string` Trusted domain identifier - `comments?: string | null` - `created_at?: string` - `is_recent?: boolean` Select to prevent recently registered domains from triggering a Suspicious or Malicious disposition. - `is_regex?: boolean` - `is_similarity?: boolean` Select for partner or other approved domains that have similar spelling to your connected domains. Prevents listed domains from triggering a Spoof disposition. - `last_modified?: string` Deprecated, use `modified_at` instead. End of life: November 1, 2026. - `modified_at?: string` - `pattern?: string` ### Trusted Domain Get Response - `TrustedDomainGetResponse` A trusted email domain - `id?: string` Trusted domain identifier - `comments?: string | null` - `created_at?: string` - `is_recent?: boolean` Select to prevent recently registered domains from triggering a Suspicious or Malicious disposition. - `is_regex?: boolean` - `is_similarity?: boolean` Select for partner or other approved domains that have similar spelling to your connected domains. Prevents listed domains from triggering a Spoof disposition. - `last_modified?: string` Deprecated, use `modified_at` instead. End of life: November 1, 2026. - `modified_at?: string` - `pattern?: string` ### Trusted Domain Create Response - `TrustedDomainCreateResponse` A trusted email domain - `id?: string` Trusted domain identifier - `comments?: string | null` - `created_at?: string` - `is_recent?: boolean` Select to prevent recently registered domains from triggering a Suspicious or Malicious disposition. - `is_regex?: boolean` - `is_similarity?: boolean` Select for partner or other approved domains that have similar spelling to your connected domains. Prevents listed domains from triggering a Spoof disposition. - `last_modified?: string` Deprecated, use `modified_at` instead. End of life: November 1, 2026. - `modified_at?: string` - `pattern?: string` ### Trusted Domain Edit Response - `TrustedDomainEditResponse` A trusted email domain - `id?: string` Trusted domain identifier - `comments?: string | null` - `created_at?: string` - `is_recent?: boolean` Select to prevent recently registered domains from triggering a Suspicious or Malicious disposition. - `is_regex?: boolean` - `is_similarity?: boolean` Select for partner or other approved domains that have similar spelling to your connected domains. Prevents listed domains from triggering a Spoof disposition. - `last_modified?: string` Deprecated, use `modified_at` instead. End of life: November 1, 2026. - `modified_at?: string` - `pattern?: string` ### Trusted Domain Delete Response - `TrustedDomainDeleteResponse` - `id: string` Trusted domain identifier # URL Ignore Patterns ## List URL ignore patterns `client.emailSecurity.settings.urlIgnorePatterns.list(URLIgnorePatternListParamsparams, RequestOptionsoptions?): V4PagePaginationArray` **get** `/accounts/{account_id}/email-security/settings/url_ignore_patterns` Returns a paginated list of URL rewrite ignore patterns for the account. URLs matching these patterns will not be rewritten. ### Parameters - `params: URLIgnorePatternListParams` - `account_id: string` Path param: Identifier. - `page?: number` Query param: Current page within paginated list of results. - `per_page?: number` Query param: The number of results per page. Maximum value is 1000. ### Returns - `URLIgnorePatternListResponse` A URL ignore pattern that exempts matching URLs from being rewritten by Email Security. - `id: string` URL ignore pattern identifier - `created_at: string` - `pattern: string` Regular expression matching URLs that should not be rewritten. - `comments?: string | null` Optional note describing the reason for the ignore pattern. - `last_modified?: string` Deprecated, use `modified_at` instead. End of life: November 1, 2026. - `modified_at?: string` ### Example ```typescript import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted }); // Automatically fetches more pages as needed. for await (const urlIgnorePatternListResponse of client.emailSecurity.settings.urlIgnorePatterns.list( { account_id: '023e105f4ecef8ad9ca31a8372d0c353' }, )) { console.log(urlIgnorePatternListResponse.id); } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": [ { "id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415", "created_at": "2019-12-27T18:11:19.117Z", "pattern": "https://example\\.com/.*", "comments": "Trusted internal redirect service", "last_modified": "2019-12-27T18:11:19.117Z", "modified_at": "2019-12-27T18:11:19.117Z" } ], "result_info": { "count": 1, "page": 1, "per_page": 20, "total_count": 2000 } } ``` ## Get a URL ignore pattern `client.emailSecurity.settings.urlIgnorePatterns.get(stringpatternID, URLIgnorePatternGetParamsparams, RequestOptionsoptions?): URLIgnorePatternGetResponse` **get** `/accounts/{account_id}/email-security/settings/url_ignore_patterns/{pattern_id}` Returns a single URL rewrite ignore pattern by its identifier. ### Parameters - `patternID: string` URL ignore pattern identifier - `params: URLIgnorePatternGetParams` - `account_id: string` Identifier. ### Returns - `URLIgnorePatternGetResponse` A URL ignore pattern that exempts matching URLs from being rewritten by Email Security. - `id: string` URL ignore pattern identifier - `created_at: string` - `pattern: string` Regular expression matching URLs that should not be rewritten. - `comments?: string | null` Optional note describing the reason for the ignore pattern. - `last_modified?: string` Deprecated, use `modified_at` instead. End of life: November 1, 2026. - `modified_at?: string` ### Example ```typescript import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted }); const urlIgnorePattern = await client.emailSecurity.settings.urlIgnorePatterns.get( 'f174e90a-fafe-4643-bbbc-4a0ed4fc8415', { account_id: '023e105f4ecef8ad9ca31a8372d0c353' }, ); console.log(urlIgnorePattern.id); ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": { "id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415", "created_at": "2019-12-27T18:11:19.117Z", "pattern": "https://example\\.com/.*", "comments": "Trusted internal redirect service", "last_modified": "2019-12-27T18:11:19.117Z", "modified_at": "2019-12-27T18:11:19.117Z" } } ``` ## Create a URL ignore pattern `client.emailSecurity.settings.urlIgnorePatterns.create(URLIgnorePatternCreateParamsparams, RequestOptionsoptions?): URLIgnorePatternCreateResponse` **post** `/accounts/{account_id}/email-security/settings/url_ignore_patterns` Creates a new URL rewrite ignore pattern. URLs matching this pattern will not be rewritten. ### Parameters - `params: URLIgnorePatternCreateParams` - `account_id: string` Path param: Identifier. - `pattern: string` Body param: Regular expression matching URLs that should not be rewritten. - `comments?: string | null` Body param: Optional note describing the reason for the ignore pattern. ### Returns - `URLIgnorePatternCreateResponse` A URL ignore pattern that exempts matching URLs from being rewritten by Email Security. - `id: string` URL ignore pattern identifier - `created_at: string` - `pattern: string` Regular expression matching URLs that should not be rewritten. - `comments?: string | null` Optional note describing the reason for the ignore pattern. - `last_modified?: string` Deprecated, use `modified_at` instead. End of life: November 1, 2026. - `modified_at?: string` ### Example ```typescript import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted }); const urlIgnorePattern = await client.emailSecurity.settings.urlIgnorePatterns.create({ account_id: '023e105f4ecef8ad9ca31a8372d0c353', pattern: 'https://example\\.com/.*', }); console.log(urlIgnorePattern.id); ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": { "id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415", "created_at": "2019-12-27T18:11:19.117Z", "pattern": "https://example\\.com/.*", "comments": "Trusted internal redirect service", "last_modified": "2019-12-27T18:11:19.117Z", "modified_at": "2019-12-27T18:11:19.117Z" } } ``` ## Update a URL ignore pattern `client.emailSecurity.settings.urlIgnorePatterns.edit(stringpatternID, URLIgnorePatternEditParamsparams, RequestOptionsoptions?): URLIgnorePatternEditResponse` **patch** `/accounts/{account_id}/email-security/settings/url_ignore_patterns/{pattern_id}` Updates an existing URL rewrite ignore pattern. Only provided fields will be modified. ### Parameters - `patternID: string` URL ignore pattern identifier - `params: URLIgnorePatternEditParams` - `account_id: string` Path param: Identifier. - `comments?: string | null` Body param: Optional note describing the reason for the ignore pattern. - `pattern?: string` Body param: Regular expression matching URLs that should not be rewritten. ### Returns - `URLIgnorePatternEditResponse` A URL ignore pattern that exempts matching URLs from being rewritten by Email Security. - `id: string` URL ignore pattern identifier - `created_at: string` - `pattern: string` Regular expression matching URLs that should not be rewritten. - `comments?: string | null` Optional note describing the reason for the ignore pattern. - `last_modified?: string` Deprecated, use `modified_at` instead. End of life: November 1, 2026. - `modified_at?: string` ### Example ```typescript import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted }); const response = await client.emailSecurity.settings.urlIgnorePatterns.edit( 'f174e90a-fafe-4643-bbbc-4a0ed4fc8415', { account_id: '023e105f4ecef8ad9ca31a8372d0c353' }, ); console.log(response.id); ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": { "id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415", "created_at": "2019-12-27T18:11:19.117Z", "pattern": "https://example\\.com/.*", "comments": "Trusted internal redirect service", "last_modified": "2019-12-27T18:11:19.117Z", "modified_at": "2019-12-27T18:11:19.117Z" } } ``` ## Delete a URL ignore pattern `client.emailSecurity.settings.urlIgnorePatterns.delete(stringpatternID, URLIgnorePatternDeleteParamsparams, RequestOptionsoptions?): URLIgnorePatternDeleteResponse` **delete** `/accounts/{account_id}/email-security/settings/url_ignore_patterns/{pattern_id}` Removes a URL rewrite ignore pattern. After deletion, URLs matching this pattern will be rewritten again. ### Parameters - `patternID: string` URL ignore pattern identifier - `params: URLIgnorePatternDeleteParams` - `account_id: string` Identifier. ### Returns - `URLIgnorePatternDeleteResponse` - `id: string` URL ignore pattern identifier ### Example ```typescript import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted }); const urlIgnorePattern = await client.emailSecurity.settings.urlIgnorePatterns.delete( 'f174e90a-fafe-4643-bbbc-4a0ed4fc8415', { account_id: '023e105f4ecef8ad9ca31a8372d0c353' }, ); console.log(urlIgnorePattern.id); ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": { "id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415" } } ``` ## Domain Types ### URL Ignore Pattern List Response - `URLIgnorePatternListResponse` A URL ignore pattern that exempts matching URLs from being rewritten by Email Security. - `id: string` URL ignore pattern identifier - `created_at: string` - `pattern: string` Regular expression matching URLs that should not be rewritten. - `comments?: string | null` Optional note describing the reason for the ignore pattern. - `last_modified?: string` Deprecated, use `modified_at` instead. End of life: November 1, 2026. - `modified_at?: string` ### URL Ignore Pattern Get Response - `URLIgnorePatternGetResponse` A URL ignore pattern that exempts matching URLs from being rewritten by Email Security. - `id: string` URL ignore pattern identifier - `created_at: string` - `pattern: string` Regular expression matching URLs that should not be rewritten. - `comments?: string | null` Optional note describing the reason for the ignore pattern. - `last_modified?: string` Deprecated, use `modified_at` instead. End of life: November 1, 2026. - `modified_at?: string` ### URL Ignore Pattern Create Response - `URLIgnorePatternCreateResponse` A URL ignore pattern that exempts matching URLs from being rewritten by Email Security. - `id: string` URL ignore pattern identifier - `created_at: string` - `pattern: string` Regular expression matching URLs that should not be rewritten. - `comments?: string | null` Optional note describing the reason for the ignore pattern. - `last_modified?: string` Deprecated, use `modified_at` instead. End of life: November 1, 2026. - `modified_at?: string` ### URL Ignore Pattern Edit Response - `URLIgnorePatternEditResponse` A URL ignore pattern that exempts matching URLs from being rewritten by Email Security. - `id: string` URL ignore pattern identifier - `created_at: string` - `pattern: string` Regular expression matching URLs that should not be rewritten. - `comments?: string | null` Optional note describing the reason for the ignore pattern. - `last_modified?: string` Deprecated, use `modified_at` instead. End of life: November 1, 2026. - `modified_at?: string` ### URL Ignore Pattern Delete Response - `URLIgnorePatternDeleteResponse` - `id: string` URL ignore pattern identifier # Submissions ## Get reclassify submissions `client.emailSecurity.submissions.list(SubmissionListParamsparams, RequestOptionsoptions?): V4PagePaginationArray` **get** `/accounts/{account_id}/email-security/submissions` Returns information for submissions made to reclassify emails. Shows the status, outcome, and disposition changes for reclassification requests made by users or the security team. Useful for tracking false positive/negative reports. ### Parameters - `params: SubmissionListParams` - `account_id: string` Path param: Identifier. - `end?: string` Query param: The end of the search date range. Defaults to `now`. - `escalated_from_user?: boolean` Query param: When true, return only submissions that were escalated by an end user (vs. by the security team). When false, return only submissions that were not escalated by an end user. When omitted, no filter is applied. - `original_disposition?: "MALICIOUS" | "SUSPICIOUS" | "SPOOF" | 3 more` Query param - `"MALICIOUS"` - `"SUSPICIOUS"` - `"SPOOF"` - `"SPAM"` - `"BULK"` - `"NONE"` - `outcome_disposition?: "MALICIOUS" | "SUSPICIOUS" | "SPOOF" | 3 more` Query param - `"MALICIOUS"` - `"SUSPICIOUS"` - `"SPOOF"` - `"SPAM"` - `"BULK"` - `"NONE"` - `page?: number` Query param: Current page within paginated list of results. - `per_page?: number` Query param: The number of results per page. Maximum value is 1000. - `query?: string | null` Query param - `requested_disposition?: "MALICIOUS" | "SUSPICIOUS" | "SPOOF" | 3 more` Query param - `"MALICIOUS"` - `"SUSPICIOUS"` - `"SPOOF"` - `"SPAM"` - `"BULK"` - `"NONE"` - `start?: string` Query param: The beginning of the search date range. Defaults to `now - 30 days`. - `status?: string` Query param - `submission_id?: string` Query param - `type?: "TEAM" | "USER"` Query param - `"TEAM"` - `"USER"` ### Returns - `SubmissionListResponse` - `requested_at: string` When the submission was requested (UTC). - `submission_id: string` - `customer_status?: "escalated" | "reviewed" | "unreviewed" | null` - `"escalated"` - `"reviewed"` - `"unreviewed"` - `escalated_as?: "MALICIOUS" | "SUSPICIOUS" | "SPOOF" | 3 more | null` - `"MALICIOUS"` - `"SUSPICIOUS"` - `"SPOOF"` - `"SPAM"` - `"BULK"` - `"NONE"` - `escalated_at?: string | null` - `escalated_by?: string | null` - `escalated_submission_id?: string | null` - `original_disposition?: "MALICIOUS" | "SUSPICIOUS" | "SPOOF" | 3 more | null` - `"MALICIOUS"` - `"SUSPICIOUS"` - `"SPOOF"` - `"SPAM"` - `"BULK"` - `"NONE"` - `original_edf_hash?: string | null` - `original_postfix_id?: string | null` The postfix ID of the original message that was submitted - `outcome?: string | null` - `outcome_disposition?: "MALICIOUS" | "SUSPICIOUS" | "SPOOF" | 3 more | null` - `"MALICIOUS"` - `"SUSPICIOUS"` - `"SPOOF"` - `"SPAM"` - `"BULK"` - `"NONE"` - `requested_by?: string | null` - `requested_disposition?: "MALICIOUS" | "SUSPICIOUS" | "SPOOF" | 3 more | null` - `"MALICIOUS"` - `"SUSPICIOUS"` - `"SPOOF"` - `"SPAM"` - `"BULK"` - `"NONE"` - `requested_ts?: string` Deprecated, use `requested_at` instead - `status?: string | null` - `subject?: string | null` - `type?: "Team" | "User" | null` Whether the submission was created by a team member or an end user. - `"Team"` - `"User"` ### Example ```typescript import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted }); // Automatically fetches more pages as needed. for await (const submissionListResponse of client.emailSecurity.submissions.list({ account_id: '023e105f4ecef8ad9ca31a8372d0c353', })) { console.log(submissionListResponse.submission_id); } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": [ { "requested_at": "2019-12-27T18:11:19.117Z", "submission_id": "submission_id", "customer_status": "escalated", "escalated_as": "MALICIOUS", "escalated_at": "2019-12-27T18:11:19.117Z", "escalated_by": "escalated_by", "escalated_submission_id": "escalated_submission_id", "original_disposition": "MALICIOUS", "original_edf_hash": "original_edf_hash", "original_postfix_id": "original_postfix_id", "outcome": "outcome", "outcome_disposition": "MALICIOUS", "requested_by": "requested_by", "requested_disposition": "MALICIOUS", "requested_ts": "requested_ts", "status": "status", "subject": "subject", "type": "Team" } ], "result_info": { "count": 1, "page": 1, "per_page": 20, "total_count": 2000 } } ``` ## Domain Types ### Submission List Response - `SubmissionListResponse` - `requested_at: string` When the submission was requested (UTC). - `submission_id: string` - `customer_status?: "escalated" | "reviewed" | "unreviewed" | null` - `"escalated"` - `"reviewed"` - `"unreviewed"` - `escalated_as?: "MALICIOUS" | "SUSPICIOUS" | "SPOOF" | 3 more | null` - `"MALICIOUS"` - `"SUSPICIOUS"` - `"SPOOF"` - `"SPAM"` - `"BULK"` - `"NONE"` - `escalated_at?: string | null` - `escalated_by?: string | null` - `escalated_submission_id?: string | null` - `original_disposition?: "MALICIOUS" | "SUSPICIOUS" | "SPOOF" | 3 more | null` - `"MALICIOUS"` - `"SUSPICIOUS"` - `"SPOOF"` - `"SPAM"` - `"BULK"` - `"NONE"` - `original_edf_hash?: string | null` - `original_postfix_id?: string | null` The postfix ID of the original message that was submitted - `outcome?: string | null` - `outcome_disposition?: "MALICIOUS" | "SUSPICIOUS" | "SPOOF" | 3 more | null` - `"MALICIOUS"` - `"SUSPICIOUS"` - `"SPOOF"` - `"SPAM"` - `"BULK"` - `"NONE"` - `requested_by?: string | null` - `requested_disposition?: "MALICIOUS" | "SUSPICIOUS" | "SPOOF" | 3 more | null` - `"MALICIOUS"` - `"SUSPICIOUS"` - `"SPOOF"` - `"SPAM"` - `"BULK"` - `"NONE"` - `requested_ts?: string` Deprecated, use `requested_at` instead - `status?: string | null` - `subject?: string | null` - `type?: "Team" | "User" | null` Whether the submission was created by a team member or an end user. - `"Team"` - `"User"`