Recipient Notification Message Tokens

Views:

Deep Discovery Email Inspector sends recipient notifications to inform recipients that an email message contained a detected threat. After acting upon an email message, Deep Discovery Email Inspector sends recipient notifications based on the detected risk level. Use the following table to customize your recipient notifications with message tokens.

Note

For information about configuring recipient notifications, see Configuring Recipient Notification.

Message Tokens

Token

Description

Example

%Action%

The action that Deep Discovery Email Inspector took on the processed message

Block and quarantine
Strip attachments, redirect links to blocking page, and tag
Strip attachments, redirect links to warning page, and tag
Pass and tag
Pass with no action

%AllRecipients%

All recipients from the SMTP envelope, including TO, CC, and BCC

alice@company.com; bob@company.com; audit@company.com

%AttachmentNames%

The top ten detected attachments

important.doc

%BccRecipients%

Recipients present in SMTP envelope but not visible in message headers

alice@company.com; bob@company.com

%CcRecipients%

Email addresses extracted from the CC header field

alice@company.com; bob@company.com

%ConsoleURL%

The Deep Discovery Email Inspector management console URL.

https://192.168.252.1/loginPage.ddei

%DateTime%

The date and time that the alert was triggered

2014-03-21 03:34:09

%DeviceIP%

The IP address of the Deep Discovery Email Inspector appliance

123.123.123.123

%DeviceName%

The host name of the Deep Discovery Email Inspector appliance

example.com

%MailID%

Unique mail identifier for message tracking

<8493b1af-b04d-46e1-ac12-4b48f7dd3a1d@ddei.test>

%Risk%

The email message's risk level

High
Medium
Low
Unavailable

%Rulename%

Name of the rule that triggered the notification

Anti-spam Rule

%Sender%

The sending email address

senderemail@example.com

%Subject%

The subject of the email message

Your dream job!

%SuspiciousURLs%

Detected malicious/suspicious URLs in email messages

Note

The system displays suspicious URLs directly and the warning at the end.

https://virus.com/; http://virus.com/ ** WARNING: The link(s) may be malicious. Do not click or open it/them. **

%ThreatNames%

The top ten detected threats

Spam/Graymail

%ToRecipients%

Email addresses extracted from the TO header field

alice@company.com; bob@company.com