Tokens

Message sender

Message recipients

Message subject

Date and time of incident

Message headers, including the original header and the headers added by Cloud Email Gateway Protection

This token is supported only in stamps and notification body.

Mail ID

Name of the policy rule that contained the triggered filter

Type of a policy rule: Content Filter, Message Size Filter, and others

Scan result for virus policy matching, or name of the triggered policy rule or filter for content policy matching

Names of files that were affected by the policy rule

Default character set of the notification message

Total size of the message and all attachments

Total size of the attachment(s) that triggered the policy rule

Number of attachments that triggered the policy rule

Terminal action taken by Cloud Email Gateway Protection

All other (non-terminal) actions taken by Cloud Email Gateway Protection

Name of any malware detected

This token will be empty if the message did not trigger a malware action.

Action taken on any malware detected in the message

This token will be empty if the message did not trigger a malware action.

Option selected by a high profile user to confirm that he or she is the real sender of an email message

Option selected by a high profile user to deny that he or she is the real sender of an email message

SPF check result returned when SPF check is enabled

Unusual behavior or trait in an email message

Name of the Correlated Intelligence correlation rule that detected a security risk or anomaly

Description of the Correlated Intelligence correlation rule that detected a security risk or anomaly