# Email Security # Investigate ## Search email messages `client.EmailSecurity.Investigate.List(ctx, params) (*V4PagePaginationArray[InvestigateListResponse], error)` **get** `/accounts/{account_id}/email-security/investigate` Returns information for each email that matches the search parameter(s). ### Parameters - `params InvestigateListParams` - `AccountID param.Field[string]` Path param: Identifier. - `ActionLog param.Field[bool]` Query param: Whether to include the message action log in the response. - `AlertID param.Field[string]` Query param - `Cursor param.Field[string]` Query param - `DetectionsOnly param.Field[bool]` Query param: Whether to include only detections in search results. - `Domain param.Field[string]` Query param: Sender domains to filter by. - `End param.Field[Time]` Query param: The end of the search date range. Defaults to `now`. - `FinalDisposition param.Field[InvestigateListParamsFinalDisposition]` Query param: Dispositions to filter by. - `const InvestigateListParamsFinalDispositionMalicious InvestigateListParamsFinalDisposition = "MALICIOUS"` - `const InvestigateListParamsFinalDispositionSuspicious InvestigateListParamsFinalDisposition = "SUSPICIOUS"` - `const InvestigateListParamsFinalDispositionSpoof InvestigateListParamsFinalDisposition = "SPOOF"` - `const InvestigateListParamsFinalDispositionSpam InvestigateListParamsFinalDisposition = "SPAM"` - `const InvestigateListParamsFinalDispositionBulk InvestigateListParamsFinalDisposition = "BULK"` - `const InvestigateListParamsFinalDispositionNone InvestigateListParamsFinalDisposition = "NONE"` - `MessageAction param.Field[InvestigateListParamsMessageAction]` Query param: Message actions to filter by. - `const InvestigateListParamsMessageActionPreview InvestigateListParamsMessageAction = "PREVIEW"` - `const InvestigateListParamsMessageActionQuarantineReleased InvestigateListParamsMessageAction = "QUARANTINE_RELEASED"` - `const InvestigateListParamsMessageActionMoved InvestigateListParamsMessageAction = "MOVED"` - `MessageID param.Field[string]` Query param - `Metric param.Field[string]` Query param - `Page param.Field[int64]` Query param: Deprecated: Use cursor pagination instead. End of life: November 1, 2026. - `PerPage param.Field[int64]` Query param: The number of results per page. Maximum value is 1000. - `Query param.Field[string]` Query param: Space-delimited search term. Case-insensitive. - `Recipient param.Field[string]` Query param - `Sender param.Field[string]` Query param - `Start param.Field[Time]` Query param: The beginning of the search date range. Defaults to `now - 30 days`. - `Subject param.Field[string]` Query param ### Returns - `type InvestigateListResponse struct{…}` - `ID string` Unique identifier for a message retrieved from investigation - `ActionLog []InvestigateListResponseActionLog` Deprecated, use `GET /investigate/{investigate_id}/action_log` instead. End of life: November 1, 2026. - `CompletedAt Time` Timestamp when action completed - `Operation InvestigateListResponseActionLogOperation` Type of action performed - `const InvestigateListResponseActionLogOperationMove InvestigateListResponseActionLogOperation = "MOVE"` - `const InvestigateListResponseActionLogOperationRelease InvestigateListResponseActionLogOperation = "RELEASE"` - `const InvestigateListResponseActionLogOperationReclassify InvestigateListResponseActionLogOperation = "RECLASSIFY"` - `const InvestigateListResponseActionLogOperationSubmission InvestigateListResponseActionLogOperation = "SUBMISSION"` - `const InvestigateListResponseActionLogOperationQuarantineRelease InvestigateListResponseActionLogOperation = "QUARANTINE_RELEASE"` - `const InvestigateListResponseActionLogOperationPreview InvestigateListResponseActionLogOperation = "PREVIEW"` - `CompletedTimestamp string` Deprecated, use `completed_at` instead. End of life: November 1, 2026. - `Properties InvestigateListResponseActionLogProperties` Additional properties for the action - `Folder string` Target folder for move operations - `RequestedBy string` User who requested the action - `Status string` Status of the action - `ClientRecipients []string` - `DetectionReasons []string` - `IsPhishSubmission bool` - `IsQuarantined bool` - `PostfixID string` The identifier of the message - `Properties InvestigateListResponseProperties` Message processing properties - `AllowlistedPattern string` Pattern that allowlisted this message - `AllowlistedPatternType InvestigateListResponsePropertiesAllowlistedPatternType` Type of allowlist pattern - `const InvestigateListResponsePropertiesAllowlistedPatternTypeQuarantineRelease InvestigateListResponsePropertiesAllowlistedPatternType = "quarantine_release"` - `const InvestigateListResponsePropertiesAllowlistedPatternTypeAcceptableSender InvestigateListResponsePropertiesAllowlistedPatternType = "acceptable_sender"` - `const InvestigateListResponsePropertiesAllowlistedPatternTypeAllowedSender InvestigateListResponsePropertiesAllowlistedPatternType = "allowed_sender"` - `const InvestigateListResponsePropertiesAllowlistedPatternTypeAllowedRecipient InvestigateListResponsePropertiesAllowlistedPatternType = "allowed_recipient"` - `const InvestigateListResponsePropertiesAllowlistedPatternTypeDomainSimilarity InvestigateListResponsePropertiesAllowlistedPatternType = "domain_similarity"` - `const InvestigateListResponsePropertiesAllowlistedPatternTypeDomainRecency InvestigateListResponsePropertiesAllowlistedPatternType = "domain_recency"` - `const InvestigateListResponsePropertiesAllowlistedPatternTypeManagedAcceptableSender InvestigateListResponsePropertiesAllowlistedPatternType = "managed_acceptable_sender"` - `const InvestigateListResponsePropertiesAllowlistedPatternTypeOutboundNdr InvestigateListResponsePropertiesAllowlistedPatternType = "outbound_ndr"` - `BlocklistedMessage bool` Whether message was blocklisted - `BlocklistedPattern string` Pattern that blocklisted this message - `WhitelistedPatternType InvestigateListResponsePropertiesWhitelistedPatternType` Legacy field for allowlist pattern type - `const InvestigateListResponsePropertiesWhitelistedPatternTypeQuarantineRelease InvestigateListResponsePropertiesWhitelistedPatternType = "quarantine_release"` - `const InvestigateListResponsePropertiesWhitelistedPatternTypeAcceptableSender InvestigateListResponsePropertiesWhitelistedPatternType = "acceptable_sender"` - `const InvestigateListResponsePropertiesWhitelistedPatternTypeAllowedSender InvestigateListResponsePropertiesWhitelistedPatternType = "allowed_sender"` - `const InvestigateListResponsePropertiesWhitelistedPatternTypeAllowedRecipient InvestigateListResponsePropertiesWhitelistedPatternType = "allowed_recipient"` - `const InvestigateListResponsePropertiesWhitelistedPatternTypeDomainSimilarity InvestigateListResponsePropertiesWhitelistedPatternType = "domain_similarity"` - `const InvestigateListResponsePropertiesWhitelistedPatternTypeDomainRecency InvestigateListResponsePropertiesWhitelistedPatternType = "domain_recency"` - `const InvestigateListResponsePropertiesWhitelistedPatternTypeManagedAcceptableSender InvestigateListResponsePropertiesWhitelistedPatternType = "managed_acceptable_sender"` - `const InvestigateListResponsePropertiesWhitelistedPatternTypeOutboundNdr InvestigateListResponsePropertiesWhitelistedPatternType = "outbound_ndr"` - `Ts string` Deprecated, use `scanned_at` instead. End of life: November 1, 2026. - `AlertID string` - `DeliveryMode InvestigateListResponseDeliveryMode` - `const InvestigateListResponseDeliveryModeDirect InvestigateListResponseDeliveryMode = "DIRECT"` - `const InvestigateListResponseDeliveryModeBcc InvestigateListResponseDeliveryMode = "BCC"` - `const InvestigateListResponseDeliveryModeJournal InvestigateListResponseDeliveryMode = "JOURNAL"` - `const InvestigateListResponseDeliveryModeReviewSubmission InvestigateListResponseDeliveryMode = "REVIEW_SUBMISSION"` - `const InvestigateListResponseDeliveryModeDMARCUnverified InvestigateListResponseDeliveryMode = "DMARC_UNVERIFIED"` - `const InvestigateListResponseDeliveryModeDMARCFailureReport InvestigateListResponseDeliveryMode = "DMARC_FAILURE_REPORT"` - `const InvestigateListResponseDeliveryModeDMARCAggregateReport InvestigateListResponseDeliveryMode = "DMARC_AGGREGATE_REPORT"` - `const InvestigateListResponseDeliveryModeThreatIntelSubmission InvestigateListResponseDeliveryMode = "THREAT_INTEL_SUBMISSION"` - `const InvestigateListResponseDeliveryModeSimulationSubmission InvestigateListResponseDeliveryMode = "SIMULATION_SUBMISSION"` - `const InvestigateListResponseDeliveryModeAPI InvestigateListResponseDeliveryMode = "API"` - `const InvestigateListResponseDeliveryModeRetroScan InvestigateListResponseDeliveryMode = "RETRO_SCAN"` - `DeliveryStatus []InvestigateListResponseDeliveryStatus` - `const InvestigateListResponseDeliveryStatusDelivered InvestigateListResponseDeliveryStatus = "delivered"` - `const InvestigateListResponseDeliveryStatusMoved InvestigateListResponseDeliveryStatus = "moved"` - `const InvestigateListResponseDeliveryStatusQuarantined InvestigateListResponseDeliveryStatus = "quarantined"` - `const InvestigateListResponseDeliveryStatusRejected InvestigateListResponseDeliveryStatus = "rejected"` - `const InvestigateListResponseDeliveryStatusDeferred InvestigateListResponseDeliveryStatus = "deferred"` - `const InvestigateListResponseDeliveryStatusBounced InvestigateListResponseDeliveryStatus = "bounced"` - `const InvestigateListResponseDeliveryStatusQueued InvestigateListResponseDeliveryStatus = "queued"` - `EdfHash string` - `EnvelopeFrom string` - `EnvelopeTo []string` - `FinalDisposition InvestigateListResponseFinalDisposition` - `const InvestigateListResponseFinalDispositionMalicious InvestigateListResponseFinalDisposition = "MALICIOUS"` - `const InvestigateListResponseFinalDispositionMaliciousBec InvestigateListResponseFinalDisposition = "MALICIOUS-BEC"` - `const InvestigateListResponseFinalDispositionSuspicious InvestigateListResponseFinalDisposition = "SUSPICIOUS"` - `const InvestigateListResponseFinalDispositionSpoof InvestigateListResponseFinalDisposition = "SPOOF"` - `const InvestigateListResponseFinalDispositionSpam InvestigateListResponseFinalDisposition = "SPAM"` - `const InvestigateListResponseFinalDispositionBulk InvestigateListResponseFinalDisposition = "BULK"` - `const InvestigateListResponseFinalDispositionEncrypted InvestigateListResponseFinalDisposition = "ENCRYPTED"` - `const InvestigateListResponseFinalDispositionExternal InvestigateListResponseFinalDisposition = "EXTERNAL"` - `const InvestigateListResponseFinalDispositionUnknown InvestigateListResponseFinalDisposition = "UNKNOWN"` - `const InvestigateListResponseFinalDispositionNone InvestigateListResponseFinalDisposition = "NONE"` - `Findings []InvestigateListResponseFinding` Deprecated, use the `findings` field from `GET /investigate/{investigate_id}/detections` instead. End of life: November 1, 2026. Detection findings for this message. - `Attachment string` - `Detail string` - `Detection InvestigateListResponseFindingsDetection` - `const InvestigateListResponseFindingsDetectionMalicious InvestigateListResponseFindingsDetection = "MALICIOUS"` - `const InvestigateListResponseFindingsDetectionMaliciousBec InvestigateListResponseFindingsDetection = "MALICIOUS-BEC"` - `const InvestigateListResponseFindingsDetectionSuspicious InvestigateListResponseFindingsDetection = "SUSPICIOUS"` - `const InvestigateListResponseFindingsDetectionSpoof InvestigateListResponseFindingsDetection = "SPOOF"` - `const InvestigateListResponseFindingsDetectionSpam InvestigateListResponseFindingsDetection = "SPAM"` - `const InvestigateListResponseFindingsDetectionBulk InvestigateListResponseFindingsDetection = "BULK"` - `const InvestigateListResponseFindingsDetectionEncrypted InvestigateListResponseFindingsDetection = "ENCRYPTED"` - `const InvestigateListResponseFindingsDetectionExternal InvestigateListResponseFindingsDetection = "EXTERNAL"` - `const InvestigateListResponseFindingsDetectionUnknown InvestigateListResponseFindingsDetection = "UNKNOWN"` - `const InvestigateListResponseFindingsDetectionNone InvestigateListResponseFindingsDetection = "NONE"` - `Field string` - `Name string` - `Portion string` - `Reason string` - `Score float64` - `Value string` - `From string` - `FromName string` - `HtmltextStructureHash string` - `MessageID string` - `PostDeliveryOperations []InvestigateListResponsePostDeliveryOperation` Post-delivery operations performed on this message - `const InvestigateListResponsePostDeliveryOperationPreview InvestigateListResponsePostDeliveryOperation = "PREVIEW"` - `const InvestigateListResponsePostDeliveryOperationQuarantineRelease InvestigateListResponsePostDeliveryOperation = "QUARANTINE_RELEASE"` - `const InvestigateListResponsePostDeliveryOperationSubmission InvestigateListResponsePostDeliveryOperation = "SUBMISSION"` - `const InvestigateListResponsePostDeliveryOperationMove InvestigateListResponsePostDeliveryOperation = "MOVE"` - `PostfixIDOutbound string` - `Replyto string` - `ScannedAt Time` When the message was scanned (UTC) - `SentAt Time` When the message was sent (UTC) - `SentDate string` - `Subject string` - `ThreatCategories []string` - `To []string` - `ToName []string` - `Validation InvestigateListResponseValidation` - `Comment string` - `DKIM InvestigateListResponseValidationDKIM` - `const InvestigateListResponseValidationDKIMPass InvestigateListResponseValidationDKIM = "pass"` - `const InvestigateListResponseValidationDKIMNeutral InvestigateListResponseValidationDKIM = "neutral"` - `const InvestigateListResponseValidationDKIMFail InvestigateListResponseValidationDKIM = "fail"` - `const InvestigateListResponseValidationDKIMError InvestigateListResponseValidationDKIM = "error"` - `const InvestigateListResponseValidationDKIMNone InvestigateListResponseValidationDKIM = "none"` - `DMARC InvestigateListResponseValidationDMARC` - `const InvestigateListResponseValidationDMARCPass InvestigateListResponseValidationDMARC = "pass"` - `const InvestigateListResponseValidationDMARCNeutral InvestigateListResponseValidationDMARC = "neutral"` - `const InvestigateListResponseValidationDMARCFail InvestigateListResponseValidationDMARC = "fail"` - `const InvestigateListResponseValidationDMARCError InvestigateListResponseValidationDMARC = "error"` - `const InvestigateListResponseValidationDMARCNone InvestigateListResponseValidationDMARC = "none"` - `SPF InvestigateListResponseValidationSPF` - `const InvestigateListResponseValidationSPFPass InvestigateListResponseValidationSPF = "pass"` - `const InvestigateListResponseValidationSPFNeutral InvestigateListResponseValidationSPF = "neutral"` - `const InvestigateListResponseValidationSPFFail InvestigateListResponseValidationSPF = "fail"` - `const InvestigateListResponseValidationSPFError InvestigateListResponseValidationSPF = "error"` - `const InvestigateListResponseValidationSPFNone InvestigateListResponseValidationSPF = "none"` ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/email_security" "github.com/cloudflare/cloudflare-go/option" ) func main() { client := cloudflare.NewClient( option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"), ) page, err := client.EmailSecurity.Investigate.List(context.TODO(), email_security.InvestigateListParams{ AccountID: cloudflare.F("023e105f4ecef8ad9ca31a8372d0c353"), }) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", page) } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": [ { "id": "4Njp3P0STMz2c02Q-2024-01-05T10:00:00-12345678", "action_log": [ { "completed_at": "2019-12-27T18:11:19.117Z", "operation": "MOVE", "completed_timestamp": "completed_timestamp", "properties": { "folder": "folder", "requested_by": "requested_by" }, "status": "status" } ], "client_recipients": [ "string" ], "detection_reasons": [ "string" ], "is_phish_submission": true, "is_quarantined": true, "postfix_id": "4Njp3P0STMz2c02Q", "properties": { "allowlisted_pattern": "allowlisted_pattern", "allowlisted_pattern_type": "quarantine_release", "blocklisted_message": true, "blocklisted_pattern": "blocklisted_pattern", "whitelisted_pattern_type": "quarantine_release" }, "ts": "ts", "alert_id": "alert_id", "delivery_mode": "DIRECT", "delivery_status": [ "delivered" ], "edf_hash": "edf_hash", "envelope_from": "envelope_from", "envelope_to": [ "string" ], "final_disposition": "MALICIOUS", "findings": [ { "attachment": "attachment", "detail": "detail", "detection": "MALICIOUS", "field": "field", "name": "name", "portion": "portion", "reason": "reason", "score": 0, "value": "value" } ], "from": "from", "from_name": "from_name", "htmltext_structure_hash": "htmltext_structure_hash", "message_id": "message_id", "post_delivery_operations": [ "PREVIEW" ], "postfix_id_outbound": "postfix_id_outbound", "replyto": "replyto", "scanned_at": "2019-12-27T18:11:19.117Z", "sent_at": "2019-12-27T18:11:19.117Z", "sent_date": "sent_date", "subject": "subject", "threat_categories": [ "string" ], "to": [ "string" ], "to_name": [ "string" ], "validation": { "comment": "comment", "dkim": "pass", "dmarc": "pass", "spf": "pass" } } ], "result_info": { "count": 0, "per_page": 0, "total_count": 0, "next": "next", "page": 0, "previous": "previous" }, "success": true } ``` ## Get message details `client.EmailSecurity.Investigate.Get(ctx, investigateID, params) (*InvestigateGetResponse, error)` **get** `/accounts/{account_id}/email-security/investigate/{investigate_id}` Retrieves comprehensive details for a specific email message including headers, recipients, sender information, and current quarantine status. Use the investigate_id from search results to fetch detailed information. ### Parameters - `investigateID string` Unique identifier for a message retrieved from investigation - `params InvestigateGetParams` - `AccountID param.Field[string]` Path param: Identifier. - `Submission param.Field[bool]` Query param: When true, search the submissions datastore only. When false or omitted, search the regular datastore only. ### Returns - `type InvestigateGetResponse struct{…}` - `ID string` Unique identifier for a message retrieved from investigation - `ActionLog []InvestigateGetResponseActionLog` Deprecated, use `GET /investigate/{investigate_id}/action_log` instead. End of life: November 1, 2026. - `CompletedAt Time` Timestamp when action completed - `Operation InvestigateGetResponseActionLogOperation` Type of action performed - `const InvestigateGetResponseActionLogOperationMove InvestigateGetResponseActionLogOperation = "MOVE"` - `const InvestigateGetResponseActionLogOperationRelease InvestigateGetResponseActionLogOperation = "RELEASE"` - `const InvestigateGetResponseActionLogOperationReclassify InvestigateGetResponseActionLogOperation = "RECLASSIFY"` - `const InvestigateGetResponseActionLogOperationSubmission InvestigateGetResponseActionLogOperation = "SUBMISSION"` - `const InvestigateGetResponseActionLogOperationQuarantineRelease InvestigateGetResponseActionLogOperation = "QUARANTINE_RELEASE"` - `const InvestigateGetResponseActionLogOperationPreview InvestigateGetResponseActionLogOperation = "PREVIEW"` - `CompletedTimestamp string` Deprecated, use `completed_at` instead. End of life: November 1, 2026. - `Properties InvestigateGetResponseActionLogProperties` Additional properties for the action - `Folder string` Target folder for move operations - `RequestedBy string` User who requested the action - `Status string` Status of the action - `ClientRecipients []string` - `DetectionReasons []string` - `IsPhishSubmission bool` - `IsQuarantined bool` - `PostfixID string` The identifier of the message - `Properties InvestigateGetResponseProperties` Message processing properties - `AllowlistedPattern string` Pattern that allowlisted this message - `AllowlistedPatternType InvestigateGetResponsePropertiesAllowlistedPatternType` Type of allowlist pattern - `const InvestigateGetResponsePropertiesAllowlistedPatternTypeQuarantineRelease InvestigateGetResponsePropertiesAllowlistedPatternType = "quarantine_release"` - `const InvestigateGetResponsePropertiesAllowlistedPatternTypeAcceptableSender InvestigateGetResponsePropertiesAllowlistedPatternType = "acceptable_sender"` - `const InvestigateGetResponsePropertiesAllowlistedPatternTypeAllowedSender InvestigateGetResponsePropertiesAllowlistedPatternType = "allowed_sender"` - `const InvestigateGetResponsePropertiesAllowlistedPatternTypeAllowedRecipient InvestigateGetResponsePropertiesAllowlistedPatternType = "allowed_recipient"` - `const InvestigateGetResponsePropertiesAllowlistedPatternTypeDomainSimilarity InvestigateGetResponsePropertiesAllowlistedPatternType = "domain_similarity"` - `const InvestigateGetResponsePropertiesAllowlistedPatternTypeDomainRecency InvestigateGetResponsePropertiesAllowlistedPatternType = "domain_recency"` - `const InvestigateGetResponsePropertiesAllowlistedPatternTypeManagedAcceptableSender InvestigateGetResponsePropertiesAllowlistedPatternType = "managed_acceptable_sender"` - `const InvestigateGetResponsePropertiesAllowlistedPatternTypeOutboundNdr InvestigateGetResponsePropertiesAllowlistedPatternType = "outbound_ndr"` - `BlocklistedMessage bool` Whether message was blocklisted - `BlocklistedPattern string` Pattern that blocklisted this message - `WhitelistedPatternType InvestigateGetResponsePropertiesWhitelistedPatternType` Legacy field for allowlist pattern type - `const InvestigateGetResponsePropertiesWhitelistedPatternTypeQuarantineRelease InvestigateGetResponsePropertiesWhitelistedPatternType = "quarantine_release"` - `const InvestigateGetResponsePropertiesWhitelistedPatternTypeAcceptableSender InvestigateGetResponsePropertiesWhitelistedPatternType = "acceptable_sender"` - `const InvestigateGetResponsePropertiesWhitelistedPatternTypeAllowedSender InvestigateGetResponsePropertiesWhitelistedPatternType = "allowed_sender"` - `const InvestigateGetResponsePropertiesWhitelistedPatternTypeAllowedRecipient InvestigateGetResponsePropertiesWhitelistedPatternType = "allowed_recipient"` - `const InvestigateGetResponsePropertiesWhitelistedPatternTypeDomainSimilarity InvestigateGetResponsePropertiesWhitelistedPatternType = "domain_similarity"` - `const InvestigateGetResponsePropertiesWhitelistedPatternTypeDomainRecency InvestigateGetResponsePropertiesWhitelistedPatternType = "domain_recency"` - `const InvestigateGetResponsePropertiesWhitelistedPatternTypeManagedAcceptableSender InvestigateGetResponsePropertiesWhitelistedPatternType = "managed_acceptable_sender"` - `const InvestigateGetResponsePropertiesWhitelistedPatternTypeOutboundNdr InvestigateGetResponsePropertiesWhitelistedPatternType = "outbound_ndr"` - `Ts string` Deprecated, use `scanned_at` instead. End of life: November 1, 2026. - `AlertID string` - `DeliveryMode InvestigateGetResponseDeliveryMode` - `const InvestigateGetResponseDeliveryModeDirect InvestigateGetResponseDeliveryMode = "DIRECT"` - `const InvestigateGetResponseDeliveryModeBcc InvestigateGetResponseDeliveryMode = "BCC"` - `const InvestigateGetResponseDeliveryModeJournal InvestigateGetResponseDeliveryMode = "JOURNAL"` - `const InvestigateGetResponseDeliveryModeReviewSubmission InvestigateGetResponseDeliveryMode = "REVIEW_SUBMISSION"` - `const InvestigateGetResponseDeliveryModeDMARCUnverified InvestigateGetResponseDeliveryMode = "DMARC_UNVERIFIED"` - `const InvestigateGetResponseDeliveryModeDMARCFailureReport InvestigateGetResponseDeliveryMode = "DMARC_FAILURE_REPORT"` - `const InvestigateGetResponseDeliveryModeDMARCAggregateReport InvestigateGetResponseDeliveryMode = "DMARC_AGGREGATE_REPORT"` - `const InvestigateGetResponseDeliveryModeThreatIntelSubmission InvestigateGetResponseDeliveryMode = "THREAT_INTEL_SUBMISSION"` - `const InvestigateGetResponseDeliveryModeSimulationSubmission InvestigateGetResponseDeliveryMode = "SIMULATION_SUBMISSION"` - `const InvestigateGetResponseDeliveryModeAPI InvestigateGetResponseDeliveryMode = "API"` - `const InvestigateGetResponseDeliveryModeRetroScan InvestigateGetResponseDeliveryMode = "RETRO_SCAN"` - `DeliveryStatus []InvestigateGetResponseDeliveryStatus` - `const InvestigateGetResponseDeliveryStatusDelivered InvestigateGetResponseDeliveryStatus = "delivered"` - `const InvestigateGetResponseDeliveryStatusMoved InvestigateGetResponseDeliveryStatus = "moved"` - `const InvestigateGetResponseDeliveryStatusQuarantined InvestigateGetResponseDeliveryStatus = "quarantined"` - `const InvestigateGetResponseDeliveryStatusRejected InvestigateGetResponseDeliveryStatus = "rejected"` - `const InvestigateGetResponseDeliveryStatusDeferred InvestigateGetResponseDeliveryStatus = "deferred"` - `const InvestigateGetResponseDeliveryStatusBounced InvestigateGetResponseDeliveryStatus = "bounced"` - `const InvestigateGetResponseDeliveryStatusQueued InvestigateGetResponseDeliveryStatus = "queued"` - `EdfHash string` - `EnvelopeFrom string` - `EnvelopeTo []string` - `FinalDisposition InvestigateGetResponseFinalDisposition` - `const InvestigateGetResponseFinalDispositionMalicious InvestigateGetResponseFinalDisposition = "MALICIOUS"` - `const InvestigateGetResponseFinalDispositionMaliciousBec InvestigateGetResponseFinalDisposition = "MALICIOUS-BEC"` - `const InvestigateGetResponseFinalDispositionSuspicious InvestigateGetResponseFinalDisposition = "SUSPICIOUS"` - `const InvestigateGetResponseFinalDispositionSpoof InvestigateGetResponseFinalDisposition = "SPOOF"` - `const InvestigateGetResponseFinalDispositionSpam InvestigateGetResponseFinalDisposition = "SPAM"` - `const InvestigateGetResponseFinalDispositionBulk InvestigateGetResponseFinalDisposition = "BULK"` - `const InvestigateGetResponseFinalDispositionEncrypted InvestigateGetResponseFinalDisposition = "ENCRYPTED"` - `const InvestigateGetResponseFinalDispositionExternal InvestigateGetResponseFinalDisposition = "EXTERNAL"` - `const InvestigateGetResponseFinalDispositionUnknown InvestigateGetResponseFinalDisposition = "UNKNOWN"` - `const InvestigateGetResponseFinalDispositionNone InvestigateGetResponseFinalDisposition = "NONE"` - `Findings []InvestigateGetResponseFinding` Deprecated, use the `findings` field from `GET /investigate/{investigate_id}/detections` instead. End of life: November 1, 2026. Detection findings for this message. - `Attachment string` - `Detail string` - `Detection InvestigateGetResponseFindingsDetection` - `const InvestigateGetResponseFindingsDetectionMalicious InvestigateGetResponseFindingsDetection = "MALICIOUS"` - `const InvestigateGetResponseFindingsDetectionMaliciousBec InvestigateGetResponseFindingsDetection = "MALICIOUS-BEC"` - `const InvestigateGetResponseFindingsDetectionSuspicious InvestigateGetResponseFindingsDetection = "SUSPICIOUS"` - `const InvestigateGetResponseFindingsDetectionSpoof InvestigateGetResponseFindingsDetection = "SPOOF"` - `const InvestigateGetResponseFindingsDetectionSpam InvestigateGetResponseFindingsDetection = "SPAM"` - `const InvestigateGetResponseFindingsDetectionBulk InvestigateGetResponseFindingsDetection = "BULK"` - `const InvestigateGetResponseFindingsDetectionEncrypted InvestigateGetResponseFindingsDetection = "ENCRYPTED"` - `const InvestigateGetResponseFindingsDetectionExternal InvestigateGetResponseFindingsDetection = "EXTERNAL"` - `const InvestigateGetResponseFindingsDetectionUnknown InvestigateGetResponseFindingsDetection = "UNKNOWN"` - `const InvestigateGetResponseFindingsDetectionNone InvestigateGetResponseFindingsDetection = "NONE"` - `Field string` - `Name string` - `Portion string` - `Reason string` - `Score float64` - `Value string` - `From string` - `FromName string` - `HtmltextStructureHash string` - `MessageID string` - `PostDeliveryOperations []InvestigateGetResponsePostDeliveryOperation` Post-delivery operations performed on this message - `const InvestigateGetResponsePostDeliveryOperationPreview InvestigateGetResponsePostDeliveryOperation = "PREVIEW"` - `const InvestigateGetResponsePostDeliveryOperationQuarantineRelease InvestigateGetResponsePostDeliveryOperation = "QUARANTINE_RELEASE"` - `const InvestigateGetResponsePostDeliveryOperationSubmission InvestigateGetResponsePostDeliveryOperation = "SUBMISSION"` - `const InvestigateGetResponsePostDeliveryOperationMove InvestigateGetResponsePostDeliveryOperation = "MOVE"` - `PostfixIDOutbound string` - `Replyto string` - `ScannedAt Time` When the message was scanned (UTC) - `SentAt Time` When the message was sent (UTC) - `SentDate string` - `Subject string` - `ThreatCategories []string` - `To []string` - `ToName []string` - `Validation InvestigateGetResponseValidation` - `Comment string` - `DKIM InvestigateGetResponseValidationDKIM` - `const InvestigateGetResponseValidationDKIMPass InvestigateGetResponseValidationDKIM = "pass"` - `const InvestigateGetResponseValidationDKIMNeutral InvestigateGetResponseValidationDKIM = "neutral"` - `const InvestigateGetResponseValidationDKIMFail InvestigateGetResponseValidationDKIM = "fail"` - `const InvestigateGetResponseValidationDKIMError InvestigateGetResponseValidationDKIM = "error"` - `const InvestigateGetResponseValidationDKIMNone InvestigateGetResponseValidationDKIM = "none"` - `DMARC InvestigateGetResponseValidationDMARC` - `const InvestigateGetResponseValidationDMARCPass InvestigateGetResponseValidationDMARC = "pass"` - `const InvestigateGetResponseValidationDMARCNeutral InvestigateGetResponseValidationDMARC = "neutral"` - `const InvestigateGetResponseValidationDMARCFail InvestigateGetResponseValidationDMARC = "fail"` - `const InvestigateGetResponseValidationDMARCError InvestigateGetResponseValidationDMARC = "error"` - `const InvestigateGetResponseValidationDMARCNone InvestigateGetResponseValidationDMARC = "none"` - `SPF InvestigateGetResponseValidationSPF` - `const InvestigateGetResponseValidationSPFPass InvestigateGetResponseValidationSPF = "pass"` - `const InvestigateGetResponseValidationSPFNeutral InvestigateGetResponseValidationSPF = "neutral"` - `const InvestigateGetResponseValidationSPFFail InvestigateGetResponseValidationSPF = "fail"` - `const InvestigateGetResponseValidationSPFError InvestigateGetResponseValidationSPF = "error"` - `const InvestigateGetResponseValidationSPFNone InvestigateGetResponseValidationSPF = "none"` ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/email_security" "github.com/cloudflare/cloudflare-go/option" ) func main() { client := cloudflare.NewClient( option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"), ) investigate, err := client.EmailSecurity.Investigate.Get( context.TODO(), "4Njp3P0STMz2c02Q-2024-01-05T10:00:00-12345678", email_security.InvestigateGetParams{ AccountID: cloudflare.F("023e105f4ecef8ad9ca31a8372d0c353"), }, ) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", investigate.ID) } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": { "id": "4Njp3P0STMz2c02Q-2024-01-05T10:00:00-12345678", "action_log": [ { "completed_at": "2019-12-27T18:11:19.117Z", "operation": "MOVE", "completed_timestamp": "completed_timestamp", "properties": { "folder": "folder", "requested_by": "requested_by" }, "status": "status" } ], "client_recipients": [ "string" ], "detection_reasons": [ "string" ], "is_phish_submission": true, "is_quarantined": true, "postfix_id": "4Njp3P0STMz2c02Q", "properties": { "allowlisted_pattern": "allowlisted_pattern", "allowlisted_pattern_type": "quarantine_release", "blocklisted_message": true, "blocklisted_pattern": "blocklisted_pattern", "whitelisted_pattern_type": "quarantine_release" }, "ts": "ts", "alert_id": "alert_id", "delivery_mode": "DIRECT", "delivery_status": [ "delivered" ], "edf_hash": "edf_hash", "envelope_from": "envelope_from", "envelope_to": [ "string" ], "final_disposition": "MALICIOUS", "findings": [ { "attachment": "attachment", "detail": "detail", "detection": "MALICIOUS", "field": "field", "name": "name", "portion": "portion", "reason": "reason", "score": 0, "value": "value" } ], "from": "from", "from_name": "from_name", "htmltext_structure_hash": "htmltext_structure_hash", "message_id": "message_id", "post_delivery_operations": [ "PREVIEW" ], "postfix_id_outbound": "postfix_id_outbound", "replyto": "replyto", "scanned_at": "2019-12-27T18:11:19.117Z", "sent_at": "2019-12-27T18:11:19.117Z", "sent_date": "sent_date", "subject": "subject", "threat_categories": [ "string" ], "to": [ "string" ], "to_name": [ "string" ], "validation": { "comment": "comment", "dkim": "pass", "dmarc": "pass", "spf": "pass" } }, "success": true } ``` # Detections ## Get message detection details `client.EmailSecurity.Investigate.Detections.Get(ctx, investigateID, query) (*InvestigateDetectionGetResponse, error)` **get** `/accounts/{account_id}/email-security/investigate/{investigate_id}/detections` Returns detection details such as threat categories and sender information for non-benign messages. ### Parameters - `investigateID string` Unique identifier for a message retrieved from investigation - `query InvestigateDetectionGetParams` - `AccountID param.Field[string]` Identifier. ### Returns - `type InvestigateDetectionGetResponse struct{…}` - `Action string` - `Attachments []InvestigateDetectionGetResponseAttachment` - `Size int64` Size of the attachment in bytes - `ContentType string` MIME type of the attachment - `Detection InvestigateDetectionGetResponseAttachmentsDetection` Detection result for this attachment - `const InvestigateDetectionGetResponseAttachmentsDetectionMalicious InvestigateDetectionGetResponseAttachmentsDetection = "MALICIOUS"` - `const InvestigateDetectionGetResponseAttachmentsDetectionMaliciousBec InvestigateDetectionGetResponseAttachmentsDetection = "MALICIOUS-BEC"` - `const InvestigateDetectionGetResponseAttachmentsDetectionSuspicious InvestigateDetectionGetResponseAttachmentsDetection = "SUSPICIOUS"` - `const InvestigateDetectionGetResponseAttachmentsDetectionSpoof InvestigateDetectionGetResponseAttachmentsDetection = "SPOOF"` - `const InvestigateDetectionGetResponseAttachmentsDetectionSpam InvestigateDetectionGetResponseAttachmentsDetection = "SPAM"` - `const InvestigateDetectionGetResponseAttachmentsDetectionBulk InvestigateDetectionGetResponseAttachmentsDetection = "BULK"` - `const InvestigateDetectionGetResponseAttachmentsDetectionEncrypted InvestigateDetectionGetResponseAttachmentsDetection = "ENCRYPTED"` - `const InvestigateDetectionGetResponseAttachmentsDetectionExternal InvestigateDetectionGetResponseAttachmentsDetection = "EXTERNAL"` - `const InvestigateDetectionGetResponseAttachmentsDetectionUnknown InvestigateDetectionGetResponseAttachmentsDetection = "UNKNOWN"` - `const InvestigateDetectionGetResponseAttachmentsDetectionNone InvestigateDetectionGetResponseAttachmentsDetection = "NONE"` - `Encrypted bool` Whether the attachment is encrypted - `Filename string` Name of the attached file - `Md5 string` MD5 hash of the attachment - `Name string` Attachment name (alternative to filename) - `Sha1 string` SHA1 hash of the attachment - `Sha256 string` SHA256 hash of the attachment - `Findings []InvestigateDetectionGetResponseFinding` - `Attachment string` - `Detail string` - `Detection InvestigateDetectionGetResponseFindingsDetection` - `const InvestigateDetectionGetResponseFindingsDetectionMalicious InvestigateDetectionGetResponseFindingsDetection = "MALICIOUS"` - `const InvestigateDetectionGetResponseFindingsDetectionMaliciousBec InvestigateDetectionGetResponseFindingsDetection = "MALICIOUS-BEC"` - `const InvestigateDetectionGetResponseFindingsDetectionSuspicious InvestigateDetectionGetResponseFindingsDetection = "SUSPICIOUS"` - `const InvestigateDetectionGetResponseFindingsDetectionSpoof InvestigateDetectionGetResponseFindingsDetection = "SPOOF"` - `const InvestigateDetectionGetResponseFindingsDetectionSpam InvestigateDetectionGetResponseFindingsDetection = "SPAM"` - `const InvestigateDetectionGetResponseFindingsDetectionBulk InvestigateDetectionGetResponseFindingsDetection = "BULK"` - `const InvestigateDetectionGetResponseFindingsDetectionEncrypted InvestigateDetectionGetResponseFindingsDetection = "ENCRYPTED"` - `const InvestigateDetectionGetResponseFindingsDetectionExternal InvestigateDetectionGetResponseFindingsDetection = "EXTERNAL"` - `const InvestigateDetectionGetResponseFindingsDetectionUnknown InvestigateDetectionGetResponseFindingsDetection = "UNKNOWN"` - `const InvestigateDetectionGetResponseFindingsDetectionNone InvestigateDetectionGetResponseFindingsDetection = "NONE"` - `Field string` - `Name string` - `Portion string` - `Reason string` - `Score float64` - `Value string` - `Headers []InvestigateDetectionGetResponseHeader` - `Name string` - `Value string` - `Links []InvestigateDetectionGetResponseLink` - `Href string` - `Text string` - `SenderInfo InvestigateDetectionGetResponseSenderInfo` - `AsName string` The name of the autonomous system. - `AsNumber int64` The number of the autonomous system. - `Geo string` - `IP string` - `Pld string` - `ThreatCategories []InvestigateDetectionGetResponseThreatCategory` - `ID int64` - `Description string` - `Name string` - `Validation InvestigateDetectionGetResponseValidation` - `Comment string` - `DKIM InvestigateDetectionGetResponseValidationDKIM` - `const InvestigateDetectionGetResponseValidationDKIMPass InvestigateDetectionGetResponseValidationDKIM = "pass"` - `const InvestigateDetectionGetResponseValidationDKIMNeutral InvestigateDetectionGetResponseValidationDKIM = "neutral"` - `const InvestigateDetectionGetResponseValidationDKIMFail InvestigateDetectionGetResponseValidationDKIM = "fail"` - `const InvestigateDetectionGetResponseValidationDKIMError InvestigateDetectionGetResponseValidationDKIM = "error"` - `const InvestigateDetectionGetResponseValidationDKIMNone InvestigateDetectionGetResponseValidationDKIM = "none"` - `DMARC InvestigateDetectionGetResponseValidationDMARC` - `const InvestigateDetectionGetResponseValidationDMARCPass InvestigateDetectionGetResponseValidationDMARC = "pass"` - `const InvestigateDetectionGetResponseValidationDMARCNeutral InvestigateDetectionGetResponseValidationDMARC = "neutral"` - `const InvestigateDetectionGetResponseValidationDMARCFail InvestigateDetectionGetResponseValidationDMARC = "fail"` - `const InvestigateDetectionGetResponseValidationDMARCError InvestigateDetectionGetResponseValidationDMARC = "error"` - `const InvestigateDetectionGetResponseValidationDMARCNone InvestigateDetectionGetResponseValidationDMARC = "none"` - `SPF InvestigateDetectionGetResponseValidationSPF` - `const InvestigateDetectionGetResponseValidationSPFPass InvestigateDetectionGetResponseValidationSPF = "pass"` - `const InvestigateDetectionGetResponseValidationSPFNeutral InvestigateDetectionGetResponseValidationSPF = "neutral"` - `const InvestigateDetectionGetResponseValidationSPFFail InvestigateDetectionGetResponseValidationSPF = "fail"` - `const InvestigateDetectionGetResponseValidationSPFError InvestigateDetectionGetResponseValidationSPF = "error"` - `const InvestigateDetectionGetResponseValidationSPFNone InvestigateDetectionGetResponseValidationSPF = "none"` - `FinalDisposition InvestigateDetectionGetResponseFinalDisposition` - `const InvestigateDetectionGetResponseFinalDispositionMalicious InvestigateDetectionGetResponseFinalDisposition = "MALICIOUS"` - `const InvestigateDetectionGetResponseFinalDispositionMaliciousBec InvestigateDetectionGetResponseFinalDisposition = "MALICIOUS-BEC"` - `const InvestigateDetectionGetResponseFinalDispositionSuspicious InvestigateDetectionGetResponseFinalDisposition = "SUSPICIOUS"` - `const InvestigateDetectionGetResponseFinalDispositionSpoof InvestigateDetectionGetResponseFinalDisposition = "SPOOF"` - `const InvestigateDetectionGetResponseFinalDispositionSpam InvestigateDetectionGetResponseFinalDisposition = "SPAM"` - `const InvestigateDetectionGetResponseFinalDispositionBulk InvestigateDetectionGetResponseFinalDisposition = "BULK"` - `const InvestigateDetectionGetResponseFinalDispositionEncrypted InvestigateDetectionGetResponseFinalDisposition = "ENCRYPTED"` - `const InvestigateDetectionGetResponseFinalDispositionExternal InvestigateDetectionGetResponseFinalDisposition = "EXTERNAL"` - `const InvestigateDetectionGetResponseFinalDispositionUnknown InvestigateDetectionGetResponseFinalDisposition = "UNKNOWN"` - `const InvestigateDetectionGetResponseFinalDispositionNone InvestigateDetectionGetResponseFinalDisposition = "NONE"` ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/email_security" "github.com/cloudflare/cloudflare-go/option" ) func main() { client := cloudflare.NewClient( option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"), ) detection, err := client.EmailSecurity.Investigate.Detections.Get( context.TODO(), "4Njp3P0STMz2c02Q-2024-01-05T10:00:00-12345678", email_security.InvestigateDetectionGetParams{ AccountID: cloudflare.F("023e105f4ecef8ad9ca31a8372d0c353"), }, ) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", detection.Validation) } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": { "action": "action", "attachments": [ { "size": 0, "content_type": "content_type", "detection": "MALICIOUS", "encrypted": true, "filename": "filename", "md5": "md5", "name": "name", "sha1": "sha1", "sha256": "sha256" } ], "findings": [ { "attachment": "attachment", "detail": "detail", "detection": "MALICIOUS", "field": "field", "name": "name", "portion": "portion", "reason": "reason", "score": 0, "value": "value" } ], "headers": [ { "name": "name", "value": "value" } ], "links": [ { "href": "href", "text": "text" } ], "sender_info": { "as_name": "as_name", "as_number": 0, "geo": "geo", "ip": "ip", "pld": "pld" }, "threat_categories": [ { "id": 0, "description": "description", "name": "name" } ], "validation": { "comment": "comment", "dkim": "pass", "dmarc": "pass", "spf": "pass" }, "final_disposition": "MALICIOUS" }, "success": true } ``` # Preview ## Get email preview `client.EmailSecurity.Investigate.Preview.Get(ctx, investigateID, query) (*InvestigatePreviewGetResponse, error)` **get** `/accounts/{account_id}/email-security/investigate/{investigate_id}/preview` Returns a preview of the message body as a base64 encoded PNG image for non-benign messages. ### Parameters - `investigateID string` Unique identifier for a message retrieved from investigation - `query InvestigatePreviewGetParams` - `AccountID param.Field[string]` Identifier. ### Returns - `type InvestigatePreviewGetResponse struct{…}` - `Screenshot string` A base64 encoded PNG image of the email. ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/email_security" "github.com/cloudflare/cloudflare-go/option" ) func main() { client := cloudflare.NewClient( option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"), ) preview, err := client.EmailSecurity.Investigate.Preview.Get( context.TODO(), "4Njp3P0STMz2c02Q-2024-01-05T10:00:00-12345678", email_security.InvestigatePreviewGetParams{ AccountID: cloudflare.F("023e105f4ecef8ad9ca31a8372d0c353"), }, ) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", preview.Screenshot) } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": { "screenshot": "screenshot" }, "success": true } ``` ## Preview for non-detection messages `client.EmailSecurity.Investigate.Preview.New(ctx, params) (*InvestigatePreviewNewResponse, error)` **post** `/accounts/{account_id}/email-security/investigate/preview` Generates a preview image for a message that was not flagged as a detection. Useful for investigating benign messages. Returns a base64-encoded PNG screenshot of the email body. ### Parameters - `params InvestigatePreviewNewParams` - `AccountID param.Field[string]` Path param: Identifier. - `PostfixID param.Field[string]` Body param: The identifier of the message ### Returns - `type InvestigatePreviewNewResponse struct{…}` - `Screenshot string` A base64 encoded PNG image of the email. ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/email_security" "github.com/cloudflare/cloudflare-go/option" ) func main() { client := cloudflare.NewClient( option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"), ) preview, err := client.EmailSecurity.Investigate.Preview.New(context.TODO(), email_security.InvestigatePreviewNewParams{ AccountID: cloudflare.F("023e105f4ecef8ad9ca31a8372d0c353"), PostfixID: cloudflare.F("4Njp3P0STMz2c02Q"), }) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", preview.Screenshot) } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": { "screenshot": "screenshot" }, "success": true } ``` # Raw ## Get raw email content `client.EmailSecurity.Investigate.Raw.Get(ctx, investigateID, query) (*InvestigateRawGetResponse, error)` **get** `/accounts/{account_id}/email-security/investigate/{investigate_id}/raw` Returns the raw eml of any non-benign message. ### Parameters - `investigateID string` Unique identifier for a message retrieved from investigation - `query InvestigateRawGetParams` - `AccountID param.Field[string]` Identifier. ### Returns - `type InvestigateRawGetResponse struct{…}` - `Raw string` A UTF-8 encoded eml file of the email. ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/email_security" "github.com/cloudflare/cloudflare-go/option" ) func main() { client := cloudflare.NewClient( option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"), ) raw, err := client.EmailSecurity.Investigate.Raw.Get( context.TODO(), "4Njp3P0STMz2c02Q-2024-01-05T10:00:00-12345678", email_security.InvestigateRawGetParams{ AccountID: cloudflare.F("023e105f4ecef8ad9ca31a8372d0c353"), }, ) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", raw.Raw) } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": { "raw": "raw" }, "success": true } ``` # Trace ## Get email trace `client.EmailSecurity.Investigate.Trace.Get(ctx, investigateID, query) (*InvestigateTraceGetResponse, error)` **get** `/accounts/{account_id}/email-security/investigate/{investigate_id}/trace` Retrieves delivery and processing trace information for an email message. Shows the delivery path, retraction history, and move operations performed on the message. Useful for debugging delivery issues. ### Parameters - `investigateID string` Unique identifier for a message retrieved from investigation - `query InvestigateTraceGetParams` - `AccountID param.Field[string]` Identifier. ### Returns - `type InvestigateTraceGetResponse struct{…}` - `Inbound InvestigateTraceGetResponseInbound` - `Lines []InvestigateTraceGetResponseInboundLine` - `Lineno int64` Line number in the trace log - `LoggedAt Time` - `Message string` - `Ts string` Deprecated, use `logged_at` instead. End of life: November 1, 2026. - `Pending bool` - `Outbound InvestigateTraceGetResponseOutbound` - `Lines []InvestigateTraceGetResponseOutboundLine` - `Lineno int64` Line number in the trace log - `LoggedAt Time` - `Message string` - `Ts string` Deprecated, use `logged_at` instead. End of life: November 1, 2026. - `Pending bool` ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/email_security" "github.com/cloudflare/cloudflare-go/option" ) func main() { client := cloudflare.NewClient( option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"), ) trace, err := client.EmailSecurity.Investigate.Trace.Get( context.TODO(), "4Njp3P0STMz2c02Q-2024-01-05T10:00:00-12345678", email_security.InvestigateTraceGetParams{ AccountID: cloudflare.F("023e105f4ecef8ad9ca31a8372d0c353"), }, ) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", trace.Inbound) } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": { "inbound": { "lines": [ { "lineno": 0, "logged_at": "2019-12-27T18:11:19.117Z", "message": "message", "ts": "ts" } ], "pending": true }, "outbound": { "lines": [ { "lineno": 0, "logged_at": "2019-12-27T18:11:19.117Z", "message": "message", "ts": "ts" } ], "pending": true } }, "success": true } ``` # Move ## Move a message `client.EmailSecurity.Investigate.Move.New(ctx, investigateID, params) (*SinglePage[InvestigateMoveNewResponse], error)` **post** `/accounts/{account_id}/email-security/investigate/{investigate_id}/move` Moves a single message to a specified mailbox folder (Inbox, JunkEmail, DeletedItems, RecoverableItemsDeletions, or RecoverableItemsPurges). Requires active integration. ### Parameters - `investigateID string` Unique identifier for a message retrieved from investigation - `params InvestigateMoveNewParams` - `AccountID param.Field[string]` Path param: Identifier. - `Destination param.Field[InvestigateMoveNewParamsDestination]` Body param - `const InvestigateMoveNewParamsDestinationInbox InvestigateMoveNewParamsDestination = "Inbox"` - `const InvestigateMoveNewParamsDestinationJunkEmail InvestigateMoveNewParamsDestination = "JunkEmail"` - `const InvestigateMoveNewParamsDestinationDeletedItems InvestigateMoveNewParamsDestination = "DeletedItems"` - `const InvestigateMoveNewParamsDestinationRecoverableItemsDeletions InvestigateMoveNewParamsDestination = "RecoverableItemsDeletions"` - `const InvestigateMoveNewParamsDestinationRecoverableItemsPurges InvestigateMoveNewParamsDestination = "RecoverableItemsPurges"` ### Returns - `type InvestigateMoveNewResponse struct{…}` - `Success bool` Whether the operation succeeded - `CompletedAt Time` When the move operation completed (UTC) - `CompletedTimestamp Time` Deprecated, use `completed_at` instead. End of life: November 1, 2026. - `Destination string` Destination folder for the message - `ItemCount int64` Number of items moved. End of life: November 1, 2026. - `MessageID string` Message identifier - `Operation string` Type of operation performed - `Recipient string` Recipient email address - `Status string` Operation status ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/email_security" "github.com/cloudflare/cloudflare-go/option" ) func main() { client := cloudflare.NewClient( option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"), ) page, err := client.EmailSecurity.Investigate.Move.New( context.TODO(), "4Njp3P0STMz2c02Q-2024-01-05T10:00:00-12345678", email_security.InvestigateMoveNewParams{ AccountID: cloudflare.F("023e105f4ecef8ad9ca31a8372d0c353"), Destination: cloudflare.F(email_security.InvestigateMoveNewParamsDestinationInbox), }, ) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", page) } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": [ { "success": true, "completed_at": "2019-12-27T18:11:19.117Z", "completed_timestamp": "2019-12-27T18:11:19.117Z", "destination": "destination", "item_count": 0, "message_id": "message_id", "operation": "operation", "recipient": "recipient", "status": "status" } ], "success": true } ``` ## Move multiple messages `client.EmailSecurity.Investigate.Move.Bulk(ctx, params) (*SinglePage[InvestigateMoveBulkResponse], error)` **post** `/accounts/{account_id}/email-security/investigate/move` Moves multiple messages to a specified mailbox folder (Inbox, JunkEmail, DeletedItems, RecoverableItemsDeletions, or RecoverableItemsPurges). Requires active integration. ### Parameters - `params InvestigateMoveBulkParams` - `AccountID param.Field[string]` Path param: Identifier. - `Destination param.Field[InvestigateMoveBulkParamsDestination]` Body param - `const InvestigateMoveBulkParamsDestinationInbox InvestigateMoveBulkParamsDestination = "Inbox"` - `const InvestigateMoveBulkParamsDestinationJunkEmail InvestigateMoveBulkParamsDestination = "JunkEmail"` - `const InvestigateMoveBulkParamsDestinationDeletedItems InvestigateMoveBulkParamsDestination = "DeletedItems"` - `const InvestigateMoveBulkParamsDestinationRecoverableItemsDeletions InvestigateMoveBulkParamsDestination = "RecoverableItemsDeletions"` - `const InvestigateMoveBulkParamsDestinationRecoverableItemsPurges InvestigateMoveBulkParamsDestination = "RecoverableItemsPurges"` - `IDs param.Field[[]string]` Body param: List of message IDs to move - `PostfixIDs param.Field[[]string]` Body param: Deprecated, use `ids` instead. End of life: November 1, 2026. List of message IDs to move. ### Returns - `type InvestigateMoveBulkResponse struct{…}` - `Success bool` Whether the operation succeeded - `CompletedAt Time` When the move operation completed (UTC) - `CompletedTimestamp Time` Deprecated, use `completed_at` instead. End of life: November 1, 2026. - `Destination string` Destination folder for the message - `ItemCount int64` Number of items moved. End of life: November 1, 2026. - `MessageID string` Message identifier - `Operation string` Type of operation performed - `Recipient string` Recipient email address - `Status string` Operation status ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/email_security" "github.com/cloudflare/cloudflare-go/option" ) func main() { client := cloudflare.NewClient( option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"), ) page, err := client.EmailSecurity.Investigate.Move.Bulk(context.TODO(), email_security.InvestigateMoveBulkParams{ AccountID: cloudflare.F("023e105f4ecef8ad9ca31a8372d0c353"), Destination: cloudflare.F(email_security.InvestigateMoveBulkParamsDestinationInbox), }) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", page) } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": [ { "success": true, "completed_at": "2019-12-27T18:11:19.117Z", "completed_timestamp": "2019-12-27T18:11:19.117Z", "destination": "destination", "item_count": 0, "message_id": "message_id", "operation": "operation", "recipient": "recipient", "status": "status" } ], "success": true } ``` # Reclassify ## Change email classification `client.EmailSecurity.Investigate.Reclassify.New(ctx, investigateID, params) (*InvestigateReclassifyNewResponse, error)` **post** `/accounts/{account_id}/email-security/investigate/{investigate_id}/reclassify` Submits a request to reclassify an email's disposition. Use for reporting false positives or false negatives. Optionally provide the raw EML content for reanalysis. The reclassification is processed asynchronously. ### Parameters - `investigateID string` Unique identifier for a message retrieved from investigation - `params InvestigateReclassifyNewParams` - `AccountID param.Field[string]` Path param: Identifier. - `ExpectedDisposition param.Field[InvestigateReclassifyNewParamsExpectedDisposition]` Body param - `const InvestigateReclassifyNewParamsExpectedDispositionNone InvestigateReclassifyNewParamsExpectedDisposition = "NONE"` - `const InvestigateReclassifyNewParamsExpectedDispositionBulk InvestigateReclassifyNewParamsExpectedDisposition = "BULK"` - `const InvestigateReclassifyNewParamsExpectedDispositionMalicious InvestigateReclassifyNewParamsExpectedDisposition = "MALICIOUS"` - `const InvestigateReclassifyNewParamsExpectedDispositionSpam InvestigateReclassifyNewParamsExpectedDisposition = "SPAM"` - `const InvestigateReclassifyNewParamsExpectedDispositionSpoof InvestigateReclassifyNewParamsExpectedDisposition = "SPOOF"` - `const InvestigateReclassifyNewParamsExpectedDispositionSuspicious InvestigateReclassifyNewParamsExpectedDisposition = "SUSPICIOUS"` - `EmlContent param.Field[string]` Body param: Base64 encoded content of the EML file. - `EscalatedSubmissionID param.Field[string]` Body param ### Returns - `type InvestigateReclassifyNewResponse interface{…}` ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/email_security" "github.com/cloudflare/cloudflare-go/option" ) func main() { client := cloudflare.NewClient( option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"), ) reclassify, err := client.EmailSecurity.Investigate.Reclassify.New( context.TODO(), "4Njp3P0STMz2c02Q-2024-01-05T10:00:00-12345678", email_security.InvestigateReclassifyNewParams{ AccountID: cloudflare.F("023e105f4ecef8ad9ca31a8372d0c353"), ExpectedDisposition: cloudflare.F(email_security.InvestigateReclassifyNewParamsExpectedDispositionNone), }, ) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", reclassify) } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": {}, "success": true } ``` # Release ## Release messages from quarantine `client.EmailSecurity.Investigate.Release.Bulk(ctx, params) (*SinglePage[InvestigateReleaseBulkResponse], error)` **post** `/accounts/{account_id}/email-security/investigate/release` Releases one or more quarantined messages, delivering them to the intended recipients. Use when a message was incorrectly quarantined. Returns delivery status for each recipient. ### Parameters - `params InvestigateReleaseBulkParams` - `AccountID param.Field[string]` Path param: Identifier. - `Body param.Field[[]string]` Body param ### Returns - `type InvestigateReleaseBulkResponse struct{…}` - `ID string` Unique identifier for a message retrieved from investigation - `Delivered []string` - `Failed []string` - `PostfixID string` Deprecated, use `id` instead. End of life: November 1, 2026. - `Undelivered []string` ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/email_security" "github.com/cloudflare/cloudflare-go/option" ) func main() { client := cloudflare.NewClient( option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"), ) page, err := client.EmailSecurity.Investigate.Release.Bulk(context.TODO(), email_security.InvestigateReleaseBulkParams{ AccountID: cloudflare.F("023e105f4ecef8ad9ca31a8372d0c353"), Body: []string{"4Njp3P0STMz2c02Q-2024-01-05T10:00:00-12345678"}, }) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", page) } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": [ { "id": "4Njp3P0STMz2c02Q-2024-01-05T10:00:00-12345678", "delivered": [ "string" ], "failed": [ "string" ], "postfix_id": "4Njp3P0STMz2c02Q", "undelivered": [ "string" ] } ], "success": true } ``` # Phishguard # Reports ## Get PhishGuard reports `client.EmailSecurity.Phishguard.Reports.List(ctx, params) (*SinglePage[PhishguardReportListResponse], error)` **get** `/accounts/{account_id}/email-security/phishguard/reports` Retrieves PhishGuard security alert reports for a specified date range. Reports include detected threats, dispositions, and contextual information. Use for security monitoring and threat analysis. ### Parameters - `params PhishguardReportListParams` - `AccountID param.Field[string]` Path param: Identifier. - `End param.Field[Time]` Query param: End of the time range (RFC3339). Takes precedence over to_date. - `FromDate param.Field[Time]` Query param: Deprecated, use `start` instead. Start date in YYYY-MM-DD format. - `Start param.Field[Time]` Query param: Start of the time range (RFC3339). Takes precedence over from_date. - `ToDate param.Field[Time]` Query param: Deprecated, use `end` instead. End date in YYYY-MM-DD format. ### Returns - `type PhishguardReportListResponse struct{…}` - `ID int64` - `Content string` - `Disposition PhishguardReportListResponseDisposition` - `const PhishguardReportListResponseDispositionMalicious PhishguardReportListResponseDisposition = "MALICIOUS"` - `const PhishguardReportListResponseDispositionMaliciousBec PhishguardReportListResponseDisposition = "MALICIOUS-BEC"` - `const PhishguardReportListResponseDispositionSuspicious PhishguardReportListResponseDisposition = "SUSPICIOUS"` - `const PhishguardReportListResponseDispositionSpoof PhishguardReportListResponseDisposition = "SPOOF"` - `const PhishguardReportListResponseDispositionSpam PhishguardReportListResponseDisposition = "SPAM"` - `const PhishguardReportListResponseDispositionBulk PhishguardReportListResponseDisposition = "BULK"` - `const PhishguardReportListResponseDispositionEncrypted PhishguardReportListResponseDisposition = "ENCRYPTED"` - `const PhishguardReportListResponseDispositionExternal PhishguardReportListResponseDisposition = "EXTERNAL"` - `const PhishguardReportListResponseDispositionUnknown PhishguardReportListResponseDisposition = "UNKNOWN"` - `const PhishguardReportListResponseDispositionNone PhishguardReportListResponseDisposition = "NONE"` - `Fields PhishguardReportListResponseFields` - `To []string` - `From string` - `OccurredAt Time` - `PostfixID string` - `Ts Time` Deprecated, use `occurred_at` instead - `Priority string` - `Title string` - `CreatedAt Time` - `Tags []PhishguardReportListResponseTag` - `Category string` - `Value string` - `Ts Time` Deprecated, use `created_at` instead - `UpdatedAt Time` ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/email_security" "github.com/cloudflare/cloudflare-go/option" ) func main() { client := cloudflare.NewClient( option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"), ) page, err := client.EmailSecurity.Phishguard.Reports.List(context.TODO(), email_security.PhishguardReportListParams{ AccountID: cloudflare.F("023e105f4ecef8ad9ca31a8372d0c353"), }) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", page) } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": [ { "id": 0, "content": "content", "disposition": "MALICIOUS", "fields": { "to": [ "string" ], "from": "from", "occurred_at": "2019-12-27T18:11:19.117Z", "postfix_id": "postfix_id", "ts": "2019-12-27T18:11:19.117Z" }, "priority": "priority", "title": "title", "created_at": "2019-12-27T18:11:19.117Z", "tags": [ { "category": "category", "value": "value" } ], "ts": "2019-12-27T18:11:19.117Z", "updated_at": "2019-12-27T18:11:19.117Z" } ], "success": true } ``` # Settings # Allow Policies ## List email allow policies `client.EmailSecurity.Settings.AllowPolicies.List(ctx, params) (*V4PagePaginationArray[SettingAllowPolicyListResponse], error)` **get** `/accounts/{account_id}/email-security/settings/allow_policies` Returns a paginated list of email allow policies. These policies exempt matching emails from security detection, allowing them to bypass disposition actions. Supports filtering by pattern type and policy attributes. ### Parameters - `params SettingAllowPolicyListParams` - `AccountID param.Field[string]` Path param: Identifier. - `Direction param.Field[SettingAllowPolicyListParamsDirection]` Query param: The sorting direction. - `const SettingAllowPolicyListParamsDirectionAsc SettingAllowPolicyListParamsDirection = "asc"` - `const SettingAllowPolicyListParamsDirectionDesc SettingAllowPolicyListParamsDirection = "desc"` - `IsAcceptableSender param.Field[bool]` Query param: Filter to show only policies where messages from the sender are exempted from Spam, Spoof, and Bulk dispositions (not Malicious or Suspicious). - `IsExemptRecipient param.Field[bool]` Query param: Filter to show only policies where messages to the recipient bypass all detections. - `IsTrustedSender param.Field[bool]` Query param: Filter to show only policies where messages from the sender bypass all detections and link following. - `Order param.Field[SettingAllowPolicyListParamsOrder]` Query param: Field to sort by. - `const SettingAllowPolicyListParamsOrderPattern SettingAllowPolicyListParamsOrder = "pattern"` - `const SettingAllowPolicyListParamsOrderCreatedAt SettingAllowPolicyListParamsOrder = "created_at"` - `Page param.Field[int64]` Query param: Current page within paginated list of results. - `Pattern param.Field[string]` Query param - `PatternType param.Field[SettingAllowPolicyListParamsPatternType]` Query param: Type of pattern matching. Note: UNKNOWN is deprecated and cannot be used when creating or updating policies, but may be returned for existing entries. - `const SettingAllowPolicyListParamsPatternTypeEmail SettingAllowPolicyListParamsPatternType = "EMAIL"` - `const SettingAllowPolicyListParamsPatternTypeDomain SettingAllowPolicyListParamsPatternType = "DOMAIN"` - `const SettingAllowPolicyListParamsPatternTypeIP SettingAllowPolicyListParamsPatternType = "IP"` - `const SettingAllowPolicyListParamsPatternTypeUnknown SettingAllowPolicyListParamsPatternType = "UNKNOWN"` - `PerPage param.Field[int64]` Query param: The number of results per page. Maximum value is 1000. - `Search param.Field[string]` Query param: Search term for filtering records. Behavior may change. - `VerifySender param.Field[bool]` Query param: Filter to show only policies that enforce DMARC, SPF, or DKIM authentication. ### Returns - `type SettingAllowPolicyListResponse struct{…}` An email allow policy - `ID string` Allow policy identifier - `CreatedAt Time` - `LastModified Time` Deprecated, use `modified_at` instead. End of life: November 1, 2026. - `Comments string` - `IsAcceptableSender bool` Messages from this sender will be exempted from Spam, Spoof and Bulk dispositions. Note - This will not exempt messages with Malicious or Suspicious dispositions. - `IsExemptRecipient bool` Messages to this recipient will bypass all detections - `IsRecipient bool` Deprecated as of July 1, 2025. Use `is_exempt_recipient` instead. End of life: July 1, 2026. - `IsRegex bool` - `IsSender bool` Deprecated as of July 1, 2025. Use `is_trusted_sender` instead. End of life: July 1, 2026. - `IsSpoof bool` Deprecated as of July 1, 2025. Use `is_acceptable_sender` instead. End of life: July 1, 2026. - `IsTrustedSender bool` Messages from this sender will bypass all detections and link following - `ModifiedAt Time` - `Pattern string` - `PatternType SettingAllowPolicyListResponsePatternType` Type of pattern matching. Note: UNKNOWN is deprecated and cannot be used when creating or updating policies, but may be returned for existing entries. - `const SettingAllowPolicyListResponsePatternTypeEmail SettingAllowPolicyListResponsePatternType = "EMAIL"` - `const SettingAllowPolicyListResponsePatternTypeDomain SettingAllowPolicyListResponsePatternType = "DOMAIN"` - `const SettingAllowPolicyListResponsePatternTypeIP SettingAllowPolicyListResponsePatternType = "IP"` - `const SettingAllowPolicyListResponsePatternTypeUnknown SettingAllowPolicyListResponsePatternType = "UNKNOWN"` - `VerifySender bool` Enforce DMARC, SPF or DKIM authentication. When on, Email Security only honors policies that pass authentication. ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/email_security" "github.com/cloudflare/cloudflare-go/option" ) func main() { client := cloudflare.NewClient( option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"), ) page, err := client.EmailSecurity.Settings.AllowPolicies.List(context.TODO(), email_security.SettingAllowPolicyListParams{ AccountID: cloudflare.F("023e105f4ecef8ad9ca31a8372d0c353"), }) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", page) } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": [ { "id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415", "created_at": "2014-01-01T05:20:00.12345Z", "last_modified": "2014-01-01T05:20:00.12345Z", "comments": "Trust all messages send from test@example.com", "is_acceptable_sender": false, "is_exempt_recipient": false, "is_recipient": false, "is_regex": false, "is_sender": true, "is_spoof": false, "is_trusted_sender": true, "modified_at": "2014-01-01T05:20:00.12345Z", "pattern": "test@example.com", "pattern_type": "EMAIL", "verify_sender": true } ], "result_info": { "count": 1, "page": 1, "per_page": 20, "total_count": 2000 } } ``` ## Get an email allow policy `client.EmailSecurity.Settings.AllowPolicies.Get(ctx, policyID, query) (*SettingAllowPolicyGetResponse, error)` **get** `/accounts/{account_id}/email-security/settings/allow_policies/{policy_id}` Retrieves details for a specific allow policy including its pattern, dispositions that are exempted, and whether it applies to all detections. ### Parameters - `policyID string` Allow policy identifier - `query SettingAllowPolicyGetParams` - `AccountID param.Field[string]` Identifier. ### Returns - `type SettingAllowPolicyGetResponse struct{…}` An email allow policy - `ID string` Allow policy identifier - `CreatedAt Time` - `LastModified Time` Deprecated, use `modified_at` instead. End of life: November 1, 2026. - `Comments string` - `IsAcceptableSender bool` Messages from this sender will be exempted from Spam, Spoof and Bulk dispositions. Note - This will not exempt messages with Malicious or Suspicious dispositions. - `IsExemptRecipient bool` Messages to this recipient will bypass all detections - `IsRecipient bool` Deprecated as of July 1, 2025. Use `is_exempt_recipient` instead. End of life: July 1, 2026. - `IsRegex bool` - `IsSender bool` Deprecated as of July 1, 2025. Use `is_trusted_sender` instead. End of life: July 1, 2026. - `IsSpoof bool` Deprecated as of July 1, 2025. Use `is_acceptable_sender` instead. End of life: July 1, 2026. - `IsTrustedSender bool` Messages from this sender will bypass all detections and link following - `ModifiedAt Time` - `Pattern string` - `PatternType SettingAllowPolicyGetResponsePatternType` Type of pattern matching. Note: UNKNOWN is deprecated and cannot be used when creating or updating policies, but may be returned for existing entries. - `const SettingAllowPolicyGetResponsePatternTypeEmail SettingAllowPolicyGetResponsePatternType = "EMAIL"` - `const SettingAllowPolicyGetResponsePatternTypeDomain SettingAllowPolicyGetResponsePatternType = "DOMAIN"` - `const SettingAllowPolicyGetResponsePatternTypeIP SettingAllowPolicyGetResponsePatternType = "IP"` - `const SettingAllowPolicyGetResponsePatternTypeUnknown SettingAllowPolicyGetResponsePatternType = "UNKNOWN"` - `VerifySender bool` Enforce DMARC, SPF or DKIM authentication. When on, Email Security only honors policies that pass authentication. ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/email_security" "github.com/cloudflare/cloudflare-go/option" ) func main() { client := cloudflare.NewClient( option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"), ) allowPolicy, err := client.EmailSecurity.Settings.AllowPolicies.Get( context.TODO(), "f174e90a-fafe-4643-bbbc-4a0ed4fc8415", email_security.SettingAllowPolicyGetParams{ AccountID: cloudflare.F("023e105f4ecef8ad9ca31a8372d0c353"), }, ) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", allowPolicy.ID) } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": { "id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415", "created_at": "2014-01-01T05:20:00.12345Z", "last_modified": "2014-01-01T05:20:00.12345Z", "comments": "Trust all messages send from test@example.com", "is_acceptable_sender": false, "is_exempt_recipient": false, "is_recipient": false, "is_regex": false, "is_sender": true, "is_spoof": false, "is_trusted_sender": true, "modified_at": "2014-01-01T05:20:00.12345Z", "pattern": "test@example.com", "pattern_type": "EMAIL", "verify_sender": true } } ``` ## Create email allow policy `client.EmailSecurity.Settings.AllowPolicies.New(ctx, params) (*SettingAllowPolicyNewResponse, error)` **post** `/accounts/{account_id}/email-security/settings/allow_policies` Creates a new allow policy that exempts matching emails from security detections. Use with caution as this bypasses email security scanning. Policies can match on sender patterns and apply to specific detections or all detections. ### Parameters - `params SettingAllowPolicyNewParams` - `AccountID param.Field[string]` Path param: Identifier. - `IsAcceptableSender param.Field[bool]` Body param: Messages from this sender will be exempted from Spam, Spoof and Bulk dispositions. Note - This will not exempt messages with Malicious or Suspicious dispositions. - `IsExemptRecipient param.Field[bool]` Body param: Messages to this recipient will bypass all detections - `IsRegex param.Field[bool]` Body param - `IsTrustedSender param.Field[bool]` Body param: Messages from this sender will bypass all detections and link following - `Pattern param.Field[string]` Body param - `PatternType param.Field[SettingAllowPolicyNewParamsPatternType]` Body param: Type of pattern matching. Note: UNKNOWN is deprecated and cannot be used when creating or updating policies, but may be returned for existing entries. - `const SettingAllowPolicyNewParamsPatternTypeEmail SettingAllowPolicyNewParamsPatternType = "EMAIL"` - `const SettingAllowPolicyNewParamsPatternTypeDomain SettingAllowPolicyNewParamsPatternType = "DOMAIN"` - `const SettingAllowPolicyNewParamsPatternTypeIP SettingAllowPolicyNewParamsPatternType = "IP"` - `const SettingAllowPolicyNewParamsPatternTypeUnknown SettingAllowPolicyNewParamsPatternType = "UNKNOWN"` - `VerifySender param.Field[bool]` Body param: Enforce DMARC, SPF or DKIM authentication. When on, Email Security only honors policies that pass authentication. - `Comments param.Field[string]` Body param - `IsRecipient param.Field[bool]` Body param: Deprecated as of July 1, 2025. Use `is_exempt_recipient` instead. End of life: July 1, 2026. - `IsSender param.Field[bool]` Body param: Deprecated as of July 1, 2025. Use `is_trusted_sender` instead. End of life: July 1, 2026. - `IsSpoof param.Field[bool]` Body param: Deprecated as of July 1, 2025. Use `is_acceptable_sender` instead. End of life: July 1, 2026. ### Returns - `type SettingAllowPolicyNewResponse struct{…}` An email allow policy - `ID string` Allow policy identifier - `CreatedAt Time` - `LastModified Time` Deprecated, use `modified_at` instead. End of life: November 1, 2026. - `Comments string` - `IsAcceptableSender bool` Messages from this sender will be exempted from Spam, Spoof and Bulk dispositions. Note - This will not exempt messages with Malicious or Suspicious dispositions. - `IsExemptRecipient bool` Messages to this recipient will bypass all detections - `IsRecipient bool` Deprecated as of July 1, 2025. Use `is_exempt_recipient` instead. End of life: July 1, 2026. - `IsRegex bool` - `IsSender bool` Deprecated as of July 1, 2025. Use `is_trusted_sender` instead. End of life: July 1, 2026. - `IsSpoof bool` Deprecated as of July 1, 2025. Use `is_acceptable_sender` instead. End of life: July 1, 2026. - `IsTrustedSender bool` Messages from this sender will bypass all detections and link following - `ModifiedAt Time` - `Pattern string` - `PatternType SettingAllowPolicyNewResponsePatternType` Type of pattern matching. Note: UNKNOWN is deprecated and cannot be used when creating or updating policies, but may be returned for existing entries. - `const SettingAllowPolicyNewResponsePatternTypeEmail SettingAllowPolicyNewResponsePatternType = "EMAIL"` - `const SettingAllowPolicyNewResponsePatternTypeDomain SettingAllowPolicyNewResponsePatternType = "DOMAIN"` - `const SettingAllowPolicyNewResponsePatternTypeIP SettingAllowPolicyNewResponsePatternType = "IP"` - `const SettingAllowPolicyNewResponsePatternTypeUnknown SettingAllowPolicyNewResponsePatternType = "UNKNOWN"` - `VerifySender bool` Enforce DMARC, SPF or DKIM authentication. When on, Email Security only honors policies that pass authentication. ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/email_security" "github.com/cloudflare/cloudflare-go/option" ) func main() { client := cloudflare.NewClient( option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"), ) allowPolicy, err := client.EmailSecurity.Settings.AllowPolicies.New(context.TODO(), email_security.SettingAllowPolicyNewParams{ AccountID: cloudflare.F("023e105f4ecef8ad9ca31a8372d0c353"), IsAcceptableSender: cloudflare.F(false), IsExemptRecipient: cloudflare.F(false), IsRegex: cloudflare.F(false), IsTrustedSender: cloudflare.F(true), Pattern: cloudflare.F("test@example.com"), PatternType: cloudflare.F(email_security.SettingAllowPolicyNewParamsPatternTypeEmail), VerifySender: cloudflare.F(true), }) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", allowPolicy.ID) } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": { "id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415", "created_at": "2014-01-01T05:20:00.12345Z", "last_modified": "2014-01-01T05:20:00.12345Z", "comments": "Trust all messages send from test@example.com", "is_acceptable_sender": false, "is_exempt_recipient": false, "is_recipient": false, "is_regex": false, "is_sender": true, "is_spoof": false, "is_trusted_sender": true, "modified_at": "2014-01-01T05:20:00.12345Z", "pattern": "test@example.com", "pattern_type": "EMAIL", "verify_sender": true } } ``` ## Update an email allow policy `client.EmailSecurity.Settings.AllowPolicies.Edit(ctx, policyID, params) (*SettingAllowPolicyEditResponse, error)` **patch** `/accounts/{account_id}/email-security/settings/allow_policies/{policy_id}` Updates an existing allow policy. Only provided fields will be modified. Changes take effect for new emails matching the pattern. ### Parameters - `policyID string` Allow policy identifier - `params SettingAllowPolicyEditParams` - `AccountID param.Field[string]` Path param: Identifier. - `Comments param.Field[string]` Body param - `IsAcceptableSender param.Field[bool]` Body param: Messages from this sender will be exempted from Spam, Spoof and Bulk dispositions. Note - This will not exempt messages with Malicious or Suspicious dispositions. - `IsExemptRecipient param.Field[bool]` Body param: Messages to this recipient will bypass all detections - `IsRecipient param.Field[bool]` Body param: Deprecated as of July 1, 2025. Use `is_exempt_recipient` instead. End of life: July 1, 2026. - `IsRegex param.Field[bool]` Body param - `IsSender param.Field[bool]` Body param: Deprecated as of July 1, 2025. Use `is_trusted_sender` instead. End of life: July 1, 2026. - `IsSpoof param.Field[bool]` Body param: Deprecated as of July 1, 2025. Use `is_acceptable_sender` instead. End of life: July 1, 2026. - `IsTrustedSender param.Field[bool]` Body param: Messages from this sender will bypass all detections and link following - `Pattern param.Field[string]` Body param - `PatternType param.Field[SettingAllowPolicyEditParamsPatternType]` Body param: Type of pattern matching. Note: UNKNOWN is deprecated and cannot be used when creating or updating policies, but may be returned for existing entries. - `const SettingAllowPolicyEditParamsPatternTypeEmail SettingAllowPolicyEditParamsPatternType = "EMAIL"` - `const SettingAllowPolicyEditParamsPatternTypeDomain SettingAllowPolicyEditParamsPatternType = "DOMAIN"` - `const SettingAllowPolicyEditParamsPatternTypeIP SettingAllowPolicyEditParamsPatternType = "IP"` - `const SettingAllowPolicyEditParamsPatternTypeUnknown SettingAllowPolicyEditParamsPatternType = "UNKNOWN"` - `VerifySender param.Field[bool]` Body param: Enforce DMARC, SPF or DKIM authentication. When on, Email Security only honors policies that pass authentication. ### Returns - `type SettingAllowPolicyEditResponse struct{…}` An email allow policy - `ID string` Allow policy identifier - `CreatedAt Time` - `LastModified Time` Deprecated, use `modified_at` instead. End of life: November 1, 2026. - `Comments string` - `IsAcceptableSender bool` Messages from this sender will be exempted from Spam, Spoof and Bulk dispositions. Note - This will not exempt messages with Malicious or Suspicious dispositions. - `IsExemptRecipient bool` Messages to this recipient will bypass all detections - `IsRecipient bool` Deprecated as of July 1, 2025. Use `is_exempt_recipient` instead. End of life: July 1, 2026. - `IsRegex bool` - `IsSender bool` Deprecated as of July 1, 2025. Use `is_trusted_sender` instead. End of life: July 1, 2026. - `IsSpoof bool` Deprecated as of July 1, 2025. Use `is_acceptable_sender` instead. End of life: July 1, 2026. - `IsTrustedSender bool` Messages from this sender will bypass all detections and link following - `ModifiedAt Time` - `Pattern string` - `PatternType SettingAllowPolicyEditResponsePatternType` Type of pattern matching. Note: UNKNOWN is deprecated and cannot be used when creating or updating policies, but may be returned for existing entries. - `const SettingAllowPolicyEditResponsePatternTypeEmail SettingAllowPolicyEditResponsePatternType = "EMAIL"` - `const SettingAllowPolicyEditResponsePatternTypeDomain SettingAllowPolicyEditResponsePatternType = "DOMAIN"` - `const SettingAllowPolicyEditResponsePatternTypeIP SettingAllowPolicyEditResponsePatternType = "IP"` - `const SettingAllowPolicyEditResponsePatternTypeUnknown SettingAllowPolicyEditResponsePatternType = "UNKNOWN"` - `VerifySender bool` Enforce DMARC, SPF or DKIM authentication. When on, Email Security only honors policies that pass authentication. ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/email_security" "github.com/cloudflare/cloudflare-go/option" ) func main() { client := cloudflare.NewClient( option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"), ) response, err := client.EmailSecurity.Settings.AllowPolicies.Edit( context.TODO(), "f174e90a-fafe-4643-bbbc-4a0ed4fc8415", email_security.SettingAllowPolicyEditParams{ AccountID: cloudflare.F("023e105f4ecef8ad9ca31a8372d0c353"), }, ) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", response.ID) } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": { "id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415", "created_at": "2014-01-01T05:20:00.12345Z", "last_modified": "2014-01-01T05:20:00.12345Z", "comments": "Trust all messages send from test@example.com", "is_acceptable_sender": false, "is_exempt_recipient": false, "is_recipient": false, "is_regex": false, "is_sender": true, "is_spoof": false, "is_trusted_sender": true, "modified_at": "2014-01-01T05:20:00.12345Z", "pattern": "test@example.com", "pattern_type": "EMAIL", "verify_sender": true } } ``` ## Delete an email allow policy `client.EmailSecurity.Settings.AllowPolicies.Delete(ctx, policyID, body) (*SettingAllowPolicyDeleteResponse, error)` **delete** `/accounts/{account_id}/email-security/settings/allow_policies/{policy_id}` Removes an allow policy. After deletion, emails matching this pattern will be subject to normal security scanning and disposition actions. ### Parameters - `policyID string` Allow policy identifier - `body SettingAllowPolicyDeleteParams` - `AccountID param.Field[string]` Identifier. ### Returns - `type SettingAllowPolicyDeleteResponse struct{…}` - `ID string` Allow policy identifier ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/email_security" "github.com/cloudflare/cloudflare-go/option" ) func main() { client := cloudflare.NewClient( option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"), ) allowPolicy, err := client.EmailSecurity.Settings.AllowPolicies.Delete( context.TODO(), "f174e90a-fafe-4643-bbbc-4a0ed4fc8415", email_security.SettingAllowPolicyDeleteParams{ AccountID: cloudflare.F("023e105f4ecef8ad9ca31a8372d0c353"), }, ) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", allowPolicy.ID) } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": { "id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415" } } ``` # Block Senders ## List blocked email senders `client.EmailSecurity.Settings.BlockSenders.List(ctx, params) (*V4PagePaginationArray[SettingBlockSenderListResponse], error)` **get** `/accounts/{account_id}/email-security/settings/block_senders` Returns a paginated list of blocked email sender patterns. These patterns prevent emails from matching senders from being delivered. Supports filtering by pattern type and searching across patterns. ### Parameters - `params SettingBlockSenderListParams` - `AccountID param.Field[string]` Path param: Identifier. - `Direction param.Field[SettingBlockSenderListParamsDirection]` Query param: The sorting direction. - `const SettingBlockSenderListParamsDirectionAsc SettingBlockSenderListParamsDirection = "asc"` - `const SettingBlockSenderListParamsDirectionDesc SettingBlockSenderListParamsDirection = "desc"` - `Order param.Field[SettingBlockSenderListParamsOrder]` Query param: Field to sort by. - `const SettingBlockSenderListParamsOrderPattern SettingBlockSenderListParamsOrder = "pattern"` - `const SettingBlockSenderListParamsOrderCreatedAt SettingBlockSenderListParamsOrder = "created_at"` - `Page param.Field[int64]` Query param: Current page within paginated list of results. - `Pattern param.Field[string]` Query param: Filter by pattern value. - `PatternType param.Field[SettingBlockSenderListParamsPatternType]` Query param: Filter by pattern type. - `const SettingBlockSenderListParamsPatternTypeEmail SettingBlockSenderListParamsPatternType = "EMAIL"` - `const SettingBlockSenderListParamsPatternTypeDomain SettingBlockSenderListParamsPatternType = "DOMAIN"` - `const SettingBlockSenderListParamsPatternTypeIP SettingBlockSenderListParamsPatternType = "IP"` - `const SettingBlockSenderListParamsPatternTypeUnknown SettingBlockSenderListParamsPatternType = "UNKNOWN"` - `PerPage param.Field[int64]` Query param: The number of results per page. Maximum value is 1000. - `Search param.Field[string]` Query param: Search term for filtering records. Behavior may change. ### Returns - `type SettingBlockSenderListResponse struct{…}` A blocked sender pattern - `ID string` Blocked sender pattern identifier - `Comments string` - `CreatedAt Time` - `IsRegex bool` - `LastModified Time` Deprecated, use `modified_at` instead. End of life: November 1, 2026. - `ModifiedAt Time` - `Pattern string` - `PatternType SettingBlockSenderListResponsePatternType` Type of pattern matching. Note: UNKNOWN is deprecated and cannot be used when creating or updating policies, but may be returned for existing entries. - `const SettingBlockSenderListResponsePatternTypeEmail SettingBlockSenderListResponsePatternType = "EMAIL"` - `const SettingBlockSenderListResponsePatternTypeDomain SettingBlockSenderListResponsePatternType = "DOMAIN"` - `const SettingBlockSenderListResponsePatternTypeIP SettingBlockSenderListResponsePatternType = "IP"` - `const SettingBlockSenderListResponsePatternTypeUnknown SettingBlockSenderListResponsePatternType = "UNKNOWN"` ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/email_security" "github.com/cloudflare/cloudflare-go/option" ) func main() { client := cloudflare.NewClient( option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"), ) page, err := client.EmailSecurity.Settings.BlockSenders.List(context.TODO(), email_security.SettingBlockSenderListParams{ AccountID: cloudflare.F("023e105f4ecef8ad9ca31a8372d0c353"), }) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", page) } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": [ { "id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415", "comments": "Block sender with email test@example.com", "created_at": "2014-01-01T05:20:00.12345Z", "is_regex": false, "last_modified": "2014-01-01T05:20:00.12345Z", "modified_at": "2014-01-01T05:20:00.12345Z", "pattern": "test@example.com", "pattern_type": "EMAIL" } ], "result_info": { "count": 1, "page": 1, "per_page": 20, "total_count": 2000 } } ``` ## Get a blocked email sender `client.EmailSecurity.Settings.BlockSenders.Get(ctx, patternID, query) (*SettingBlockSenderGetResponse, error)` **get** `/accounts/{account_id}/email-security/settings/block_senders/{pattern_id}` Retrieves details for a specific blocked sender pattern including its pattern type, value, and metadata. ### Parameters - `patternID string` Blocked sender pattern identifier - `query SettingBlockSenderGetParams` - `AccountID param.Field[string]` Identifier. ### Returns - `type SettingBlockSenderGetResponse struct{…}` A blocked sender pattern - `ID string` Blocked sender pattern identifier - `Comments string` - `CreatedAt Time` - `IsRegex bool` - `LastModified Time` Deprecated, use `modified_at` instead. End of life: November 1, 2026. - `ModifiedAt Time` - `Pattern string` - `PatternType SettingBlockSenderGetResponsePatternType` Type of pattern matching. Note: UNKNOWN is deprecated and cannot be used when creating or updating policies, but may be returned for existing entries. - `const SettingBlockSenderGetResponsePatternTypeEmail SettingBlockSenderGetResponsePatternType = "EMAIL"` - `const SettingBlockSenderGetResponsePatternTypeDomain SettingBlockSenderGetResponsePatternType = "DOMAIN"` - `const SettingBlockSenderGetResponsePatternTypeIP SettingBlockSenderGetResponsePatternType = "IP"` - `const SettingBlockSenderGetResponsePatternTypeUnknown SettingBlockSenderGetResponsePatternType = "UNKNOWN"` ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/email_security" "github.com/cloudflare/cloudflare-go/option" ) func main() { client := cloudflare.NewClient( option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"), ) blockSender, err := client.EmailSecurity.Settings.BlockSenders.Get( context.TODO(), "f174e90a-fafe-4643-bbbc-4a0ed4fc8415", email_security.SettingBlockSenderGetParams{ AccountID: cloudflare.F("023e105f4ecef8ad9ca31a8372d0c353"), }, ) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", blockSender.ID) } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": { "id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415", "comments": "Block sender with email test@example.com", "created_at": "2014-01-01T05:20:00.12345Z", "is_regex": false, "last_modified": "2014-01-01T05:20:00.12345Z", "modified_at": "2014-01-01T05:20:00.12345Z", "pattern": "test@example.com", "pattern_type": "EMAIL" } } ``` ## Create blocked email sender `client.EmailSecurity.Settings.BlockSenders.New(ctx, params) (*SettingBlockSenderNewResponse, error)` **post** `/accounts/{account_id}/email-security/settings/block_senders` Creates a new blocked sender pattern. Emails matching this pattern will be blocked from delivery. Patterns can be email addresses, domains, or IP addresses, and support regular expressions. ### Parameters - `params SettingBlockSenderNewParams` - `AccountID param.Field[string]` Path param: Identifier. - `IsRegex param.Field[bool]` Body param - `Pattern param.Field[string]` Body param - `PatternType param.Field[SettingBlockSenderNewParamsPatternType]` Body param: Type of pattern matching. Note: UNKNOWN is deprecated and cannot be used when creating or updating policies, but may be returned for existing entries. - `const SettingBlockSenderNewParamsPatternTypeEmail SettingBlockSenderNewParamsPatternType = "EMAIL"` - `const SettingBlockSenderNewParamsPatternTypeDomain SettingBlockSenderNewParamsPatternType = "DOMAIN"` - `const SettingBlockSenderNewParamsPatternTypeIP SettingBlockSenderNewParamsPatternType = "IP"` - `const SettingBlockSenderNewParamsPatternTypeUnknown SettingBlockSenderNewParamsPatternType = "UNKNOWN"` - `Comments param.Field[string]` Body param ### Returns - `type SettingBlockSenderNewResponse struct{…}` A blocked sender pattern - `ID string` Blocked sender pattern identifier - `Comments string` - `CreatedAt Time` - `IsRegex bool` - `LastModified Time` Deprecated, use `modified_at` instead. End of life: November 1, 2026. - `ModifiedAt Time` - `Pattern string` - `PatternType SettingBlockSenderNewResponsePatternType` Type of pattern matching. Note: UNKNOWN is deprecated and cannot be used when creating or updating policies, but may be returned for existing entries. - `const SettingBlockSenderNewResponsePatternTypeEmail SettingBlockSenderNewResponsePatternType = "EMAIL"` - `const SettingBlockSenderNewResponsePatternTypeDomain SettingBlockSenderNewResponsePatternType = "DOMAIN"` - `const SettingBlockSenderNewResponsePatternTypeIP SettingBlockSenderNewResponsePatternType = "IP"` - `const SettingBlockSenderNewResponsePatternTypeUnknown SettingBlockSenderNewResponsePatternType = "UNKNOWN"` ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/email_security" "github.com/cloudflare/cloudflare-go/option" ) func main() { client := cloudflare.NewClient( option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"), ) blockSender, err := client.EmailSecurity.Settings.BlockSenders.New(context.TODO(), email_security.SettingBlockSenderNewParams{ AccountID: cloudflare.F("023e105f4ecef8ad9ca31a8372d0c353"), IsRegex: cloudflare.F(false), Pattern: cloudflare.F("test@example.com"), PatternType: cloudflare.F(email_security.SettingBlockSenderNewParamsPatternTypeEmail), }) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", blockSender.ID) } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": { "id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415", "comments": "Block sender with email test@example.com", "created_at": "2014-01-01T05:20:00.12345Z", "is_regex": false, "last_modified": "2014-01-01T05:20:00.12345Z", "modified_at": "2014-01-01T05:20:00.12345Z", "pattern": "test@example.com", "pattern_type": "EMAIL" } } ``` ## Update a blocked email sender `client.EmailSecurity.Settings.BlockSenders.Edit(ctx, patternID, params) (*SettingBlockSenderEditResponse, error)` **patch** `/accounts/{account_id}/email-security/settings/block_senders/{pattern_id}` Updates an existing blocked sender pattern. Only provided fields will be modified. The pattern will continue blocking emails until deleted. ### Parameters - `patternID string` Blocked sender pattern identifier - `params SettingBlockSenderEditParams` - `AccountID param.Field[string]` Path param: Identifier. - `Comments param.Field[string]` Body param - `IsRegex param.Field[bool]` Body param - `Pattern param.Field[string]` Body param - `PatternType param.Field[SettingBlockSenderEditParamsPatternType]` Body param: Type of pattern matching. Note: UNKNOWN is deprecated and cannot be used when creating or updating policies, but may be returned for existing entries. - `const SettingBlockSenderEditParamsPatternTypeEmail SettingBlockSenderEditParamsPatternType = "EMAIL"` - `const SettingBlockSenderEditParamsPatternTypeDomain SettingBlockSenderEditParamsPatternType = "DOMAIN"` - `const SettingBlockSenderEditParamsPatternTypeIP SettingBlockSenderEditParamsPatternType = "IP"` - `const SettingBlockSenderEditParamsPatternTypeUnknown SettingBlockSenderEditParamsPatternType = "UNKNOWN"` ### Returns - `type SettingBlockSenderEditResponse struct{…}` A blocked sender pattern - `ID string` Blocked sender pattern identifier - `Comments string` - `CreatedAt Time` - `IsRegex bool` - `LastModified Time` Deprecated, use `modified_at` instead. End of life: November 1, 2026. - `ModifiedAt Time` - `Pattern string` - `PatternType SettingBlockSenderEditResponsePatternType` Type of pattern matching. Note: UNKNOWN is deprecated and cannot be used when creating or updating policies, but may be returned for existing entries. - `const SettingBlockSenderEditResponsePatternTypeEmail SettingBlockSenderEditResponsePatternType = "EMAIL"` - `const SettingBlockSenderEditResponsePatternTypeDomain SettingBlockSenderEditResponsePatternType = "DOMAIN"` - `const SettingBlockSenderEditResponsePatternTypeIP SettingBlockSenderEditResponsePatternType = "IP"` - `const SettingBlockSenderEditResponsePatternTypeUnknown SettingBlockSenderEditResponsePatternType = "UNKNOWN"` ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/email_security" "github.com/cloudflare/cloudflare-go/option" ) func main() { client := cloudflare.NewClient( option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"), ) response, err := client.EmailSecurity.Settings.BlockSenders.Edit( context.TODO(), "f174e90a-fafe-4643-bbbc-4a0ed4fc8415", email_security.SettingBlockSenderEditParams{ AccountID: cloudflare.F("023e105f4ecef8ad9ca31a8372d0c353"), }, ) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", response.ID) } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": { "id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415", "comments": "Block sender with email test@example.com", "created_at": "2014-01-01T05:20:00.12345Z", "is_regex": false, "last_modified": "2014-01-01T05:20:00.12345Z", "modified_at": "2014-01-01T05:20:00.12345Z", "pattern": "test@example.com", "pattern_type": "EMAIL" } } ``` ## Delete a blocked email sender `client.EmailSecurity.Settings.BlockSenders.Delete(ctx, patternID, body) (*SettingBlockSenderDeleteResponse, error)` **delete** `/accounts/{account_id}/email-security/settings/block_senders/{pattern_id}` Removes a blocked sender pattern. After deletion, emails from this sender will no longer be automatically blocked based on this rule. ### Parameters - `patternID string` Blocked sender pattern identifier - `body SettingBlockSenderDeleteParams` - `AccountID param.Field[string]` Identifier. ### Returns - `type SettingBlockSenderDeleteResponse struct{…}` - `ID string` Blocked sender pattern identifier ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/email_security" "github.com/cloudflare/cloudflare-go/option" ) func main() { client := cloudflare.NewClient( option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"), ) blockSender, err := client.EmailSecurity.Settings.BlockSenders.Delete( context.TODO(), "f174e90a-fafe-4643-bbbc-4a0ed4fc8415", email_security.SettingBlockSenderDeleteParams{ AccountID: cloudflare.F("023e105f4ecef8ad9ca31a8372d0c353"), }, ) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", blockSender.ID) } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": { "id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415" } } ``` # Domains ## List protected email domains `client.EmailSecurity.Settings.Domains.List(ctx, params) (*V4PagePaginationArray[SettingDomainListResponse], error)` **get** `/accounts/{account_id}/email-security/settings/domains` Returns a paginated list of email domains protected by Email Security. Includes domain configuration, delivery modes, and authorization status. Supports filtering by delivery mode and integration ID. ### Parameters - `params SettingDomainListParams` - `AccountID param.Field[string]` Path param: Identifier. - `ActiveDeliveryMode param.Field[SettingDomainListParamsActiveDeliveryMode]` Query param: Currently active delivery mode to filter by. - `const SettingDomainListParamsActiveDeliveryModeDirect SettingDomainListParamsActiveDeliveryMode = "DIRECT"` - `const SettingDomainListParamsActiveDeliveryModeBcc SettingDomainListParamsActiveDeliveryMode = "BCC"` - `const SettingDomainListParamsActiveDeliveryModeJournal SettingDomainListParamsActiveDeliveryMode = "JOURNAL"` - `const SettingDomainListParamsActiveDeliveryModeAPI SettingDomainListParamsActiveDeliveryMode = "API"` - `const SettingDomainListParamsActiveDeliveryModeRetroScan SettingDomainListParamsActiveDeliveryMode = "RETRO_SCAN"` - `AllowedDeliveryMode param.Field[SettingDomainListParamsAllowedDeliveryMode]` Query param: Delivery mode to filter by. - `const SettingDomainListParamsAllowedDeliveryModeDirect SettingDomainListParamsAllowedDeliveryMode = "DIRECT"` - `const SettingDomainListParamsAllowedDeliveryModeBcc SettingDomainListParamsAllowedDeliveryMode = "BCC"` - `const SettingDomainListParamsAllowedDeliveryModeJournal SettingDomainListParamsAllowedDeliveryMode = "JOURNAL"` - `const SettingDomainListParamsAllowedDeliveryModeAPI SettingDomainListParamsAllowedDeliveryMode = "API"` - `const SettingDomainListParamsAllowedDeliveryModeRetroScan SettingDomainListParamsAllowedDeliveryMode = "RETRO_SCAN"` - `Direction param.Field[SettingDomainListParamsDirection]` Query param: The sorting direction. - `const SettingDomainListParamsDirectionAsc SettingDomainListParamsDirection = "asc"` - `const SettingDomainListParamsDirectionDesc SettingDomainListParamsDirection = "desc"` - `Domain param.Field[[]string]` Query param: Domain names to filter by. - `IntegrationID param.Field[string]` Query param: Integration ID to filter by. - `Order param.Field[SettingDomainListParamsOrder]` Query param: Field to sort by. - `const SettingDomainListParamsOrderDomain SettingDomainListParamsOrder = "domain"` - `const SettingDomainListParamsOrderCreatedAt SettingDomainListParamsOrder = "created_at"` - `Page param.Field[int64]` Query param: Current page within paginated list of results. - `PerPage param.Field[int64]` Query param: The number of results per page. Maximum value is 1000. - `Search param.Field[string]` Query param: Search term for filtering records. Behavior may change. - `Status param.Field[SettingDomainListParamsStatus]` Query param: Filters response to domains with the provided status. - `const SettingDomainListParamsStatusPending SettingDomainListParamsStatus = "pending"` - `const SettingDomainListParamsStatusActive SettingDomainListParamsStatus = "active"` - `const SettingDomainListParamsStatusFailed SettingDomainListParamsStatus = "failed"` - `const SettingDomainListParamsStatusTimeout SettingDomainListParamsStatus = "timeout"` ### Returns - `type SettingDomainListResponse struct{…}` - `ID string` Domain identifier - `AllowedDeliveryModes []SettingDomainListResponseAllowedDeliveryMode` - `const SettingDomainListResponseAllowedDeliveryModeDirect SettingDomainListResponseAllowedDeliveryMode = "DIRECT"` - `const SettingDomainListResponseAllowedDeliveryModeBcc SettingDomainListResponseAllowedDeliveryMode = "BCC"` - `const SettingDomainListResponseAllowedDeliveryModeJournal SettingDomainListResponseAllowedDeliveryMode = "JOURNAL"` - `const SettingDomainListResponseAllowedDeliveryModeAPI SettingDomainListResponseAllowedDeliveryMode = "API"` - `const SettingDomainListResponseAllowedDeliveryModeRetroScan SettingDomainListResponseAllowedDeliveryMode = "RETRO_SCAN"` - `Authorization SettingDomainListResponseAuthorization` - `Authorized bool` - `Timestamp Time` - `StatusMessage string` - `CreatedAt Time` - `DMARCStatus SettingDomainListResponseDMARCStatus` - `const SettingDomainListResponseDMARCStatusNone SettingDomainListResponseDMARCStatus = "none"` - `const SettingDomainListResponseDMARCStatusGood SettingDomainListResponseDMARCStatus = "good"` - `const SettingDomainListResponseDMARCStatusInvalid SettingDomainListResponseDMARCStatus = "invalid"` - `Domain string` - `DropDispositions []SettingDomainListResponseDropDisposition` - `const SettingDomainListResponseDropDispositionMalicious SettingDomainListResponseDropDisposition = "MALICIOUS"` - `const SettingDomainListResponseDropDispositionMaliciousBec SettingDomainListResponseDropDisposition = "MALICIOUS-BEC"` - `const SettingDomainListResponseDropDispositionSuspicious SettingDomainListResponseDropDisposition = "SUSPICIOUS"` - `const SettingDomainListResponseDropDispositionSpoof SettingDomainListResponseDropDisposition = "SPOOF"` - `const SettingDomainListResponseDropDispositionSpam SettingDomainListResponseDropDisposition = "SPAM"` - `const SettingDomainListResponseDropDispositionBulk SettingDomainListResponseDropDisposition = "BULK"` - `const SettingDomainListResponseDropDispositionEncrypted SettingDomainListResponseDropDisposition = "ENCRYPTED"` - `const SettingDomainListResponseDropDispositionExternal SettingDomainListResponseDropDisposition = "EXTERNAL"` - `const SettingDomainListResponseDropDispositionUnknown SettingDomainListResponseDropDisposition = "UNKNOWN"` - `const SettingDomainListResponseDropDispositionNone SettingDomainListResponseDropDisposition = "NONE"` - `EmailsProcessed SettingDomainListResponseEmailsProcessed` - `Timestamp Time` - `TotalEmailsProcessed int64` - `TotalEmailsProcessedPrevious int64` - `Folder SettingDomainListResponseFolder` - `const SettingDomainListResponseFolderAllItems SettingDomainListResponseFolder = "AllItems"` - `const SettingDomainListResponseFolderInbox SettingDomainListResponseFolder = "Inbox"` - `InboxProvider SettingDomainListResponseInboxProvider` - `const SettingDomainListResponseInboxProviderMicrosoft SettingDomainListResponseInboxProvider = "Microsoft"` - `const SettingDomainListResponseInboxProviderGoogle SettingDomainListResponseInboxProvider = "Google"` - `IntegrationID string` - `IPRestrictions []string` - `LastModified Time` Deprecated, use `modified_at` instead. End of life: November 1, 2026. - `LookbackHops int64` - `ModifiedAt Time` - `O365TenantID string` - `Regions []SettingDomainListResponseRegion` - `const SettingDomainListResponseRegionGlobal SettingDomainListResponseRegion = "GLOBAL"` - `const SettingDomainListResponseRegionAu SettingDomainListResponseRegion = "AU"` - `const SettingDomainListResponseRegionDe SettingDomainListResponseRegion = "DE"` - `const SettingDomainListResponseRegionIn SettingDomainListResponseRegion = "IN"` - `const SettingDomainListResponseRegionUs SettingDomainListResponseRegion = "US"` - `RequireTLSInbound bool` - `RequireTLSOutbound bool` - `SPFStatus SettingDomainListResponseSPFStatus` - `const SettingDomainListResponseSPFStatusNone SettingDomainListResponseSPFStatus = "none"` - `const SettingDomainListResponseSPFStatusGood SettingDomainListResponseSPFStatus = "good"` - `const SettingDomainListResponseSPFStatusNeutral SettingDomainListResponseSPFStatus = "neutral"` - `const SettingDomainListResponseSPFStatusOpen SettingDomainListResponseSPFStatus = "open"` - `const SettingDomainListResponseSPFStatusInvalid SettingDomainListResponseSPFStatus = "invalid"` - `Status SettingDomainListResponseStatus` - `const SettingDomainListResponseStatusPending SettingDomainListResponseStatus = "pending"` - `const SettingDomainListResponseStatusActive SettingDomainListResponseStatus = "active"` - `const SettingDomainListResponseStatusFailed SettingDomainListResponseStatus = "failed"` - `const SettingDomainListResponseStatusTimeout SettingDomainListResponseStatus = "timeout"` - `Transport string` ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/email_security" "github.com/cloudflare/cloudflare-go/option" ) func main() { client := cloudflare.NewClient( option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"), ) page, err := client.EmailSecurity.Settings.Domains.List(context.TODO(), email_security.SettingDomainListParams{ AccountID: cloudflare.F("023e105f4ecef8ad9ca31a8372d0c353"), }) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", page) } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": [ { "id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415", "allowed_delivery_modes": [ "DIRECT" ], "authorization": { "authorized": true, "timestamp": "2019-12-27T18:11:19.117Z", "status_message": "status_message" }, "created_at": "2014-01-01T05:20:00.12345Z", "dmarc_status": "none", "domain": "example.com", "drop_dispositions": [ "MALICIOUS" ], "emails_processed": { "timestamp": "2019-12-27T18:11:19.117Z", "total_emails_processed": 0, "total_emails_processed_previous": 0 }, "folder": "AllItems", "inbox_provider": "Microsoft", "integration_id": "182bd5e5-6e1a-4fe4-a799-aa6d9a6ab26e", "ip_restrictions": [ "192.0.2.0/24", "2001:db8::/32" ], "last_modified": "2014-01-01T05:20:00.12345Z", "lookback_hops": 0, "modified_at": "2014-01-01T05:20:00.12345Z", "o365_tenant_id": "o365_tenant_id", "regions": [ "GLOBAL" ], "require_tls_inbound": true, "require_tls_outbound": true, "spf_status": "none", "status": "pending", "transport": "transport" } ], "result_info": { "count": 1, "page": 1, "per_page": 20, "total_count": 2000 } } ``` ## Get an email domain `client.EmailSecurity.Settings.Domains.Get(ctx, domainID, query) (*SettingDomainGetResponse, error)` **get** `/accounts/{account_id}/email-security/settings/domains/{domain_id}` Retrieves detailed information for a specific protected email domain including its delivery configuration, SPF/DMARC status, and authorization state. ### Parameters - `domainID string` Domain identifier - `query SettingDomainGetParams` - `AccountID param.Field[string]` Identifier. ### Returns - `type SettingDomainGetResponse struct{…}` - `ID string` Domain identifier - `AllowedDeliveryModes []SettingDomainGetResponseAllowedDeliveryMode` - `const SettingDomainGetResponseAllowedDeliveryModeDirect SettingDomainGetResponseAllowedDeliveryMode = "DIRECT"` - `const SettingDomainGetResponseAllowedDeliveryModeBcc SettingDomainGetResponseAllowedDeliveryMode = "BCC"` - `const SettingDomainGetResponseAllowedDeliveryModeJournal SettingDomainGetResponseAllowedDeliveryMode = "JOURNAL"` - `const SettingDomainGetResponseAllowedDeliveryModeAPI SettingDomainGetResponseAllowedDeliveryMode = "API"` - `const SettingDomainGetResponseAllowedDeliveryModeRetroScan SettingDomainGetResponseAllowedDeliveryMode = "RETRO_SCAN"` - `Authorization SettingDomainGetResponseAuthorization` - `Authorized bool` - `Timestamp Time` - `StatusMessage string` - `CreatedAt Time` - `DMARCStatus SettingDomainGetResponseDMARCStatus` - `const SettingDomainGetResponseDMARCStatusNone SettingDomainGetResponseDMARCStatus = "none"` - `const SettingDomainGetResponseDMARCStatusGood SettingDomainGetResponseDMARCStatus = "good"` - `const SettingDomainGetResponseDMARCStatusInvalid SettingDomainGetResponseDMARCStatus = "invalid"` - `Domain string` - `DropDispositions []SettingDomainGetResponseDropDisposition` - `const SettingDomainGetResponseDropDispositionMalicious SettingDomainGetResponseDropDisposition = "MALICIOUS"` - `const SettingDomainGetResponseDropDispositionMaliciousBec SettingDomainGetResponseDropDisposition = "MALICIOUS-BEC"` - `const SettingDomainGetResponseDropDispositionSuspicious SettingDomainGetResponseDropDisposition = "SUSPICIOUS"` - `const SettingDomainGetResponseDropDispositionSpoof SettingDomainGetResponseDropDisposition = "SPOOF"` - `const SettingDomainGetResponseDropDispositionSpam SettingDomainGetResponseDropDisposition = "SPAM"` - `const SettingDomainGetResponseDropDispositionBulk SettingDomainGetResponseDropDisposition = "BULK"` - `const SettingDomainGetResponseDropDispositionEncrypted SettingDomainGetResponseDropDisposition = "ENCRYPTED"` - `const SettingDomainGetResponseDropDispositionExternal SettingDomainGetResponseDropDisposition = "EXTERNAL"` - `const SettingDomainGetResponseDropDispositionUnknown SettingDomainGetResponseDropDisposition = "UNKNOWN"` - `const SettingDomainGetResponseDropDispositionNone SettingDomainGetResponseDropDisposition = "NONE"` - `EmailsProcessed SettingDomainGetResponseEmailsProcessed` - `Timestamp Time` - `TotalEmailsProcessed int64` - `TotalEmailsProcessedPrevious int64` - `Folder SettingDomainGetResponseFolder` - `const SettingDomainGetResponseFolderAllItems SettingDomainGetResponseFolder = "AllItems"` - `const SettingDomainGetResponseFolderInbox SettingDomainGetResponseFolder = "Inbox"` - `InboxProvider SettingDomainGetResponseInboxProvider` - `const SettingDomainGetResponseInboxProviderMicrosoft SettingDomainGetResponseInboxProvider = "Microsoft"` - `const SettingDomainGetResponseInboxProviderGoogle SettingDomainGetResponseInboxProvider = "Google"` - `IntegrationID string` - `IPRestrictions []string` - `LastModified Time` Deprecated, use `modified_at` instead. End of life: November 1, 2026. - `LookbackHops int64` - `ModifiedAt Time` - `O365TenantID string` - `Regions []SettingDomainGetResponseRegion` - `const SettingDomainGetResponseRegionGlobal SettingDomainGetResponseRegion = "GLOBAL"` - `const SettingDomainGetResponseRegionAu SettingDomainGetResponseRegion = "AU"` - `const SettingDomainGetResponseRegionDe SettingDomainGetResponseRegion = "DE"` - `const SettingDomainGetResponseRegionIn SettingDomainGetResponseRegion = "IN"` - `const SettingDomainGetResponseRegionUs SettingDomainGetResponseRegion = "US"` - `RequireTLSInbound bool` - `RequireTLSOutbound bool` - `SPFStatus SettingDomainGetResponseSPFStatus` - `const SettingDomainGetResponseSPFStatusNone SettingDomainGetResponseSPFStatus = "none"` - `const SettingDomainGetResponseSPFStatusGood SettingDomainGetResponseSPFStatus = "good"` - `const SettingDomainGetResponseSPFStatusNeutral SettingDomainGetResponseSPFStatus = "neutral"` - `const SettingDomainGetResponseSPFStatusOpen SettingDomainGetResponseSPFStatus = "open"` - `const SettingDomainGetResponseSPFStatusInvalid SettingDomainGetResponseSPFStatus = "invalid"` - `Status SettingDomainGetResponseStatus` - `const SettingDomainGetResponseStatusPending SettingDomainGetResponseStatus = "pending"` - `const SettingDomainGetResponseStatusActive SettingDomainGetResponseStatus = "active"` - `const SettingDomainGetResponseStatusFailed SettingDomainGetResponseStatus = "failed"` - `const SettingDomainGetResponseStatusTimeout SettingDomainGetResponseStatus = "timeout"` - `Transport string` ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/email_security" "github.com/cloudflare/cloudflare-go/option" ) func main() { client := cloudflare.NewClient( option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"), ) domain, err := client.EmailSecurity.Settings.Domains.Get( context.TODO(), "f174e90a-fafe-4643-bbbc-4a0ed4fc8415", email_security.SettingDomainGetParams{ AccountID: cloudflare.F("023e105f4ecef8ad9ca31a8372d0c353"), }, ) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", domain.ID) } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": { "id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415", "allowed_delivery_modes": [ "DIRECT" ], "authorization": { "authorized": true, "timestamp": "2019-12-27T18:11:19.117Z", "status_message": "status_message" }, "created_at": "2014-01-01T05:20:00.12345Z", "dmarc_status": "none", "domain": "example.com", "drop_dispositions": [ "MALICIOUS" ], "emails_processed": { "timestamp": "2019-12-27T18:11:19.117Z", "total_emails_processed": 0, "total_emails_processed_previous": 0 }, "folder": "AllItems", "inbox_provider": "Microsoft", "integration_id": "182bd5e5-6e1a-4fe4-a799-aa6d9a6ab26e", "ip_restrictions": [ "192.0.2.0/24", "2001:db8::/32" ], "last_modified": "2014-01-01T05:20:00.12345Z", "lookback_hops": 0, "modified_at": "2014-01-01T05:20:00.12345Z", "o365_tenant_id": "o365_tenant_id", "regions": [ "GLOBAL" ], "require_tls_inbound": true, "require_tls_outbound": true, "spf_status": "none", "status": "pending", "transport": "transport" } } ``` ## Update an email domain `client.EmailSecurity.Settings.Domains.Edit(ctx, domainID, params) (*SettingDomainEditResponse, error)` **patch** `/accounts/{account_id}/email-security/settings/domains/{domain_id}` Updates configuration for a protected email domain. Only provided fields will be modified. Changes affect delivery mode, security settings, and regional processing. ### Parameters - `domainID string` Domain identifier - `params SettingDomainEditParams` - `AccountID param.Field[string]` Path param: Identifier. - `AllowedDeliveryModes param.Field[[]SettingDomainEditParamsAllowedDeliveryMode]` Body param - `const SettingDomainEditParamsAllowedDeliveryModeDirect SettingDomainEditParamsAllowedDeliveryMode = "DIRECT"` - `const SettingDomainEditParamsAllowedDeliveryModeBcc SettingDomainEditParamsAllowedDeliveryMode = "BCC"` - `const SettingDomainEditParamsAllowedDeliveryModeJournal SettingDomainEditParamsAllowedDeliveryMode = "JOURNAL"` - `const SettingDomainEditParamsAllowedDeliveryModeAPI SettingDomainEditParamsAllowedDeliveryMode = "API"` - `const SettingDomainEditParamsAllowedDeliveryModeRetroScan SettingDomainEditParamsAllowedDeliveryMode = "RETRO_SCAN"` - `Domain param.Field[string]` Body param - `DropDispositions param.Field[[]SettingDomainEditParamsDropDisposition]` Body param - `const SettingDomainEditParamsDropDispositionMalicious SettingDomainEditParamsDropDisposition = "MALICIOUS"` - `const SettingDomainEditParamsDropDispositionMaliciousBec SettingDomainEditParamsDropDisposition = "MALICIOUS-BEC"` - `const SettingDomainEditParamsDropDispositionSuspicious SettingDomainEditParamsDropDisposition = "SUSPICIOUS"` - `const SettingDomainEditParamsDropDispositionSpoof SettingDomainEditParamsDropDisposition = "SPOOF"` - `const SettingDomainEditParamsDropDispositionSpam SettingDomainEditParamsDropDisposition = "SPAM"` - `const SettingDomainEditParamsDropDispositionBulk SettingDomainEditParamsDropDisposition = "BULK"` - `const SettingDomainEditParamsDropDispositionEncrypted SettingDomainEditParamsDropDisposition = "ENCRYPTED"` - `const SettingDomainEditParamsDropDispositionExternal SettingDomainEditParamsDropDisposition = "EXTERNAL"` - `const SettingDomainEditParamsDropDispositionUnknown SettingDomainEditParamsDropDisposition = "UNKNOWN"` - `const SettingDomainEditParamsDropDispositionNone SettingDomainEditParamsDropDisposition = "NONE"` - `Folder param.Field[SettingDomainEditParamsFolder]` Body param - `const SettingDomainEditParamsFolderAllItems SettingDomainEditParamsFolder = "AllItems"` - `const SettingDomainEditParamsFolderInbox SettingDomainEditParamsFolder = "Inbox"` - `IntegrationID param.Field[string]` Body param - `IPRestrictions param.Field[[]string]` Body param - `LookbackHops param.Field[int64]` Body param - `Regions param.Field[[]SettingDomainEditParamsRegion]` Body param - `const SettingDomainEditParamsRegionGlobal SettingDomainEditParamsRegion = "GLOBAL"` - `const SettingDomainEditParamsRegionAu SettingDomainEditParamsRegion = "AU"` - `const SettingDomainEditParamsRegionDe SettingDomainEditParamsRegion = "DE"` - `const SettingDomainEditParamsRegionIn SettingDomainEditParamsRegion = "IN"` - `const SettingDomainEditParamsRegionUs SettingDomainEditParamsRegion = "US"` - `RequireTLSInbound param.Field[bool]` Body param - `RequireTLSOutbound param.Field[bool]` Body param - `Transport param.Field[string]` Body param ### Returns - `type SettingDomainEditResponse struct{…}` - `ID string` Domain identifier - `AllowedDeliveryModes []SettingDomainEditResponseAllowedDeliveryMode` - `const SettingDomainEditResponseAllowedDeliveryModeDirect SettingDomainEditResponseAllowedDeliveryMode = "DIRECT"` - `const SettingDomainEditResponseAllowedDeliveryModeBcc SettingDomainEditResponseAllowedDeliveryMode = "BCC"` - `const SettingDomainEditResponseAllowedDeliveryModeJournal SettingDomainEditResponseAllowedDeliveryMode = "JOURNAL"` - `const SettingDomainEditResponseAllowedDeliveryModeAPI SettingDomainEditResponseAllowedDeliveryMode = "API"` - `const SettingDomainEditResponseAllowedDeliveryModeRetroScan SettingDomainEditResponseAllowedDeliveryMode = "RETRO_SCAN"` - `Authorization SettingDomainEditResponseAuthorization` - `Authorized bool` - `Timestamp Time` - `StatusMessage string` - `CreatedAt Time` - `DMARCStatus SettingDomainEditResponseDMARCStatus` - `const SettingDomainEditResponseDMARCStatusNone SettingDomainEditResponseDMARCStatus = "none"` - `const SettingDomainEditResponseDMARCStatusGood SettingDomainEditResponseDMARCStatus = "good"` - `const SettingDomainEditResponseDMARCStatusInvalid SettingDomainEditResponseDMARCStatus = "invalid"` - `Domain string` - `DropDispositions []SettingDomainEditResponseDropDisposition` - `const SettingDomainEditResponseDropDispositionMalicious SettingDomainEditResponseDropDisposition = "MALICIOUS"` - `const SettingDomainEditResponseDropDispositionMaliciousBec SettingDomainEditResponseDropDisposition = "MALICIOUS-BEC"` - `const SettingDomainEditResponseDropDispositionSuspicious SettingDomainEditResponseDropDisposition = "SUSPICIOUS"` - `const SettingDomainEditResponseDropDispositionSpoof SettingDomainEditResponseDropDisposition = "SPOOF"` - `const SettingDomainEditResponseDropDispositionSpam SettingDomainEditResponseDropDisposition = "SPAM"` - `const SettingDomainEditResponseDropDispositionBulk SettingDomainEditResponseDropDisposition = "BULK"` - `const SettingDomainEditResponseDropDispositionEncrypted SettingDomainEditResponseDropDisposition = "ENCRYPTED"` - `const SettingDomainEditResponseDropDispositionExternal SettingDomainEditResponseDropDisposition = "EXTERNAL"` - `const SettingDomainEditResponseDropDispositionUnknown SettingDomainEditResponseDropDisposition = "UNKNOWN"` - `const SettingDomainEditResponseDropDispositionNone SettingDomainEditResponseDropDisposition = "NONE"` - `EmailsProcessed SettingDomainEditResponseEmailsProcessed` - `Timestamp Time` - `TotalEmailsProcessed int64` - `TotalEmailsProcessedPrevious int64` - `Folder SettingDomainEditResponseFolder` - `const SettingDomainEditResponseFolderAllItems SettingDomainEditResponseFolder = "AllItems"` - `const SettingDomainEditResponseFolderInbox SettingDomainEditResponseFolder = "Inbox"` - `InboxProvider SettingDomainEditResponseInboxProvider` - `const SettingDomainEditResponseInboxProviderMicrosoft SettingDomainEditResponseInboxProvider = "Microsoft"` - `const SettingDomainEditResponseInboxProviderGoogle SettingDomainEditResponseInboxProvider = "Google"` - `IntegrationID string` - `IPRestrictions []string` - `LastModified Time` Deprecated, use `modified_at` instead. End of life: November 1, 2026. - `LookbackHops int64` - `ModifiedAt Time` - `O365TenantID string` - `Regions []SettingDomainEditResponseRegion` - `const SettingDomainEditResponseRegionGlobal SettingDomainEditResponseRegion = "GLOBAL"` - `const SettingDomainEditResponseRegionAu SettingDomainEditResponseRegion = "AU"` - `const SettingDomainEditResponseRegionDe SettingDomainEditResponseRegion = "DE"` - `const SettingDomainEditResponseRegionIn SettingDomainEditResponseRegion = "IN"` - `const SettingDomainEditResponseRegionUs SettingDomainEditResponseRegion = "US"` - `RequireTLSInbound bool` - `RequireTLSOutbound bool` - `SPFStatus SettingDomainEditResponseSPFStatus` - `const SettingDomainEditResponseSPFStatusNone SettingDomainEditResponseSPFStatus = "none"` - `const SettingDomainEditResponseSPFStatusGood SettingDomainEditResponseSPFStatus = "good"` - `const SettingDomainEditResponseSPFStatusNeutral SettingDomainEditResponseSPFStatus = "neutral"` - `const SettingDomainEditResponseSPFStatusOpen SettingDomainEditResponseSPFStatus = "open"` - `const SettingDomainEditResponseSPFStatusInvalid SettingDomainEditResponseSPFStatus = "invalid"` - `Status SettingDomainEditResponseStatus` - `const SettingDomainEditResponseStatusPending SettingDomainEditResponseStatus = "pending"` - `const SettingDomainEditResponseStatusActive SettingDomainEditResponseStatus = "active"` - `const SettingDomainEditResponseStatusFailed SettingDomainEditResponseStatus = "failed"` - `const SettingDomainEditResponseStatusTimeout SettingDomainEditResponseStatus = "timeout"` - `Transport string` ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/email_security" "github.com/cloudflare/cloudflare-go/option" ) func main() { client := cloudflare.NewClient( option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"), ) response, err := client.EmailSecurity.Settings.Domains.Edit( context.TODO(), "f174e90a-fafe-4643-bbbc-4a0ed4fc8415", email_security.SettingDomainEditParams{ AccountID: cloudflare.F("023e105f4ecef8ad9ca31a8372d0c353"), }, ) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", response.ID) } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": { "id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415", "allowed_delivery_modes": [ "DIRECT" ], "authorization": { "authorized": true, "timestamp": "2019-12-27T18:11:19.117Z", "status_message": "status_message" }, "created_at": "2014-01-01T05:20:00.12345Z", "dmarc_status": "none", "domain": "example.com", "drop_dispositions": [ "MALICIOUS" ], "emails_processed": { "timestamp": "2019-12-27T18:11:19.117Z", "total_emails_processed": 0, "total_emails_processed_previous": 0 }, "folder": "AllItems", "inbox_provider": "Microsoft", "integration_id": "182bd5e5-6e1a-4fe4-a799-aa6d9a6ab26e", "ip_restrictions": [ "192.0.2.0/24", "2001:db8::/32" ], "last_modified": "2014-01-01T05:20:00.12345Z", "lookback_hops": 0, "modified_at": "2014-01-01T05:20:00.12345Z", "o365_tenant_id": "o365_tenant_id", "regions": [ "GLOBAL" ], "require_tls_inbound": true, "require_tls_outbound": true, "spf_status": "none", "status": "pending", "transport": "transport" } } ``` ## Unprotect an email domain `client.EmailSecurity.Settings.Domains.Delete(ctx, domainID, body) (*SettingDomainDeleteResponse, error)` **delete** `/accounts/{account_id}/email-security/settings/domains/{domain_id}` Removes email security protection from a domain. After deletion, emails for this domain will no longer be processed by Email Security. This action cannot be undone. ### Parameters - `domainID string` Domain identifier - `body SettingDomainDeleteParams` - `AccountID param.Field[string]` Identifier. ### Returns - `type SettingDomainDeleteResponse struct{…}` - `ID string` Domain identifier ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/email_security" "github.com/cloudflare/cloudflare-go/option" ) func main() { client := cloudflare.NewClient( option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"), ) domain, err := client.EmailSecurity.Settings.Domains.Delete( context.TODO(), "f174e90a-fafe-4643-bbbc-4a0ed4fc8415", email_security.SettingDomainDeleteParams{ AccountID: cloudflare.F("023e105f4ecef8ad9ca31a8372d0c353"), }, ) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", domain.ID) } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": { "id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415" } } ``` # Impersonation Registry ## List entries in impersonation registry `client.EmailSecurity.Settings.ImpersonationRegistry.List(ctx, params) (*V4PagePaginationArray[SettingImpersonationRegistryListResponse], error)` **get** `/accounts/{account_id}/email-security/settings/impersonation_registry` Returns a paginated list of protected identities in the impersonation registry. These entries define identities and email addresses to protect from impersonation attacks. Can be manually added or automatically synced from directory integrations. ### Parameters - `params SettingImpersonationRegistryListParams` - `AccountID param.Field[string]` Path param: Identifier. - `Direction param.Field[SettingImpersonationRegistryListParamsDirection]` Query param: The sorting direction. - `const SettingImpersonationRegistryListParamsDirectionAsc SettingImpersonationRegistryListParamsDirection = "asc"` - `const SettingImpersonationRegistryListParamsDirectionDesc SettingImpersonationRegistryListParamsDirection = "desc"` - `Order param.Field[SettingImpersonationRegistryListParamsOrder]` Query param: Field to sort by. - `const SettingImpersonationRegistryListParamsOrderName SettingImpersonationRegistryListParamsOrder = "name"` - `const SettingImpersonationRegistryListParamsOrderEmail SettingImpersonationRegistryListParamsOrder = "email"` - `const SettingImpersonationRegistryListParamsOrderCreatedAt SettingImpersonationRegistryListParamsOrder = "created_at"` - `Page param.Field[int64]` Query param: Current page within paginated list of results. - `PerPage param.Field[int64]` Query param: The number of results per page. Maximum value is 1000. - `Provenance param.Field[SettingImpersonationRegistryListParamsProvenance]` Query param - `const SettingImpersonationRegistryListParamsProvenanceA1SInternal SettingImpersonationRegistryListParamsProvenance = "A1S_INTERNAL"` - `const SettingImpersonationRegistryListParamsProvenanceSnoopyCasbOffice365 SettingImpersonationRegistryListParamsProvenance = "SNOOPY-CASB_OFFICE_365"` - `const SettingImpersonationRegistryListParamsProvenanceSnoopyOffice365 SettingImpersonationRegistryListParamsProvenance = "SNOOPY-OFFICE_365"` - `const SettingImpersonationRegistryListParamsProvenanceSnoopyGoogleDirectory SettingImpersonationRegistryListParamsProvenance = "SNOOPY-GOOGLE_DIRECTORY"` - `Search param.Field[string]` Query param: Search term for filtering records. Behavior may change. ### Returns - `type SettingImpersonationRegistryListResponse struct{…}` An impersonation registry entry - `ID string` Impersonation registry entry identifier - `Comments string` - `CreatedAt Time` - `DirectoryID int64` - `DirectoryNodeID int64` - `Email string` - `ExternalDirectoryNodeID string` - `IsEmailRegex bool` - `LastModified Time` Deprecated, use `modified_at` instead. End of life: November 1, 2026. - `ModifiedAt Time` - `Name string` - `Provenance SettingImpersonationRegistryListResponseProvenance` - `const SettingImpersonationRegistryListResponseProvenanceA1SInternal SettingImpersonationRegistryListResponseProvenance = "A1S_INTERNAL"` - `const SettingImpersonationRegistryListResponseProvenanceSnoopyCasbOffice365 SettingImpersonationRegistryListResponseProvenance = "SNOOPY-CASB_OFFICE_365"` - `const SettingImpersonationRegistryListResponseProvenanceSnoopyOffice365 SettingImpersonationRegistryListResponseProvenance = "SNOOPY-OFFICE_365"` - `const SettingImpersonationRegistryListResponseProvenanceSnoopyGoogleDirectory SettingImpersonationRegistryListResponseProvenance = "SNOOPY-GOOGLE_DIRECTORY"` ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/email_security" "github.com/cloudflare/cloudflare-go/option" ) func main() { client := cloudflare.NewClient( option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"), ) page, err := client.EmailSecurity.Settings.ImpersonationRegistry.List(context.TODO(), email_security.SettingImpersonationRegistryListParams{ AccountID: cloudflare.F("023e105f4ecef8ad9ca31a8372d0c353"), }) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", page) } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": [ { "id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415", "comments": "comments", "created_at": "2014-01-01T05:20:00.12345Z", "directory_id": 0, "directory_node_id": 0, "email": "john.doe@example.com", "external_directory_node_id": "external_directory_node_id", "is_email_regex": false, "last_modified": "2014-01-01T05:20:00.12345Z", "modified_at": "2014-01-01T05:20:00.12345Z", "name": "John Doe", "provenance": "A1S_INTERNAL" } ], "result_info": { "count": 1, "page": 1, "per_page": 20, "total_count": 2000 } } ``` ## Get an impersonation registry entry `client.EmailSecurity.Settings.ImpersonationRegistry.Get(ctx, impersonationRegistryID, query) (*SettingImpersonationRegistryGetResponse, error)` **get** `/accounts/{account_id}/email-security/settings/impersonation_registry/{impersonation_registry_id}` Retrieves details for a specific impersonation registry entry including the protected identity, email pattern, and synchronization source if directory-synced. ### Parameters - `impersonationRegistryID string` Impersonation registry entry identifier - `query SettingImpersonationRegistryGetParams` - `AccountID param.Field[string]` Identifier. ### Returns - `type SettingImpersonationRegistryGetResponse struct{…}` An impersonation registry entry - `ID string` Impersonation registry entry identifier - `Comments string` - `CreatedAt Time` - `DirectoryID int64` - `DirectoryNodeID int64` - `Email string` - `ExternalDirectoryNodeID string` - `IsEmailRegex bool` - `LastModified Time` Deprecated, use `modified_at` instead. End of life: November 1, 2026. - `ModifiedAt Time` - `Name string` - `Provenance SettingImpersonationRegistryGetResponseProvenance` - `const SettingImpersonationRegistryGetResponseProvenanceA1SInternal SettingImpersonationRegistryGetResponseProvenance = "A1S_INTERNAL"` - `const SettingImpersonationRegistryGetResponseProvenanceSnoopyCasbOffice365 SettingImpersonationRegistryGetResponseProvenance = "SNOOPY-CASB_OFFICE_365"` - `const SettingImpersonationRegistryGetResponseProvenanceSnoopyOffice365 SettingImpersonationRegistryGetResponseProvenance = "SNOOPY-OFFICE_365"` - `const SettingImpersonationRegistryGetResponseProvenanceSnoopyGoogleDirectory SettingImpersonationRegistryGetResponseProvenance = "SNOOPY-GOOGLE_DIRECTORY"` ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/email_security" "github.com/cloudflare/cloudflare-go/option" ) func main() { client := cloudflare.NewClient( option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"), ) impersonationRegistry, err := client.EmailSecurity.Settings.ImpersonationRegistry.Get( context.TODO(), "f174e90a-fafe-4643-bbbc-4a0ed4fc8415", email_security.SettingImpersonationRegistryGetParams{ AccountID: cloudflare.F("023e105f4ecef8ad9ca31a8372d0c353"), }, ) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", impersonationRegistry.ID) } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": { "id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415", "comments": "comments", "created_at": "2014-01-01T05:20:00.12345Z", "directory_id": 0, "directory_node_id": 0, "email": "john.doe@example.com", "external_directory_node_id": "external_directory_node_id", "is_email_regex": false, "last_modified": "2014-01-01T05:20:00.12345Z", "modified_at": "2014-01-01T05:20:00.12345Z", "name": "John Doe", "provenance": "A1S_INTERNAL" } } ``` ## Create impersonation registry entry `client.EmailSecurity.Settings.ImpersonationRegistry.New(ctx, params) (*SettingImpersonationRegistryNewResponse, error)` **post** `/accounts/{account_id}/email-security/settings/impersonation_registry` Creates a new entry in the impersonation registry to protect against impersonation. Emails attempting to impersonate this identity will be flagged. Supports regex patterns for flexible email matching. ### Parameters - `params SettingImpersonationRegistryNewParams` - `AccountID param.Field[string]` Path param: Identifier. - `Email param.Field[string]` Body param - `IsEmailRegex param.Field[bool]` Body param - `Name param.Field[string]` Body param - `Comments param.Field[string]` Body param - `DirectoryID param.Field[int64]` Body param - `DirectoryNodeID param.Field[int64]` Body param - `ExternalDirectoryNodeID param.Field[string]` Body param - `Provenance param.Field[SettingImpersonationRegistryNewParamsProvenance]` Body param - `const SettingImpersonationRegistryNewParamsProvenanceA1SInternal SettingImpersonationRegistryNewParamsProvenance = "A1S_INTERNAL"` - `const SettingImpersonationRegistryNewParamsProvenanceSnoopyCasbOffice365 SettingImpersonationRegistryNewParamsProvenance = "SNOOPY-CASB_OFFICE_365"` - `const SettingImpersonationRegistryNewParamsProvenanceSnoopyOffice365 SettingImpersonationRegistryNewParamsProvenance = "SNOOPY-OFFICE_365"` - `const SettingImpersonationRegistryNewParamsProvenanceSnoopyGoogleDirectory SettingImpersonationRegistryNewParamsProvenance = "SNOOPY-GOOGLE_DIRECTORY"` ### Returns - `type SettingImpersonationRegistryNewResponse struct{…}` An impersonation registry entry - `ID string` Impersonation registry entry identifier - `Comments string` - `CreatedAt Time` - `DirectoryID int64` - `DirectoryNodeID int64` - `Email string` - `ExternalDirectoryNodeID string` - `IsEmailRegex bool` - `LastModified Time` Deprecated, use `modified_at` instead. End of life: November 1, 2026. - `ModifiedAt Time` - `Name string` - `Provenance SettingImpersonationRegistryNewResponseProvenance` - `const SettingImpersonationRegistryNewResponseProvenanceA1SInternal SettingImpersonationRegistryNewResponseProvenance = "A1S_INTERNAL"` - `const SettingImpersonationRegistryNewResponseProvenanceSnoopyCasbOffice365 SettingImpersonationRegistryNewResponseProvenance = "SNOOPY-CASB_OFFICE_365"` - `const SettingImpersonationRegistryNewResponseProvenanceSnoopyOffice365 SettingImpersonationRegistryNewResponseProvenance = "SNOOPY-OFFICE_365"` - `const SettingImpersonationRegistryNewResponseProvenanceSnoopyGoogleDirectory SettingImpersonationRegistryNewResponseProvenance = "SNOOPY-GOOGLE_DIRECTORY"` ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/email_security" "github.com/cloudflare/cloudflare-go/option" ) func main() { client := cloudflare.NewClient( option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"), ) impersonationRegistry, err := client.EmailSecurity.Settings.ImpersonationRegistry.New(context.TODO(), email_security.SettingImpersonationRegistryNewParams{ AccountID: cloudflare.F("023e105f4ecef8ad9ca31a8372d0c353"), Email: cloudflare.F("john.doe@example.com"), IsEmailRegex: cloudflare.F(false), Name: cloudflare.F("John Doe"), }) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", impersonationRegistry.ID) } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": { "id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415", "comments": "comments", "created_at": "2014-01-01T05:20:00.12345Z", "directory_id": 0, "directory_node_id": 0, "email": "john.doe@example.com", "external_directory_node_id": "external_directory_node_id", "is_email_regex": false, "last_modified": "2014-01-01T05:20:00.12345Z", "modified_at": "2014-01-01T05:20:00.12345Z", "name": "John Doe", "provenance": "A1S_INTERNAL" } } ``` ## Update an impersonation registry entry `client.EmailSecurity.Settings.ImpersonationRegistry.Edit(ctx, impersonationRegistryID, params) (*SettingImpersonationRegistryEditResponse, error)` **patch** `/accounts/{account_id}/email-security/settings/impersonation_registry/{impersonation_registry_id}` Updates an existing impersonation registry entry. Only provided fields will be modified. Directory-synced entries can't be updated. ### Parameters - `impersonationRegistryID string` Impersonation registry entry identifier - `params SettingImpersonationRegistryEditParams` - `AccountID param.Field[string]` Path param: Identifier. - `Comments param.Field[string]` Body param - `DirectoryID param.Field[int64]` Body param - `DirectoryNodeID param.Field[int64]` Body param - `Email param.Field[string]` Body param - `ExternalDirectoryNodeID param.Field[string]` Body param - `IsEmailRegex param.Field[bool]` Body param - `Name param.Field[string]` Body param - `Provenance param.Field[SettingImpersonationRegistryEditParamsProvenance]` Body param - `const SettingImpersonationRegistryEditParamsProvenanceA1SInternal SettingImpersonationRegistryEditParamsProvenance = "A1S_INTERNAL"` - `const SettingImpersonationRegistryEditParamsProvenanceSnoopyCasbOffice365 SettingImpersonationRegistryEditParamsProvenance = "SNOOPY-CASB_OFFICE_365"` - `const SettingImpersonationRegistryEditParamsProvenanceSnoopyOffice365 SettingImpersonationRegistryEditParamsProvenance = "SNOOPY-OFFICE_365"` - `const SettingImpersonationRegistryEditParamsProvenanceSnoopyGoogleDirectory SettingImpersonationRegistryEditParamsProvenance = "SNOOPY-GOOGLE_DIRECTORY"` ### Returns - `type SettingImpersonationRegistryEditResponse struct{…}` An impersonation registry entry - `ID string` Impersonation registry entry identifier - `Comments string` - `CreatedAt Time` - `DirectoryID int64` - `DirectoryNodeID int64` - `Email string` - `ExternalDirectoryNodeID string` - `IsEmailRegex bool` - `LastModified Time` Deprecated, use `modified_at` instead. End of life: November 1, 2026. - `ModifiedAt Time` - `Name string` - `Provenance SettingImpersonationRegistryEditResponseProvenance` - `const SettingImpersonationRegistryEditResponseProvenanceA1SInternal SettingImpersonationRegistryEditResponseProvenance = "A1S_INTERNAL"` - `const SettingImpersonationRegistryEditResponseProvenanceSnoopyCasbOffice365 SettingImpersonationRegistryEditResponseProvenance = "SNOOPY-CASB_OFFICE_365"` - `const SettingImpersonationRegistryEditResponseProvenanceSnoopyOffice365 SettingImpersonationRegistryEditResponseProvenance = "SNOOPY-OFFICE_365"` - `const SettingImpersonationRegistryEditResponseProvenanceSnoopyGoogleDirectory SettingImpersonationRegistryEditResponseProvenance = "SNOOPY-GOOGLE_DIRECTORY"` ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/email_security" "github.com/cloudflare/cloudflare-go/option" ) func main() { client := cloudflare.NewClient( option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"), ) response, err := client.EmailSecurity.Settings.ImpersonationRegistry.Edit( context.TODO(), "f174e90a-fafe-4643-bbbc-4a0ed4fc8415", email_security.SettingImpersonationRegistryEditParams{ AccountID: cloudflare.F("023e105f4ecef8ad9ca31a8372d0c353"), }, ) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", response.ID) } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": { "id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415", "comments": "comments", "created_at": "2014-01-01T05:20:00.12345Z", "directory_id": 0, "directory_node_id": 0, "email": "john.doe@example.com", "external_directory_node_id": "external_directory_node_id", "is_email_regex": false, "last_modified": "2014-01-01T05:20:00.12345Z", "modified_at": "2014-01-01T05:20:00.12345Z", "name": "John Doe", "provenance": "A1S_INTERNAL" } } ``` ## Delete an impersonation registry entry `client.EmailSecurity.Settings.ImpersonationRegistry.Delete(ctx, impersonationRegistryID, body) (*SettingImpersonationRegistryDeleteResponse, error)` **delete** `/accounts/{account_id}/email-security/settings/impersonation_registry/{impersonation_registry_id}` Removes an entry from the impersonation registry. After deletion, this identity will no longer be protected from impersonation. ### Parameters - `impersonationRegistryID string` Impersonation registry entry identifier - `body SettingImpersonationRegistryDeleteParams` - `AccountID param.Field[string]` Identifier. ### Returns - `type SettingImpersonationRegistryDeleteResponse struct{…}` - `ID string` Impersonation registry entry identifier ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/email_security" "github.com/cloudflare/cloudflare-go/option" ) func main() { client := cloudflare.NewClient( option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"), ) impersonationRegistry, err := client.EmailSecurity.Settings.ImpersonationRegistry.Delete( context.TODO(), "f174e90a-fafe-4643-bbbc-4a0ed4fc8415", email_security.SettingImpersonationRegistryDeleteParams{ AccountID: cloudflare.F("023e105f4ecef8ad9ca31a8372d0c353"), }, ) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", impersonationRegistry.ID) } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": { "id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415" } } ``` # Trusted Domains ## List trusted email domains `client.EmailSecurity.Settings.TrustedDomains.List(ctx, params) (*V4PagePaginationArray[SettingTrustedDomainListResponse], error)` **get** `/accounts/{account_id}/email-security/settings/trusted_domains` Returns a paginated list of trusted domain patterns. Trusted domains prevent false positives for recently registered domains and lookalike domain detections. Patterns can use regular expressions for flexible matching. ### Parameters - `params SettingTrustedDomainListParams` - `AccountID param.Field[string]` Path param: Identifier. - `Direction param.Field[SettingTrustedDomainListParamsDirection]` Query param: The sorting direction. - `const SettingTrustedDomainListParamsDirectionAsc SettingTrustedDomainListParamsDirection = "asc"` - `const SettingTrustedDomainListParamsDirectionDesc SettingTrustedDomainListParamsDirection = "desc"` - `IsRecent param.Field[bool]` Query param: Filter to show only recently registered domains that are trusted to prevent triggering Suspicious or Malicious dispositions. - `IsSimilarity param.Field[bool]` Query param: Filter to show only proximity domains (partner or approved domains with similar spelling to connected domains) that prevent Spoof dispositions. - `Order param.Field[SettingTrustedDomainListParamsOrder]` Query param: Field to sort by. - `const SettingTrustedDomainListParamsOrderPattern SettingTrustedDomainListParamsOrder = "pattern"` - `const SettingTrustedDomainListParamsOrderCreatedAt SettingTrustedDomainListParamsOrder = "created_at"` - `Page param.Field[int64]` Query param: Current page within paginated list of results. - `Pattern param.Field[string]` Query param - `PerPage param.Field[int64]` Query param: The number of results per page. Maximum value is 1000. - `Search param.Field[string]` Query param: Search term for filtering records. Behavior may change. ### Returns - `type SettingTrustedDomainListResponse struct{…}` A trusted email domain - `ID string` Trusted domain identifier - `Comments string` - `CreatedAt Time` - `IsRecent bool` Select to prevent recently registered domains from triggering a Suspicious or Malicious disposition. - `IsRegex bool` - `IsSimilarity bool` Select for partner or other approved domains that have similar spelling to your connected domains. Prevents listed domains from triggering a Spoof disposition. - `LastModified Time` Deprecated, use `modified_at` instead. End of life: November 1, 2026. - `ModifiedAt Time` - `Pattern string` ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/email_security" "github.com/cloudflare/cloudflare-go/option" ) func main() { client := cloudflare.NewClient( option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"), ) page, err := client.EmailSecurity.Settings.TrustedDomains.List(context.TODO(), email_security.SettingTrustedDomainListParams{ AccountID: cloudflare.F("023e105f4ecef8ad9ca31a8372d0c353"), }) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", page) } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": [ { "id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415", "comments": "Trusted partner domain", "created_at": "2014-01-01T05:20:00.12345Z", "is_recent": true, "is_regex": false, "is_similarity": false, "last_modified": "2014-01-01T05:20:00.12345Z", "modified_at": "2014-01-01T05:20:00.12345Z", "pattern": "example.com" } ], "result_info": { "count": 1, "page": 1, "per_page": 20, "total_count": 2000 } } ``` ## Get a trusted email domain `client.EmailSecurity.Settings.TrustedDomains.Get(ctx, trustedDomainID, query) (*SettingTrustedDomainGetResponse, error)` **get** `/accounts/{account_id}/email-security/settings/trusted_domains/{trusted_domain_id}` Retrieves details for a specific trusted domain pattern including its pattern value, whether it uses regex matching, and which detection types it affects. ### Parameters - `trustedDomainID string` Trusted domain identifier - `query SettingTrustedDomainGetParams` - `AccountID param.Field[string]` Identifier. ### Returns - `type SettingTrustedDomainGetResponse struct{…}` A trusted email domain - `ID string` Trusted domain identifier - `Comments string` - `CreatedAt Time` - `IsRecent bool` Select to prevent recently registered domains from triggering a Suspicious or Malicious disposition. - `IsRegex bool` - `IsSimilarity bool` Select for partner or other approved domains that have similar spelling to your connected domains. Prevents listed domains from triggering a Spoof disposition. - `LastModified Time` Deprecated, use `modified_at` instead. End of life: November 1, 2026. - `ModifiedAt Time` - `Pattern string` ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/email_security" "github.com/cloudflare/cloudflare-go/option" ) func main() { client := cloudflare.NewClient( option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"), ) trustedDomain, err := client.EmailSecurity.Settings.TrustedDomains.Get( context.TODO(), "f174e90a-fafe-4643-bbbc-4a0ed4fc8415", email_security.SettingTrustedDomainGetParams{ AccountID: cloudflare.F("023e105f4ecef8ad9ca31a8372d0c353"), }, ) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", trustedDomain.ID) } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": { "id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415", "comments": "Trusted partner domain", "created_at": "2014-01-01T05:20:00.12345Z", "is_recent": true, "is_regex": false, "is_similarity": false, "last_modified": "2014-01-01T05:20:00.12345Z", "modified_at": "2014-01-01T05:20:00.12345Z", "pattern": "example.com" } } ``` ## Create trusted email domain `client.EmailSecurity.Settings.TrustedDomains.New(ctx, params) (*SettingTrustedDomainNewResponse, error)` **post** `/accounts/{account_id}/email-security/settings/trusted_domains` Creates a new trusted domain pattern. Use for partner domains or approved senders that should bypass recent domain registration and similarity checks. Configure whether it prevents recent domain or spoof dispositions. ### Parameters - `params SettingTrustedDomainNewParams` - `AccountID param.Field[string]` Path param: Identifier. - `IsRecent param.Field[bool]` Body param: Select to prevent recently registered domains from triggering a Suspicious or Malicious disposition. - `IsRegex param.Field[bool]` Body param - `IsSimilarity param.Field[bool]` Body param: Select for partner or other approved domains that have similar spelling to your connected domains. Prevents listed domains from triggering a Spoof disposition. - `Pattern param.Field[string]` Body param - `Comments param.Field[string]` Body param ### Returns - `type SettingTrustedDomainNewResponse struct{…}` A trusted email domain - `ID string` Trusted domain identifier - `Comments string` - `CreatedAt Time` - `IsRecent bool` Select to prevent recently registered domains from triggering a Suspicious or Malicious disposition. - `IsRegex bool` - `IsSimilarity bool` Select for partner or other approved domains that have similar spelling to your connected domains. Prevents listed domains from triggering a Spoof disposition. - `LastModified Time` Deprecated, use `modified_at` instead. End of life: November 1, 2026. - `ModifiedAt Time` - `Pattern string` ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/email_security" "github.com/cloudflare/cloudflare-go/option" ) func main() { client := cloudflare.NewClient( option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"), ) trustedDomain, err := client.EmailSecurity.Settings.TrustedDomains.New(context.TODO(), email_security.SettingTrustedDomainNewParams{ AccountID: cloudflare.F("023e105f4ecef8ad9ca31a8372d0c353"), IsRecent: cloudflare.F(true), IsRegex: cloudflare.F(false), IsSimilarity: cloudflare.F(false), Pattern: cloudflare.F("example.com"), }) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", trustedDomain.ID) } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": { "id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415", "comments": "Trusted partner domain", "created_at": "2014-01-01T05:20:00.12345Z", "is_recent": true, "is_regex": false, "is_similarity": false, "last_modified": "2014-01-01T05:20:00.12345Z", "modified_at": "2014-01-01T05:20:00.12345Z", "pattern": "example.com" } } ``` ## Update a trusted email domain `client.EmailSecurity.Settings.TrustedDomains.Edit(ctx, trustedDomainID, params) (*SettingTrustedDomainEditResponse, error)` **patch** `/accounts/{account_id}/email-security/settings/trusted_domains/{trusted_domain_id}` Updates an existing trusted domain pattern. Only provided fields will be modified. Changes take effect for new emails matching the pattern. ### Parameters - `trustedDomainID string` Trusted domain identifier - `params SettingTrustedDomainEditParams` - `AccountID param.Field[string]` Path param: Identifier. - `Comments param.Field[string]` Body param - `IsRecent param.Field[bool]` Body param: Select to prevent recently registered domains from triggering a Suspicious or Malicious disposition. - `IsRegex param.Field[bool]` Body param - `IsSimilarity param.Field[bool]` Body param: Select for partner or other approved domains that have similar spelling to your connected domains. Prevents listed domains from triggering a Spoof disposition. - `Pattern param.Field[string]` Body param ### Returns - `type SettingTrustedDomainEditResponse struct{…}` A trusted email domain - `ID string` Trusted domain identifier - `Comments string` - `CreatedAt Time` - `IsRecent bool` Select to prevent recently registered domains from triggering a Suspicious or Malicious disposition. - `IsRegex bool` - `IsSimilarity bool` Select for partner or other approved domains that have similar spelling to your connected domains. Prevents listed domains from triggering a Spoof disposition. - `LastModified Time` Deprecated, use `modified_at` instead. End of life: November 1, 2026. - `ModifiedAt Time` - `Pattern string` ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/email_security" "github.com/cloudflare/cloudflare-go/option" ) func main() { client := cloudflare.NewClient( option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"), ) response, err := client.EmailSecurity.Settings.TrustedDomains.Edit( context.TODO(), "f174e90a-fafe-4643-bbbc-4a0ed4fc8415", email_security.SettingTrustedDomainEditParams{ AccountID: cloudflare.F("023e105f4ecef8ad9ca31a8372d0c353"), }, ) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", response.ID) } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": { "id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415", "comments": "Trusted partner domain", "created_at": "2014-01-01T05:20:00.12345Z", "is_recent": true, "is_regex": false, "is_similarity": false, "last_modified": "2014-01-01T05:20:00.12345Z", "modified_at": "2014-01-01T05:20:00.12345Z", "pattern": "example.com" } } ``` ## Delete a trusted email domain `client.EmailSecurity.Settings.TrustedDomains.Delete(ctx, trustedDomainID, body) (*SettingTrustedDomainDeleteResponse, error)` **delete** `/accounts/{account_id}/email-security/settings/trusted_domains/{trusted_domain_id}` Removes a trusted domain pattern. After deletion, emails from this domain will be subject to normal recent domain and similarity checks. ### Parameters - `trustedDomainID string` Trusted domain identifier - `body SettingTrustedDomainDeleteParams` - `AccountID param.Field[string]` Identifier. ### Returns - `type SettingTrustedDomainDeleteResponse struct{…}` - `ID string` Trusted domain identifier ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/email_security" "github.com/cloudflare/cloudflare-go/option" ) func main() { client := cloudflare.NewClient( option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"), ) trustedDomain, err := client.EmailSecurity.Settings.TrustedDomains.Delete( context.TODO(), "f174e90a-fafe-4643-bbbc-4a0ed4fc8415", email_security.SettingTrustedDomainDeleteParams{ AccountID: cloudflare.F("023e105f4ecef8ad9ca31a8372d0c353"), }, ) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", trustedDomain.ID) } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": { "id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415" } } ``` # Submissions ## Get reclassify submissions `client.EmailSecurity.Submissions.List(ctx, params) (*V4PagePaginationArray[SubmissionListResponse], error)` **get** `/accounts/{account_id}/email-security/submissions` Returns information for submissions made to reclassify emails. Shows the status, outcome, and disposition changes for reclassification requests made by users or the security team. Useful for tracking false positive/negative reports. ### Parameters - `params SubmissionListParams` - `AccountID param.Field[string]` Path param: Identifier. - `End param.Field[Time]` Query param: The end of the search date range. Defaults to `now`. - `EscalatedFromUser param.Field[bool]` Query param: When true, return only submissions that were escalated by an end user (vs. by the security team). When false, return only submissions that were not escalated by an end user. When omitted, no filter is applied. - `OriginalDisposition param.Field[SubmissionListParamsOriginalDisposition]` Query param - `const SubmissionListParamsOriginalDispositionMalicious SubmissionListParamsOriginalDisposition = "MALICIOUS"` - `const SubmissionListParamsOriginalDispositionSuspicious SubmissionListParamsOriginalDisposition = "SUSPICIOUS"` - `const SubmissionListParamsOriginalDispositionSpoof SubmissionListParamsOriginalDisposition = "SPOOF"` - `const SubmissionListParamsOriginalDispositionSpam SubmissionListParamsOriginalDisposition = "SPAM"` - `const SubmissionListParamsOriginalDispositionBulk SubmissionListParamsOriginalDisposition = "BULK"` - `const SubmissionListParamsOriginalDispositionNone SubmissionListParamsOriginalDisposition = "NONE"` - `OutcomeDisposition param.Field[SubmissionListParamsOutcomeDisposition]` Query param - `const SubmissionListParamsOutcomeDispositionMalicious SubmissionListParamsOutcomeDisposition = "MALICIOUS"` - `const SubmissionListParamsOutcomeDispositionSuspicious SubmissionListParamsOutcomeDisposition = "SUSPICIOUS"` - `const SubmissionListParamsOutcomeDispositionSpoof SubmissionListParamsOutcomeDisposition = "SPOOF"` - `const SubmissionListParamsOutcomeDispositionSpam SubmissionListParamsOutcomeDisposition = "SPAM"` - `const SubmissionListParamsOutcomeDispositionBulk SubmissionListParamsOutcomeDisposition = "BULK"` - `const SubmissionListParamsOutcomeDispositionNone SubmissionListParamsOutcomeDisposition = "NONE"` - `Page param.Field[int64]` Query param: Current page within paginated list of results. - `PerPage param.Field[int64]` Query param: The number of results per page. Maximum value is 1000. - `Query param.Field[string]` Query param - `RequestedDisposition param.Field[SubmissionListParamsRequestedDisposition]` Query param - `const SubmissionListParamsRequestedDispositionMalicious SubmissionListParamsRequestedDisposition = "MALICIOUS"` - `const SubmissionListParamsRequestedDispositionSuspicious SubmissionListParamsRequestedDisposition = "SUSPICIOUS"` - `const SubmissionListParamsRequestedDispositionSpoof SubmissionListParamsRequestedDisposition = "SPOOF"` - `const SubmissionListParamsRequestedDispositionSpam SubmissionListParamsRequestedDisposition = "SPAM"` - `const SubmissionListParamsRequestedDispositionBulk SubmissionListParamsRequestedDisposition = "BULK"` - `const SubmissionListParamsRequestedDispositionNone SubmissionListParamsRequestedDisposition = "NONE"` - `Start param.Field[Time]` Query param: The beginning of the search date range. Defaults to `now - 30 days`. - `Status param.Field[string]` Query param - `SubmissionID param.Field[string]` Query param - `Type param.Field[SubmissionListParamsType]` Query param - `const SubmissionListParamsTypeTeam SubmissionListParamsType = "TEAM"` - `const SubmissionListParamsTypeUser SubmissionListParamsType = "USER"` ### Returns - `type SubmissionListResponse struct{…}` - `RequestedAt Time` When the submission was requested (UTC). - `SubmissionID string` - `CustomerStatus SubmissionListResponseCustomerStatus` - `const SubmissionListResponseCustomerStatusEscalated SubmissionListResponseCustomerStatus = "escalated"` - `const SubmissionListResponseCustomerStatusReviewed SubmissionListResponseCustomerStatus = "reviewed"` - `const SubmissionListResponseCustomerStatusUnreviewed SubmissionListResponseCustomerStatus = "unreviewed"` - `EscalatedAs SubmissionListResponseEscalatedAs` - `const SubmissionListResponseEscalatedAsMalicious SubmissionListResponseEscalatedAs = "MALICIOUS"` - `const SubmissionListResponseEscalatedAsSuspicious SubmissionListResponseEscalatedAs = "SUSPICIOUS"` - `const SubmissionListResponseEscalatedAsSpoof SubmissionListResponseEscalatedAs = "SPOOF"` - `const SubmissionListResponseEscalatedAsSpam SubmissionListResponseEscalatedAs = "SPAM"` - `const SubmissionListResponseEscalatedAsBulk SubmissionListResponseEscalatedAs = "BULK"` - `const SubmissionListResponseEscalatedAsNone SubmissionListResponseEscalatedAs = "NONE"` - `EscalatedAt Time` - `EscalatedBy string` - `EscalatedSubmissionID string` - `OriginalDisposition SubmissionListResponseOriginalDisposition` - `const SubmissionListResponseOriginalDispositionMalicious SubmissionListResponseOriginalDisposition = "MALICIOUS"` - `const SubmissionListResponseOriginalDispositionSuspicious SubmissionListResponseOriginalDisposition = "SUSPICIOUS"` - `const SubmissionListResponseOriginalDispositionSpoof SubmissionListResponseOriginalDisposition = "SPOOF"` - `const SubmissionListResponseOriginalDispositionSpam SubmissionListResponseOriginalDisposition = "SPAM"` - `const SubmissionListResponseOriginalDispositionBulk SubmissionListResponseOriginalDisposition = "BULK"` - `const SubmissionListResponseOriginalDispositionNone SubmissionListResponseOriginalDisposition = "NONE"` - `OriginalEdfHash string` - `OriginalPostfixID string` The postfix ID of the original message that was submitted - `Outcome string` - `OutcomeDisposition SubmissionListResponseOutcomeDisposition` - `const SubmissionListResponseOutcomeDispositionMalicious SubmissionListResponseOutcomeDisposition = "MALICIOUS"` - `const SubmissionListResponseOutcomeDispositionSuspicious SubmissionListResponseOutcomeDisposition = "SUSPICIOUS"` - `const SubmissionListResponseOutcomeDispositionSpoof SubmissionListResponseOutcomeDisposition = "SPOOF"` - `const SubmissionListResponseOutcomeDispositionSpam SubmissionListResponseOutcomeDisposition = "SPAM"` - `const SubmissionListResponseOutcomeDispositionBulk SubmissionListResponseOutcomeDisposition = "BULK"` - `const SubmissionListResponseOutcomeDispositionNone SubmissionListResponseOutcomeDisposition = "NONE"` - `RequestedBy string` - `RequestedDisposition SubmissionListResponseRequestedDisposition` - `const SubmissionListResponseRequestedDispositionMalicious SubmissionListResponseRequestedDisposition = "MALICIOUS"` - `const SubmissionListResponseRequestedDispositionSuspicious SubmissionListResponseRequestedDisposition = "SUSPICIOUS"` - `const SubmissionListResponseRequestedDispositionSpoof SubmissionListResponseRequestedDisposition = "SPOOF"` - `const SubmissionListResponseRequestedDispositionSpam SubmissionListResponseRequestedDisposition = "SPAM"` - `const SubmissionListResponseRequestedDispositionBulk SubmissionListResponseRequestedDisposition = "BULK"` - `const SubmissionListResponseRequestedDispositionNone SubmissionListResponseRequestedDisposition = "NONE"` - `RequestedTs string` Deprecated, use `requested_at` instead - `Status string` - `Subject string` - `Type SubmissionListResponseType` Whether the submission was created by a team member or an end user. - `const SubmissionListResponseTypeTeam SubmissionListResponseType = "Team"` - `const SubmissionListResponseTypeUser SubmissionListResponseType = "User"` ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/email_security" "github.com/cloudflare/cloudflare-go/option" ) func main() { client := cloudflare.NewClient( option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"), ) page, err := client.EmailSecurity.Submissions.List(context.TODO(), email_security.SubmissionListParams{ AccountID: cloudflare.F("023e105f4ecef8ad9ca31a8372d0c353"), }) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", page) } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": [ { "requested_at": "2019-12-27T18:11:19.117Z", "submission_id": "submission_id", "customer_status": "escalated", "escalated_as": "MALICIOUS", "escalated_at": "2019-12-27T18:11:19.117Z", "escalated_by": "escalated_by", "escalated_submission_id": "escalated_submission_id", "original_disposition": "MALICIOUS", "original_edf_hash": "original_edf_hash", "original_postfix_id": "original_postfix_id", "outcome": "outcome", "outcome_disposition": "MALICIOUS", "requested_by": "requested_by", "requested_disposition": "MALICIOUS", "requested_ts": "requested_ts", "status": "status", "subject": "subject", "type": "Team" } ], "result_info": { "count": 1, "page": 1, "per_page": 20, "total_count": 2000 } } ```