Returns information for each email that matches the search parameter(s). If the search takes too long, the endpoint returns 202 with a Location header pointing to a polling endpoint where results can be retrieved once ready.

Retrieves detailed information about a specific email message, including headers, metadata, and security scan results.

Returns detection details such as threat categories and sender information for non-benign messages.

Moves a single email message to a different folder or changes its quarantine status.

Maximum batch size: 1000 messages per request

Returns a preview of the message body as a base64 encoded PNG image for non-benign messages.

Generates a preview of an email message for safe viewing without executing any embedded content.

Returns the raw eml of any non-benign message.

Submits an email message for reclassification, updating its threat assessment based on new analysis.

Releases a quarantined email message, allowing it to be delivered to the recipient.

Gets the delivery trace for an email message, showing its path through email security processing.

Retrieves PhishGuard reports showing phishing attempts and suspicious email patterns detected.

Lists, searches, and sorts an account’s email allow policies.

Retrieves details for a specific email allow policy, including its matching criteria and scope.

Creates a new email allow policy that permits specific senders, domains, or patterns to bypass security scanning.

Updates an existing email allow policy, modifying its matching criteria or scope.

Removes an email allow policy. Previously allowed senders will be subject to normal security scanning.

Lists all blocked sender entries with their patterns and block reasons.

Gets information about a specific blocked sender entry, including the pattern and block reason.

Adds a sender pattern to the email block list, preventing messages from matching senders from being delivered.

Modifies a blocked sender entry, updating its pattern or block reason.

Removes a sender from the email block list, allowing their messages to be delivered normally.

Lists, searches, and sorts an account’s email domains.

Gets configuration details for a specific domain in email security.

Updates configuration for a domain in email security.

Unprotect an email domain

Bulk removes multiple domains from email security configuration in a single request.

Lists, searches, and sorts entries in the impersonation registry.

Retrieves a display name entry used for impersonation protection.

Creates a display name entry for email security impersonation protection.

Updates a display name entry used for impersonation protection.

Removes a display name from impersonation protection monitoring.

Lists, searches, and sorts an account’s trusted email domains.

Gets information about a specific trusted domain entry.

Adds a domain to the trusted domains list for email security, reducing false positive detections.

Modifies a trusted domain entry's configuration.

Removes a domain from the trusted domains list, subjecting it to normal security scanning.

This endpoint returns information for submissions to made to reclassify emails.