Email report attributes

Below is a list of available report attributes.

Name Description Filter values
Direction The direction of the message: inbound or outbound. Check boxes
Envelope Sender Used by mail servers to check where the message originates and where to respond (for example, if there is an error or the message bounces). Often matches the From: address, but not always. For example, the message might come from a mailing list, or from an organization authenticated to send messages on your company’s behalf. Manual text
From: Address The address the message recipient sees in the From: field of the message. Manual text
Policy The email policy used for filtering. Autocompleted text
Recipient Address The email address of a message recipient. Manual text
Recipient Domain The domain associated with a message recipient. Manual text
Sender Domain The domain associated with a message sender. Manual text
Sender Name The name of a message sender. Manual text
Subject The text in the subject line of a message. There are also options to filter by results with no subject, and to perform a case- sensitive search. Manual text
Action The action applied to the message. Options are Accepted, Bounced, Bypassed processing, Discarded, Quarantined, Temporarily bounced. Check boxes
Blocklist/Allowlist Groups and filters messages by whether they are in blocklist, allowlist, or neither. Check boxes
Blocked Attachment Ext Groups and filters messages by the extension of their blocked attachments (for example, EXE). There is also an option to include results with no blocked attachment extension. Manual text
Filtering Reason

The result of filtering the message.

  • Blocked attachment – Message quarantined due to attachment filename extension.
  • Blocked attachment type – Message quarantined due to the actual attachment file type.
  • Clean – No threats detected. No rule or policy violations. No analysis failures or errors.
  • Custom rule – Message triggered a rule that applies to select accounts.
  • Encrypted content/message – Message encrypted or message body included encrypted content.
  • Exceeds size limit – Message exceeded the size limit.
  • Format problem – Message body failed structural analysis.
  • Global rule – Message triggered an operational rule.
  • Inappropriate image – Message contained an inappropriate image.
  • Lexical rule violation – Message content triggered a lexical rule.
  • Malicious macro – Message contained a malicious macro.
  • Masked attachment extension – Message attachment filename extension was masked.
  • Message parked – Message parked for secure download.
  • Other – Unspecified or unknown filtering reason.
  • Phishing – Message included phishing content.
  • Spam – Message determined to be spam.
  • Spoofed – Message failed internal domain spoofing checks.
  • Spoofed-External – Message failed DMARC validation.
  • Spoofed-Targeted – Message failed the Internal Executive Spoofing check.
  • System error – Message processing error.
  • Threatseeker issue – ThreatSeeker Intelligence detected suspicious content.
  • TLS requirements not met – TLS connection required; the MTA did not offer it.
  • Virus – Message contained a virus.
Check boxes
Lexical Rule The lexical rule applied to a message. There is also an option to include results with no lexical rules applied. Manual text
Sender IP The IP address of a message sender. There is also an option to include results with no sender IP address. Manual text
Sender IP Country The country from which the sender IP address originates. Autocompleted text
Attachment File Type A description of the type of file attached to a message - for example Microsoft Excel or Portable Network Graphic (PNG). Autocompleted text
Attachment Filename The name of a specific file attached to a message. Manual text
Attachment MIME Type MIME type of a message attachment in the format content type/content subtype. For example, video/mpeg or text/csv. Manual text
Content Type The type of content detected within the message. Options are Archive, Audio, Encrypted, Executable, HTML, Image, None, Office Document, Signed, Video. Check boxes
Emb. Domain The domain of an embedded URL within a message. Manual text
Emb. Full URL The full URL embedded within a message. Manual text
Emb. Host The host name embedded within a message. Manual text

Emb. URL

Category

The category of a URL embedded within a message. Autocompleted text
Emb. URL Risk Class The risk class associated with a URL embedded within a message. Check boxes
Emb. URL Severity The severity level associated with a URL embedded within a message. Check boxes
Advanced Encryption The type of advanced encryption applied to the message. Options are Decrypted Inbound, Encrypted Outbound, or None. This attribute requires the Forcepoint Email Security Encryption Module. Check boxes
File Sandbox Status

The result of analysis of files attached to messages that were sent to the File Sandbox. Status can be:

  • No threat detected – Sandbox analysis did not detect any malicious behavior.
  • Malicious – Sandbox analysis detected potentially damaging, malicious behavior.
  • Pending analysis – The file has been submitted to the sandbox and is queued for analysis.

The report includes date/time, sender, recipient address, Subject, and status.

This attribute requires the Forcepoint Advanced Malware Detection for Email module.

Note: A secondary grouping is not allowed when File Sandbox Status is the primary grouping.
Check boxes
Message Sandboxing The type of sandboxing applied to the message. Options are Attachment Wrapped, None, Phishing URL Sandboxed, URL Sandboxed. This attribute requires the Advanced Malware Detection for Email module. Check boxes
Virus Name The name of a virus detected in a message. There is also an option to include results with no virus name associated with them. Manual text
Date Enables you to group report entries by date. Note that this attribute is not available for filtering as the Date Range field performs this function. N/A
Day of Week Enables you to group and filter report entries by days of the week. Check boxes
Hour Enables you to group and filter report entries by hour. 24 hour selection
Month Enables you to group and filter report entries by month. Check boxes