Email report attributes

Below is a list of available report attributes.

Name	Description	Filter values
Direction	The direction of the message: inbound or outbound.	Check boxes
Envelope Sender	Used by mail servers to check where the message originates and where to respond (for example, if there is an error or the message bounces). Often matches the From: address, but not always. For example, the message might come from a mailing list, or from an organization authenticated to send messages on your company’s behalf.	Manual text
From: Address	The address the message recipient sees in the From: field of the message.	Manual text
Policy	The email policy used for filtering.	Autocompleted text
Recipient Address	The email address of a message recipient.	Manual text
Recipient Domain	The domain associated with a message recipient.	Manual text
Sender Domain	The domain associated with a message sender.	Manual text
Sender Name	The name of a message sender.	Manual text
Subject	The text in the subject line of a message. There are also options to filter by results with no subject, and to perform a case- sensitive search.	Manual text
Action	The action applied to the message. Options are Accepted, Bounced, Bypassed processing, Discarded, Quarantined, Temporarily bounced.	Check boxes
Blocklist/Allowlist	Groups and filters messages by whether they are in blocklist, allowlist, or neither.	Check boxes
Blocked Attachment Ext	Groups and filters messages by the extension of their blocked attachments (for example, EXE). There is also an option to include results with no blocked attachment extension.	Manual text
Filtering Reason	The result of filtering the message. Blocked attachment – Message quarantined due to attachment filename extension. Blocked attachment type – Message quarantined due to the actual attachment file type. Clean – No threats detected. No rule or policy violations. No analysis failures or errors. Custom rule – Message triggered a rule that applies to select accounts. Encrypted content/message – Message encrypted or message body included encrypted content. Exceeds size limit – Message exceeded the size limit. Format problem – Message body failed structural analysis. Global rule – Message triggered an operational rule. Inappropriate image – Message contained an inappropriate image. Lexical rule violation – Message content triggered a lexical rule. Malicious macro – Message contained a malicious macro. Masked attachment extension – Message attachment filename extension was masked. Message parked – Message parked for secure download. Other – Unspecified or unknown filtering reason. Phishing – Message included phishing content. Spam – Message determined to be spam. Spoofed – Message failed internal domain spoofing checks. Spoofed-External – Message failed DMARC validation. Spoofed-Targeted – Message failed the Internal Executive Spoofing check. System error – Message processing error. Threatseeker issue – ThreatSeeker Intelligence detected suspicious content. TLS requirements not met – TLS connection required; the MTA did not offer it. Virus – Message contained a virus.	Check boxes
Lexical Rule	The lexical rule applied to a message. There is also an option to include results with no lexical rules applied.	Manual text
Sender IP	The IP address of a message sender. There is also an option to include results with no sender IP address.	Manual text
Sender IP Country	The country from which the sender IP address originates.	Autocompleted text
Attachment File Type	A description of the type of file attached to a message - for example Microsoft Excel or Portable Network Graphic (PNG).	Autocompleted text
Attachment Filename	The name of a specific file attached to a message.	Manual text
Attachment MIME Type	MIME type of a message attachment in the format content type/content subtype. For example, video/mpeg or text/csv.	Manual text
Content Type	The type of content detected within the message. Options are Archive, Audio, Encrypted, Executable, HTML, Image, None, Office Document, Signed, Video.	Check boxes
Emb. Domain	The domain of an embedded URL within a message.	Manual text
Emb. Full URL	The full URL embedded within a message.	Manual text
Emb. Host	The host name embedded within a message.	Manual text
Emb. URL Category	The category of a URL embedded within a message.	Autocompleted text
Emb. URL Risk Class	The risk class associated with a URL embedded within a message.	Check boxes
Emb. URL Severity	The severity level associated with a URL embedded within a message.	Check boxes
Advanced Encryption	The type of advanced encryption applied to the message. Options are Decrypted Inbound, Encrypted Outbound, or None. This attribute requires the Forcepoint Email Security Encryption Module.	Check boxes
File Sandbox Status	The result of analysis of files attached to messages that were sent to the File Sandbox. Status can be: No threat detected – Sandbox analysis did not detect any malicious behavior. Malicious – Sandbox analysis detected potentially damaging, malicious behavior. Pending analysis – The file has been submitted to the sandbox and is queued for analysis. The report includes date/time, sender, recipient address, Subject, and status. This attribute requires the Forcepoint Advanced Malware Detection for Email module. Note: A secondary grouping is not allowed when File Sandbox Status is the primary grouping.	Check boxes
Message Sandboxing	The type of sandboxing applied to the message. Options are Attachment Wrapped, None, Phishing URL Sandboxed, URL Sandboxed. This attribute requires the Advanced Malware Detection for Email module.	Check boxes
Virus Name	The name of a virus detected in a message. There is also an option to include results with no virus name associated with them.	Manual text
Date	Enables you to group report entries by date. Note that this attribute is not available for filtering as the Date Range field performs this function.	N/A
Day of Week	Enables you to group and filter report entries by days of the week.	Check boxes
Hour	Enables you to group and filter report entries by hour.	24 hour selection
Month	Enables you to group and filter report entries by month.	Check boxes