Skip to main content
My preferencesSign out
Proofpoint, Inc.

Understanding Email Logs

Situation There is a need to check email message flow for inbound and outbound messages. You also need help troubleshooting mail flow and want more information on delivered or blocked messages.
Solution Go to the Essentials Logs screen and filter by desirable parameters. See below for an explanation of various options and tips to remember when searching logs.


Who can search?

Users are defined a Role when they are created. A Silent User role has no access to the Proofpoint Essentials interface, hence cannot perform any functions required to log in. 

All other roles as can access, as long as they are set-up with the appropriate access control. (The default Access Controls allow log searching.) Please see this KB on designated roles and access control: How to customize access control

Logging on

Please ensure prior to trying, log into the correct place.

  • If you are a reseller please ensure you are logging onto the correct stack to access the customer log.
  • For organization administrators and end-users, there should be a link in your digest to log into the correct interface.

email Logs

Logs are an important part of troubleshooting mail flow. Keep in mind the logs found on Proofpoint Essentials only tell you what happens to the message once it is accepted and received by one of our MTA’s.

Key Tips when log searching

  • Proofpoint Essentials only keep logs for a rolling 30 days. 
  • You can search the logs by Day, Today and Yesterday, Week, two week, and 30 day intervals.
  • There is a 1000 log search limit.
  • Refine your search to limit the search results.
    • From/sender address (for Inbound searching)
    • Recipient address (for outbound searching)
    • Subject
    • Status
    • Advance Search (if applicable)

Message Review

If you need support assistance on a specific message, please provide permalinks to the specific log items in question for quicker assistance. Please see the permalink KB on how to retrieve a permlaink.

Searching logs

In order to perform a search, you can do this in two ways.

  • The simple method is to click on the Log Search option.


  • The second is to find a user in the User Management section, then press the Custom Log Search icon.
    • This option makes it so you can view only this specific user's logs.


When viewing the logs, you are presented with this interface:


As mentioned, it is best to refine your search.

Refining search results

  • Type
    • Inbound mail - directional for all inbound email
    • Outbound mail - directional for all outbound email
  • Status - the state the message is currently in:
    • log_status.jpg
    • Any - shows all email states
    • Quarantined - all messages currently not delivered
    • In Attachment Defense Sandbox - messages currently delayed in the Sandbox service as it contains a known attachment type.
    • Reported (Misclassified) - messages that were reported in the interface or disclaimer
    • Blocked - Messages that were stopped due to anti-virus, attachment defense, custom filter, or sender list entry
    • Cleared - All messages delivered
    • Cleared (but Queued for delivery)Deferred email waiting for delivery.
    • Cleared (but Bounced by destination) - messages that were delivered, but bounced at the source destination
    • Cleared (Released from quarantine) - messsages initially quarantined, but released for delivery
  • Date
    • log_date.jpg
    • The quick links on the right can be chosen for an easier range
    • Selecting a date range by clicking one date to another
      • Note: searching a single date, double click on the same date.
    • You can also specify a time range relative to your set time zone (set in your Profile page).
  • FROM - the sending email address
    • can wildcard search by simply putting
  • TO - the recipient email address
    • can wildcard search by simply putting
  • SUBJECT - the subject of the email
    • a single word can help limit the search results
  • ADVANCED SEARCH - additional settings
    • Spam Classifications to search if checked
    • Customize sort order
      • Default is date

Advanced Search

An update went out in Q1 2021 for an update to the advanced search.


Upon pressing this, it expands the search functions.

The first item is Classifications


You can now limit searching to specific items, especially combined with the ANY Status.

In addition you can change the sort order. (Default is by date.)


Search Results

Upon completion of your search parameters, the search results will display items. You can review items per the logging to check items on the messages.

View Button

As an Administrator, you can view quarantined messages by clicking on the view button on the log result.

To review a single log entry's details, please review the Log Details Button KB.