|Situation||You are reviewing Log Details and unsure what certain definitions and outcomes mean.|
|Summary||See the below information for explanations of various outcomes.|
You arrive to the details after perform a Log Search, and clicked on the details via: Understanding Email Logs
Upon clicking the details, a pop-up will appear providing this information below.
This link helps support to quickly navigate to the email you have a question about. This is a link directly to the log details that helps support review the message information in question.
- One of the most important pieces to give to our Essentials support team in a ticket or chat when an issue needs to be look at.
- Absolutely needed when reporting False Positives, False Negatives, emails bounced, etc
- Envelope Sender: The sending server sent the email with this email address.
- From Header: The sending server issued this line.
- Subject: Subject of the message.
- Timestamp: When the message was passed through essentials.
- Message ID: Helpful for troubleshooting back-end logs on recipient or sender side.
- Attachments: List of attachments that are not images.
- Classification: Gives it as an item of Clean, Spam, Fraud, etc for how we saw this message.
- Threat Level: This is a low to very high mark, depending on how much we though this was spam.
- Confidence Level: Related to the Threat Level on how much we believe this is spam based off of our scan classification.
- Classification Breakdown: Table of what triggered in the message and the confidence of that trigger.
Per-Recipient Classification & Delivery Status:
Recipient: Tells you who the message is going to.
Category: This field shows what type of email Proofpoint Essentials considers the email to be. These may be Spam, Clean or Filtered. In this example, a filter is in place to always allow emails from this sender, so we see ‘Filtered: Allow’.
Subject Tag: If the spam stamp & forward, external tagging feature or tag for anti-spoofing is enabled, it will display here.
- Triggering Filter: If a filter has been triggered, you will see the filter rule which has been triggered in the triggering filter section in the details tab.
- Delivery: This field shows us delivery information for this email. As we can see, the Delivery Status is ‘Delivered’. Note the ‘Last delivery response’ at the end of this field. Of importance is the response code 250 (highlighted) from the receiving server, whose IP address is displayed in square brackets to the left. This indicates it has accepted the email from the Essentials platform. At this point, if you have not received an email that you believe you should have and see this status in the email log, it indicates that the issue causing non-delivery lies with the recipient server and should be investigated at that point – Proofpoint Essentials has successfully delivered the email to the specified receiving server.
- Bounces and Deferrals are found here.
- Released: Whether this email has been released from a Quarantine.
- Reported: Whether this email has been reported as spam by the recipient.
- Client IP Address: From which IP this message originated.
- Client GeoIP Lookup: From what country did this message originated.
- Email Size: Size of the message.
- Encrypted: (Outbound Only) Indicates that this message got encrypted by Proofpoint Encryption. (This does not indicate if the message was sent out TLS)