Log Details Button
Situation | You are reviewing Log Details and unsure what certain definitions and outcomes mean. |
---|---|
Summary | See the below information for explanations of various outcomes. |
Log Details
You arrive to the details after performing a Log Search, or clicked on the details via: Understanding Email Logs
Upon clicking the details, a pop-up will appear providing the information below.
Permalink
This link helps Support quickly navigate to the email you have a question about. This is a link directly to the log details that helps Support review the message information in question.
- One of the most important pieces to give to our Essentials Support team in a ticket or chat when an issue needs to be looked at.
- Absolutely needed when reporting False Positives, False Negatives, emails bounced, etc.
General Description:
- Envelope Sender: The sending server sent the email with this email address.
- From Header: The sending server issued this line.
- Subject: Subject of the message.
- Timestamp: When the message was passed through essentials.
- Message ID: Helpful for troubleshooting back-end logs on recipient or sender side.
- Attachments: List of attachments that are not images.
Message ID can be used in O365 / Exchange for a message trace to determine issues after Proofpoint hands a message off
Scan Information:
- Classification: Gives it as an item of Clean, Spam, Fraud, etc for how we saw this message.
- Threat Level: This mark ranges from low to very high, depending on how much we considered it to be spam.
- Confidence Level: Related to the Threat Level on how much we believe this is spam based off of our scan classification.
- Classification Breakdown: Table of what triggered in the message and the confidence of that trigger.
Per-Recipient Classification & Delivery Status:
-
Recipient: Tells you who the message is going to.
-
Category: This field shows what type of email Proofpoint Essentials considers the email to be. These may be Spam, Clean or Filtered. In this example, a filter is in place to always allow emails from this sender, so we see ‘Filtered: Allow’.
-
Subject Tag: If the spam stamp & forward, external tagging feature or tag for anti-spoofing is enabled, it will display here.
- Triggering Filter: If a filter has been triggered, you will see the filter rule which has been triggered in the triggering filter section in the details tab.
- Delivery: This field shows us delivery information for this email. As we can see, the Delivery Status is ‘Delivered’. Note the ‘Last delivery response’ at the end of this field. Of importance is the response code 250 (highlighted) from the receiving server, whose IP address is displayed in square brackets to the left. This indicates it has accepted the email from the Essentials platform. At this point, if you have not received an email that you believe you should have, and see this status in the email log, it indicates that the issue causing non-delivery lies with the recipient server and should be investigated at that point – Proofpoint Essentials has successfully delivered the email to the specified receiving server.
- Bounces and Deferrals are found here.
- Released: Whether this email has been released from a Quarantine.
- Reported: Whether this email has been reported as spam by the recipient.
Delivery Information comes directly from Proofpoint SMTP Logs and is the best source to indicate delivery issues.
Other Information:
- Client IP Address: From which IP this message originated.
- Client GeoIP Lookup: From what country did this message originate.
- Email Size: Size of the message.
- Encrypted: (Outbound Only) Indicates that this message got encrypted by Proofpoint Encryption. (This does not indicate if the message was sent out TLS)