Email

email

The Email object describes the email metadata such as sender, recipients, and direction.

Attributes

Caption	Name	Type	Description
Cc	`cc`	Email Address[]	Entity:`EMAIL_ADDRESS` The machine-readable email header Cc values, as defined by RFC 5322. For example [email protected].
Cc Mailboxes	`cc_mailboxes`	String[]	The human-readable email header Cc Mailbox values. For example 'Example User <[email protected]>'.
Data Classification	`data_classification`	Data Classification[]	Group:`context` The Data Classification object includes information about data classification levels and data category types. 🚧 WARNING: DEPRECATED Data Classification has been deprecated since 1.4.0. Use the attribute data_classifications instead
Data Classification	`data_classifications`	Data Classification[]	Group:`context` A list of Data Classification objects, that include information about data classification levels and data category types, identified by a classifier.
Delivered To	`delivered_to`	Email Address	Entity:`EMAIL_ADDRESS` The machine-readable Delivered-To email header field. For example [email protected] 🚧 WARNING: DEPRECATED Delivered To has been deprecated since 1.4.0. Use the delivered_to_list attribute instead.
Delivered To List	`delivered_to_list`	Email Address[]	Entity:`EMAIL_ADDRESS` The machine-readable Delivered-To email header values. For example [email protected]
Files	`files`	File[]	Entity:`FILE` The files embedded or attached to the email.
From	`from`	Email Address	Entity:`EMAIL_ADDRESS` The machine-readable email header From value, as defined by RFC 5322. For example [email protected].
From List	`from_list`	Email Address[]	Entity:`EMAIL_ADDRESS` The machine-readable email header From values. This array should contain the value in from. For example [email protected].
From Mailbox	`from_mailbox`	String	The human-readable email header From Mailbox value. For example 'Example User <[email protected]>'.
From Mailboxes	`from_mailboxes`	Email Address[]	Entity:`EMAIL_ADDRESS` The human-readable email header From Mailbox values. This array should contain the value in from_mailbox. For example 'Example User <[email protected]>'.
HTTP Headers	`http_headers`	HTTP Header[]	Additional HTTP headers of an HTTP request or response.
Read	`is_read`	Boolean	The indication of whether the email has been read.
Message UID	`message_uid`	String	Entity:`MESSAGE_UID` The email header Message-ID value, as defined by RFC 5322.
Raw Data	`raw_data`	JSON	Group:`context` The event data as received from the event source.
Raw Header	`raw_header`	String	The email authentication header.
Recipient Users	`recipient_users`	User[]	Entity:`USER` The users receiving the email
Record ID	`record_id`	String	Group:`primary` Unique identifier for the object
Reply To	`reply_to`	Email Address	Entity:`EMAIL_ADDRESS` The machine-readable email header Reply-To value, as defined by RFC 5322. For example [email protected] 🚧 WARNING: DEPRECATED Reply To has been deprecated since 1.4.0. Use the reply_to_list attribute instead.
Reply To List	`reply_to_list`	Email Address[]	Entity:`EMAIL_ADDRESS` The machine-readable email header Reply-To values, as defined by RFC 5322. For example [email protected]
Reply To Mailboxes	`reply_to_mailboxes`	String[]	The human-readable email header Reply To Mailbox values. For example 'Example User <[email protected]>'.
Return Path	`return_path`	Email Address	Entity:`EMAIL_ADDRESS` The address found in the 'Return-Path' header, which indicates where bounce messages (non-delivery reports) should be sent. This address is often set by the sending system and may differ from the 'From' or 'Sender' addresses. For example, [email protected].
Sender	`sender`	Email Address	Entity:`EMAIL_ADDRESS` The machine readable email address of the system or server that actually transmitted the email message, extracted from the email headers per RFC 5322. This differs from the from field, which shows the message author. The sender field is most commonly used when multiple addresses appear in the from_list field, or when the transmitting system is different from the message author (such as when sending on behalf of someone else).
Sender Mailbox	`sender_mailbox`	String	The human readable email address of the system or server that actually transmitted the email message, extracted from the email headers per RFC 5322. This differs from the from_mailbox field, which shows the message author. The sender mailbox field is most commonly used when multiple addresses appear in the from_mailboxes field, or when the transmitting system is different from the message author (such as when sending on behalf of someone else).
Sender Users	`sender_users`	User[]	Entity:`USER` The user who sent the email
Size	`size`	Long	The size in bytes of the email, including attachments.
SMTP From	`smtp_from`	Email Address	Entity:`EMAIL_ADDRESS` The value of the SMTP MAIL FROM command. 🚧 WARNING: DEPRECATED SMTP From has been deprecated since 1.4.0. Use the from attribute instead.
SMTP To	`smtp_to`	Email Address[]	Entity:`EMAIL_ADDRESS` The value of the SMTP envelope RCPT TO command. 🚧 WARNING: DEPRECATED SMTP To has been deprecated since 1.4.0. Use the to attribute instead.
Subject	`subject`	String	Entity:`EMAIL_OBJECT_SUBJECT` The email header Subject value, as defined by RFC 5322.
To	`to`	Email Address[]	Entity:`EMAIL_ADDRESS` The machine-readable email header To values, as defined by RFC 5322. For example [email protected]
To Mailboxes	`to_mailboxes`	String[]	The human-readable email header To Mailbox values. For example 'Example User <[email protected]>'.
Email Thread UID	`uid`	String	Entity:`EMAIL_OBJECT_UID` The unique identifier of the email thread.
Unmapped	`unmapped`	Unmapped[]	Data from the source that was not mapped into the schema.
URLs	`urls`	Uniform Resource Locator[]	Entity:`UNIFORM_RESOURCE_LOCATOR` The URLs embedded in the email.
X-Originating-IP	`x_originating_ip`	IP Address[]	Entity:`IP_ADDRESS` The X-Originating-IP header identifying the emails originating IP address(es).

Relationships

Inbound Relationships

These objects and events reference Email in their attributes:

Outbound Relationships

Email references the following objects and events in its attributes:

This page describes qdm-1.5.1+ocsf-1.6.0