Use the following tokens to include variables in notifications and stamps:
Tokens
Token
|
Variable
|
%SENDER% |
Message sender
|
%RCPTS% |
Message recipients
|
%SUBJECT% |
Message subject
|
%DATE&TIME% |
Date and time of incident
|
%HEADERS% |
Message headers, including the original header and the headers added by Cloud Email Gateway
Protection
This token is supported only in stamps and notification body.
|
%MAILID% |
Mail ID
|
%RULENAME% |
Name of the policy rule that contained the triggered filter
|
%RULETYPE% |
Type of a policy rule: Content Filter, Message Size Filter, and others
|
%DETECTED% |
Scan result for virus policy matching, or name of the triggered policy rule or filter
for content policy matching
|
%FILENAME% |
Names of files that were affected by the policy rule
|
%DEF_CHARSET% |
Default character set of the notification message
|
%MSG_SIZE% |
Total size of the message and all attachments
|
%ATTACH_SIZE% |
Total size of the attachment(s) that triggered the policy rule
|
%ATTACH_COUNT% |
Number of attachments that triggered the policy rule
|
%TACTION% |
Terminal action taken by Cloud Email Gateway
Protection
|
%ACTION% |
All other (non-terminal) actions taken by Cloud Email Gateway
Protection
|
%VIRUSNAME% |
Name of any malware detected
This token will be empty if the message did not trigger a malware
action.
|
%VIRUSACTION% |
Action taken on any malware detected in the message
This token will be empty if the message did not trigger a malware
action.
|
%HPU_CONFIRMED_URL% |
Option selected by a high profile user to confirm that he or she is
the real sender of an email message
|
%HPU_DENIED_URL% |
Option selected by a high profile user to deny that he or she is the
real sender of an email message
|
%SPFRESULT% |
SPF check result returned when SPF check is enabled
|
%UNUSUAL_SIGNAL_NAME% |
Unusual behavior or trait in an email message
|