Views:
Use the following tokens to include variables in notifications and stamps:

Tokens

Token
Variable
%SENDER%
Message sender
%RCPTS%
Message recipients
%SUBJECT%
Message subject
%DATE&TIME%
Date and time of incident
%HEADERS%
Message headers, including the original header and the headers added by Cloud Email Gateway Protection
This token is supported only in stamps and notification body.
%MAILID%
Mail ID
%RULENAME%
Name of the policy rule that contained the triggered filter
%RULETYPE%
Type of a policy rule: Content Filter, Message Size Filter, and others
%DETECTED%
Scan result for virus policy matching, or name of the triggered policy rule or filter for content policy matching
%FILENAME%
Names of files that were affected by the policy rule
%DEF_CHARSET%
Default character set of the notification message
%MSG_SIZE%
Total size of the message and all attachments
%ATTACH_SIZE%
Total size of the attachment(s) that triggered the policy rule
%ATTACH_COUNT%
Number of attachments that triggered the policy rule
%TACTION%
Terminal action taken by Cloud Email Gateway Protection
%ACTION%
All other (non-terminal) actions taken by Cloud Email Gateway Protection
%VIRUSNAME%
Name of any malware detected
This token will be empty if the message did not trigger a malware action.
%VIRUSACTION%
Action taken on any malware detected in the message
This token will be empty if the message did not trigger a malware action.
%HPU_CONFIRMED_URL%
Option selected by a high profile user to confirm that he or she is the real sender of an email message
%HPU_DENIED_URL%
Option selected by a high profile user to deny that he or she is the real sender of an email message
%SPFRESULT%
SPF check result returned when SPF check is enabled
%UNUSUAL_SIGNAL_NAME%
Unusual behavior or trait in an email message