It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda Email Gateway Defense
formerly Email Security

Inbound and Outbound Statistics Response Values

  • Last updated on

The Get Statistics API retrieves your account or domain level inbound and outbound statistics. 

The statistics results are reported in the form action:threat_type:reason. Refer to the tables below for detailed descriptions of the different actions, threat types, and reasons.

Name

Description

action 

The action Email Gateway Defense took with the message.

threat_type 

The email threat type Email Gateway Defense protected the message against.

reason 

The reason Email Gateway Defense took action with the message.

Table 1. Actions

For more details, see Message Actions Table 2.

Action

Description

allowed

Delivered messages.

blocked

Blocked messages. Messages are blocked due to policies specified on the Inbound Settings and Outbound Settings pages.

deferred

Deferred messages. Indicates that Email Gateway Defense returned a 4xx response to the sending mail server.

quarantined

Quarantined messages. Messages are quarantined due to policies specified on the Inbound Settings and Outbound Settings pages.

Table 2. Threat Types

Threat Type

Description

none (none)

 A valid message and not classified as a threat type.

data_exfiltration (Data Exfiltration)

Unauthorized transfer of data from a computer or other device. Data exfiltration can be conducted manually via physical access to a computer and as an automated process using malicious programming on the internet or a network.

domain_impersonation (Domain Impersonation)

Often used by hackers as part of a conversation-hijacking attack. Attackers attempt to impersonate a domain by using techniques such as typosquatting, replacing one or more letters in a legitimate email domain with a similar letter or adding a hard-to-notice letter to the legitimate email domain.

malware (Malware)

Email that delivers documents containing malicious software. The malware is either hidden directly in the document itself, or an embedded script downloads it from an external website. Common types of malware include viruses, Trojans, spyware, worms, and ransomware.

phishing (Phishing)

Attempt to obtain sensitive information such as usernames, passwords, and credit card details (and, indirectly, money), often for malicious reasons, by disguising as a trustworthy entity in an electronic communication. Cybercriminals research their targets and craft carefully designed messages, often impersonating a trusted colleague, website, or business.

policy (Policy)

Custom inbound and outbound policies specifically applied to a given domain to set security protocols.

scamming (Scamming)

Fraudulent schemes to defraud victims or steal their identity by tricking them into disclosing personal information. Examples of scamming include fake job postings, investment opportunities, inheritance notifications, lottery prizes, and fund transfers.

spam (Spam)

Unsolicited bulk email messages, also known as junk email. Spam comes in various forms. Some spam emails push scams. Others are used to conduct email fraud. Spam also comes in the form of phishing emails that use brand impersonation to trick users into revealing personal information, such as login credentials and credit card details.

url_phishing (Url Phishing)

Email to direct their victims to enter sensitive information such as usernames, passwords, or banking details, on a fake website that looks like a legitimate website. Cybercriminals often use that sensitive information for malicious use.

Table 3. Reasons

Each reason corresponds to a message action in the Message Log. For detailed descriptions of the message actions, see Message Actions Table 1.

ReasonMessage Action
_totalTotal number of messages in the results that includes all message actions in the specified threat type
account_suspendedAccount Suspended
advanced_threat_detectionAdvanced Threat Detection (ATD)
anti_fraudAnti-Fraud
anti_virusAntivirus
atd_exemptAdvanced Threat Detection (ATD) Exempt
attachment_contentAttachment Content
attachment_filterAttachment Filter
av_service_unavailableAV Service Unavailable
barracuda_realtime_systemBarracuda Real-Time System (BRTS)
barracuda_reputationBarracuda Reputation
body_contentBody Content
bulk_emailBulk Email
cloudscan_service_unavailableCloudscan Service Unavailable
content_protectedContent Protected
content_protected_msdocContent Protected MS Document
content_url

Content URL

dkimDKIM
dmarcDMARC
emailcatEmail Categorization
from_addressFrom Address
header_contentHeader Content
geoip_policyGeoIP Policies
image_analysisImage Analysis
inbound_tls_requiredInbound TLS Required
intent_analysisIntent Analysis
invalid_recipientInvalid Recipient
ip_policyIP Policy
language_policyLanguage Policies
malformedMalformed
message_delivery_interruptedMessage Delivery Interrupted
message_too_largeMessage Too Large
no_ptr_recordNo PTR Record
office_macrosOffice Macros
password_protected_pdf_filteringContent Protected PDF Filtering
pending_scanPending Scan
phishlineSecurity Awareness Training
possible_mail_loopPossible Mail Loop
predefined_filter_exceptionPredefined Filter Exception
predefined_attachment_contentPredefined Attachment Content
predefined_body_contentPredefined Body Content
predefined_header_contentPredefined Header Content
predefined_recipient_contentPredefined To/CC Address
predefined_sender_contentPredefined From Address
predefined_subject_contentPredefined Subject Content
quarantined_atd_scan_inconclusiveATD Scan Inclusive
rate_controlRate Control
realtime_block_listRealtime Block List
recipientRecipient
recipient_listRecipients List
remediated_by_forensicsRemediated by Incident Response
remediated_by_sentinelRemediated by Impersonation Protection
scoreScore
sender_email_addressSender Email Address
sender_policySender Policies
sender_spoof_protectionSender Spoof Protection
sent_to_spam_categorizationSent to Spam Categorization
spfSender Policy Framework (SPF)
subject_contentSubject Content
suspiciousSuspicious
system_sender_policySystem Sender Policies
to_addressTo/CC Address
tls_requiredTLS Required
ui_deliveredUI Delivered

Examples

In the sample response below,

  • allowed:none:_total indicates the total number of messages that was allowed and did not classify as any of the threat types.

  • allowed:none:none indicates the number of messages that was allowed and did not classify as any of the threat types.
        "allowed:none:_total": {
            "2020-08-01T00:00:00+0000": 154562,
            "2020-08-02T00:00:00+0000": 68261,
            "2020-08-03T00:00:00+0000": 124327,
            "2020-08-04T00:00:00+0000": 236073,
            "2020-08-05T00:00:00+0000": 247927
        },
        "allowed:none:none": {
            "2020-08-01T00:00:00+0000": 154562,
            "2020-08-02T00:00:00+0000": 68261,
            "2020-08-03T00:00:00+0000": 124327,
            "2020-08-04T00:00:00+0000": 236073,
            "2020-08-05T00:00:00+0000": 247927
        }

In the sample response below,

  • blocked:domain_impersonation:_total indicates the total number of messages that was blocked, classified as a Domain Impersonation threat type, and included all message actions in the results (DKIM, DMARC, No PTR Records, Sender Policy Framework (SPF)).

  • blocked:domain_impersonation:dkim indicates the number of messages that was blocked and classified as a Domain Impersonation threat type and a DKIM message action.

  • blocked:domain_impersonation:dmarc indicates the number of messages that was blocked and classified as a Domain Impersonation threat type and a DMARC message action.
  • blocked:domain_impersonation:no_ptr_records indicates the number of messages that was blocked and classified as a Domain Impersonation threat type and a No PTR Records action.
  • blocked:domain_impersonation:spf indicates the number of messages that was blocked and classified as a Domain Impersonation threat type and a Sender Policy Framework (SPF) action.
        "blocked:domain_impersonation:_total": {
            "2020-08-01T00:00:00+0000": 3185,
            "2020-08-02T00:00:00+0000": 2945,
            "2020-08-03T00:00:00+0000": 2503,
            "2020-08-04T00:00:00+0000": 971,
            "2020-08-05T00:00:00+0000": 3310
        },
        "blocked:domain_impersonation:dkim": {
            "2020-08-01T00:00:00+0000": 2439,
            "2020-08-02T00:00:00+0000": 2219,
            "2020-08-03T00:00:00+0000": 151,
            "2020-08-04T00:00:00+0000": 153,
            "2020-08-05T00:00:00+0000": 2519
        },
        "blocked:domain_impersonation:dmarc": {
            "2020-08-01T00:00:00+0000": 21,
            "2020-08-02T00:00:00+0000": 8,
            "2020-08-03T00:00:00+0000": 25,
            "2020-08-04T00:00:00+0000": 22,
            "2020-08-05T00:00:00+0000": 34
        },
        "blocked:domain_impersonation:no_ptr_records": {
            "2020-08-01T00:00:00+0000": 641,
            "2020-08-02T00:00:00+0000": 568,
            "2020-08-03T00:00:00+0000": 636,
            "2020-08-04T00:00:00+0000": 699,
            "2020-08-05T00:00:00+0000": 678
        },
        "blocked:domain_impersonation:spf": {
            "2020-08-01T00:00:00+0000": 84,
            "2020-08-02T00:00:00+0000": 150,
            "2020-08-03T00:00:00+0000": 1691,
            "2020-08-04T00:00:00+0000": 97,
            "2020-08-05T00:00:00+0000": 79
        }