The user’s Submissions page displays each of their submissions, from within a selected timeframe. Users can filter these submissions by submission category (marketing, spam, etc.) or by the status of samples after processing. All users can adjust the date range.
Domain Viewers and Domain Administrators can check and filter submissions by their own, or by any domain they have access to.
| CID | A unique identifier attached to each email submission after it has been processed by our internal intelligence engine. This ID can be used for reference if a user needs to contact support. |
| Registration ID | A unique identifier associated with an organization to track submissions related to an ESA/CES account. Only Domain Administrators have access to registration IDs. |
| Date Submitted | Date the email sample was reported, either through a direct email or through the plugin. |
| Submitter | Email address of the user that submitted the sample. |
| Domain | The domain of the submitter’s email address. |
| Submitted As | The type of email the submitter believes the email sample to be (spam/phish, legitimate, marketing, not marketing). |
| Status | A flexible classification of a specific email sample based on our internal intelligence. As new data is gathered and processed, this status has the potential to change over time. |
| Match | Visualization of whether “Submitted As” and “Status” currently match. |
| Agree | Feedback mechanism that allows the user to indicate whether they agree with the status that was given to their email sample. Users can only provide feedback on successfully processed and classified submissions they themselves submitted. Users cannot provide feedback on Rejected and No Determination statuses. |
| Observables | Original sender domain, original sender IP address, embedded URLs, and embedded attachments. |
Observables
Observables are the original sender domain, original sender IP address, embedded URLs, and embedded attachments:
- Sender Domain – The domain of the original sender. Reputation data provided includes web reputation, threat categories if applicable, and any assigned content categories.
- Sender IP – The IP address of the original sender. Email reputation provided.
- Embedded URLs – Any URLs extracted from the content of the email. Reputation data provided includes web reputation, threat categories if applicable, and any assigned content categories. We do not provide reputation data on FTP links, but they may show up as an extracted URL.
- Embedded Attachments – Any attachments extracted from the email submission. The attachment SHA256, file name (if available), and file size will be displayed. Reputation data available includes file reputation.
Note that each email submission should have an original sender domain and IP address, but may or may not have embedded attachments or embedded URLs.
Users can preview observables on the Email Submission page by:
- Expanding an individual submission row
- Clicking the bulk expand button, which will open either the first 50 or next available 50 submission rows
Each nested information row will show a maximum of 5 observables of embedded URLs and embedded attachments. If an email submission has more observables, a user can click the ‘Go to Email Submission Detail Page’ to see the full list of extracted observables.
Users can look up further reputation details of a single observable by selecting the desired observable and clicking the ‘Reputation Center’ button above the appropriate table.
Users can file a single Reputation Dispute (web, email, or file), or apply disputes in bulk for one or more of each type of observable on a submission. URLs and domains can also have Content Categorization Disputes filed against them.
