This screen is optimized for tracking "missing" messages.
Trend Micro Email Security maintains up to 90 days of mail tracking information.
Queries include data for up to seven continuous days in one calendar month or across calendar months.
Dates: The time range for your query.
Direction: The direction of messages.
Recipient: The recipient email address.
Sender: The sender email address.
Type: The type of email traffic that you want to query.
Accepted traffic: Messages that were allowed in by Trend Micro Email Security for further processing.
Blocked traffic: Attempts to send messages in that were stopped by connection-based filtering at the MTA connection level or by Trend Micro Email Security incoming security filtering
Content-based filtering is not included in this category.
The display of Blocked traffic has different meanings for incoming and outgoing traffic. Incoming traffic is filtered by Trend Micro Email Reputation Services and by Trend Micro Email Security incoming security filtering; outgoing traffic is not. If messages are blocked in outgoing traffic, the reason for blocking is unrelated to email reputation but may be related to Trend Micro Email Security relay mail service filtering.
Subject: The message subject.
Attachment SHA256 Hash: The SHA256 hash value of a message attachment. Specify a SHA256 hash value consisting of 64 hexadecimal characters or leave it blank.
When a valid SHA256 hash value is specified, the Attachment Status field displays with the following options:
All: Query all messages containing the specified attachment. This is the default option.
Deleted: Query the messages with the specified attachment deleted.
Cleaned: Query the messages with the specified attachment cleaned for malware.
Bypassed: Query the messages with the specified attachment bypassed.
When you query the mail tracking information, Trend Micro Email Security provides a list of all messages that satisfy the criteria. You can click Search at any time to execute the query again. Use the various criteria fields to restrict your searches.
The most efficient way to track messages is to provide both sender and recipient email addresses within a time range that you want to search. For an email message that has multiple recipients, the result will be organized as one recipient per entry.
If the message you are tracking cannot be located using this strategy, consider the following:
Expand the result set by omitting the recipient.
If the sender is actually blocked by connection-based filtering, the Blocked traffic results that do not match the intended recipient might indicate this. Provide only the sender and time range for a larger result set.
If the sender IP address has a "bad" reputation, mail tracking information will only be kept for the first recipient in a list of recipients. Therefore, the remaining message recipient addresses will not be listed when querying this sender.
Expand the result set by omitting the sender.
If the sender IP address has a "bad" reputation, omit the sender and provide only the recipient. If only the recipient email address is provided, all the messages that pertain to the recipient will be listed.