Skip to Content
SourcesEmail

Email

Required
Fields required for a valid configuration.
PathTypeRequiredDescriptionDefaultConstraints
requiredobjectYesno extra properties
required.hoststringYesIMAP server host (e.g. imap.gmail.com, outlook.office365.com)
required.portintegerNoIMAP server port (993 for IMAPS)993min 1, max 65535
Masked
Sensitive fields under(secrets/credentials).
PathTypeRequiredDescriptionDefaultConstraints
maskedobjectYesno extra properties
masked.passwordstringYesAccount or app-specific password (use an app password for Gmail/Outlook)
masked.usernamestringYesMailbox login (usually the full email address)
Optional
Optional configuration fields.
PathTypeRequiredDescriptionDefaultConstraints
optionalobjectNono extra properties
optional.connectionobjectNoTransport-level connection controls.no extra properties
optional.connection.timeout_secondsintegerNoSocket timeout for IMAP operations30min 1
optional.connection.use_sslbooleanNoConnect over implicit TLS (IMAPS). Disable only for STARTTLS/plain servers.true
optional.scopeobjectNoWhich messages and attachments to ingest.no extra properties
optional.scope.before_datestringNoOnly fetch messages before this date (ISO 8601 date)
optional.scope.foldersarrayNoMailbox folders to scan["INBOX"]
optional.scope.folders[]stringNo
optional.scope.include_attachmentsbooleanNoEmit attachments as separate assets linked to the emailtrue
optional.scope.max_attachment_size_bytesintegerNoSkip downloading attachment bytes above this size (still emits a metadata-only asset). Unset means no limit.min 0
optional.scope.since_datestringNoOnly fetch messages on/after this date (ISO 8601 date, e.g. 2026-01-01)
optional.scope.unseen_onlybooleanNoOnly fetch unread (UNSEEN) messagesfalse
Extracted Metadata

Email

FieldTypeRequiredDescription
message_idstringYesRFC 5322 Message-ID header (stable dedup key)
subjectstringYesEmail subject line
from_addressstringYesSender email address (From header)
to_addressesstring[]NoRecipient addresses (To header)
cc_addressesstring[]NoCarbon-copy addresses (Cc header)
datestringNoMessage date (ISO 8601)
folderstringNoMailbox folder the message was fetched from
sender_domainstringNoDomain parsed from the From address
reply_tostringNoReply-To header
in_reply_tostringNoIn-Reply-To header (parent message id)
referencesstringNoReferences header (thread chain)
has_htmlbooleanNoWhether the message has an HTML body part
attachment_countintegerNoNumber of attachments on the message
spfstringNoSPF result parsed from Authentication-Results
dkimstringNoDKIM result parsed from Authentication-Results
dmarcstringNoDMARC result parsed from Authentication-Results

Attachment

FieldTypeRequiredDescription
size_bytesintegerYesRaw byte size
mime_typestringYesMIME type
parse_errorstringNoSet when content extraction failed
filenamestringYesOriginal file name
image_widthintegerNoWidth in pixels
image_heightintegerNoHeight in pixels
page_countintegerNoNumber of pages (pdf)
paragraph_countintegerNoNumber of paragraphs (docx)
table_countintegerNoNumber of tables (docx)
row_countintegerNoNumber of data rows
columnsobject[]NoColumns as {name, type} objects (type may be empty for csv/xlsx)
encodingstringNoDetected character encoding
json_root_typestringNoRoot JSON type: object, array, or scalar
top_level_keysintegerNoNumber of top-level keys when the root is an object
array_lengthintegerNoLength when the root is an array
parent_email_hashstringYesHash of the parent email asset
sha256stringNoSHA-256 of the attachment bytes
is_inlinebooleanNoWhether the attachment is inline (e.g. embedded image)
content_idstringNoContent-ID header for inline parts
Examples
Gmail inbox compliance scan
Scan a Gmail inbox for PII and secrets in messages and attachments using an app password

Config Payload

{
  "type": "EMAIL",
  "required": {
    "host": "imap.gmail.com",
    "port": 993
  },
  "masked": {
    "username": "[email protected]",
    "password": "your-app-password"
  },
  "optional": {
    "scope": {
      "folders": [
        "INBOX"
      ],
      "include_attachments": true
    }
  },
  "sampling": {
    "strategy": "AUTOMATIC",
    "enable_ocr": true
  },
  "detectors": [
    {
      "type": "PII",
      "enabled": true
    },
    {
      "type": "SECRETS",
      "enabled": true
    }
  ]
}

Schedule

{
  "enabled": true,
  "preset": "weekday_morning",
  "cron": "30 7 * * 1-5",
  "timezone": "UTC"
}
Outlook / Microsoft 365 unread audit
Audit only unread Outlook messages received since a date for sensitive data

Config Payload

{
  "type": "EMAIL",
  "required": {
    "host": "outlook.office365.com",
    "port": 993
  },
  "masked": {
    "username": "[email protected]",
    "password": "your-app-password"
  },
  "optional": {
    "scope": {
      "folders": [
        "INBOX"
      ],
      "unseen_only": true,
      "since_date": "2026-01-01",
      "max_attachment_size_bytes": 26214400
    }
  },
  "sampling": {
    "strategy": "AUTOMATIC"
  }
}

Schedule

{
  "enabled": true,
  "preset": "weekday_morning",
  "cron": "15 6 * * 1-5",
  "timezone": "UTC"
}
Corporate IMAP full mailbox scan
Scan every message across multiple folders on a self-hosted IMAP server

Config Payload

{
  "type": "EMAIL",
  "required": {
    "host": "mail.example.com",
    "port": 993
  },
  "masked": {
    "username": "[email protected]",
    "password": "service-account-password"
  },
  "optional": {
    "connection": {
      "use_ssl": true,
      "timeout_seconds": 60
    },
    "scope": {
      "folders": [
        "INBOX",
        "Sent",
        "Archive"
      ],
      "include_attachments": true
    }
  },
  "sampling": {
    "strategy": "AUTOMATIC",
    "enable_ocr": true
  },
  "detectors": [
    {
      "type": "PII",
      "enabled": true
    },
    {
      "type": "SECRETS",
      "enabled": true
    }
  ]
}

Schedule

{
  "enabled": true,
  "preset": "weekly",
  "cron": "0 2 * * 0",
  "timezone": "UTC"
}