Required
Fields required for a valid configuration.
| Path | Type | Required | Description | Default | Constraints |
|---|---|---|---|---|---|
| required | object | Yes | — | — | no extra properties |
| required.host | string | Yes | IMAP server host (e.g. imap.gmail.com, outlook.office365.com) | — | — |
| required.port | integer | No | IMAP server port (993 for IMAPS) | 993 | min 1, max 65535 |
Masked
Sensitive fields under(secrets/credentials).
| Path | Type | Required | Description | Default | Constraints |
|---|---|---|---|---|---|
| masked | object | Yes | — | — | no extra properties |
| masked.password | string | Yes | Account or app-specific password (use an app password for Gmail/Outlook) | — | — |
| masked.username | string | Yes | Mailbox login (usually the full email address) | — | — |
Optional
Optional configuration fields.
| Path | Type | Required | Description | Default | Constraints |
|---|---|---|---|---|---|
| optional | object | No | — | — | no extra properties |
| optional.connection | object | No | Transport-level connection controls. | — | no extra properties |
| optional.connection.timeout_seconds | integer | No | Socket timeout for IMAP operations | 30 | min 1 |
| optional.connection.use_ssl | boolean | No | Connect over implicit TLS (IMAPS). Disable only for STARTTLS/plain servers. | true | — |
| optional.scope | object | No | Which messages and attachments to ingest. | — | no extra properties |
| optional.scope.before_date | string | No | Only fetch messages before this date (ISO 8601 date) | — | — |
| optional.scope.folders | array | No | Mailbox folders to scan | ["INBOX"] | — |
| optional.scope.folders[] | string | No | — | — | — |
| optional.scope.include_attachments | boolean | No | Emit attachments as separate assets linked to the email | true | — |
| optional.scope.max_attachment_size_bytes | integer | No | Skip downloading attachment bytes above this size (still emits a metadata-only asset). Unset means no limit. | — | min 0 |
| optional.scope.since_date | string | No | Only fetch messages on/after this date (ISO 8601 date, e.g. 2026-01-01) | — | — |
| optional.scope.unseen_only | boolean | No | Only fetch unread (UNSEEN) messages | false | — |
Extracted Metadata
| Field | Type | Required | Description |
|---|---|---|---|
| message_id | string | Yes | RFC 5322 Message-ID header (stable dedup key) |
| subject | string | Yes | Email subject line |
| from_address | string | Yes | Sender email address (From header) |
| to_addresses | string[] | No | Recipient addresses (To header) |
| cc_addresses | string[] | No | Carbon-copy addresses (Cc header) |
| date | string | No | Message date (ISO 8601) |
| folder | string | No | Mailbox folder the message was fetched from |
| sender_domain | string | No | Domain parsed from the From address |
| reply_to | string | No | Reply-To header |
| in_reply_to | string | No | In-Reply-To header (parent message id) |
| references | string | No | References header (thread chain) |
| has_html | boolean | No | Whether the message has an HTML body part |
| attachment_count | integer | No | Number of attachments on the message |
| spf | string | No | SPF result parsed from Authentication-Results |
| dkim | string | No | DKIM result parsed from Authentication-Results |
| dmarc | string | No | DMARC result parsed from Authentication-Results |
Attachment
| Field | Type | Required | Description |
|---|---|---|---|
| size_bytes | integer | Yes | Raw byte size |
| mime_type | string | Yes | MIME type |
| parse_error | string | No | Set when content extraction failed |
| filename | string | Yes | Original file name |
| image_width | integer | No | Width in pixels |
| image_height | integer | No | Height in pixels |
| page_count | integer | No | Number of pages (pdf) |
| paragraph_count | integer | No | Number of paragraphs (docx) |
| table_count | integer | No | Number of tables (docx) |
| row_count | integer | No | Number of data rows |
| columns | object[] | No | Columns as {name, type} objects (type may be empty for csv/xlsx) |
| encoding | string | No | Detected character encoding |
| json_root_type | string | No | Root JSON type: object, array, or scalar |
| top_level_keys | integer | No | Number of top-level keys when the root is an object |
| array_length | integer | No | Length when the root is an array |
| parent_email_hash | string | Yes | Hash of the parent email asset |
| sha256 | string | No | SHA-256 of the attachment bytes |
| is_inline | boolean | No | Whether the attachment is inline (e.g. embedded image) |
| content_id | string | No | Content-ID header for inline parts |
Examples
Gmail inbox compliance scan
Scan a Gmail inbox for PII and secrets in messages and attachments using an app password
Config Payload
{
"type": "EMAIL",
"required": {
"host": "imap.gmail.com",
"port": 993
},
"masked": {
"username": "[email protected]",
"password": "your-app-password"
},
"optional": {
"scope": {
"folders": [
"INBOX"
],
"include_attachments": true
}
},
"sampling": {
"strategy": "AUTOMATIC",
"enable_ocr": true
},
"detectors": [
{
"type": "PII",
"enabled": true
},
{
"type": "SECRETS",
"enabled": true
}
]
}Schedule
{
"enabled": true,
"preset": "weekday_morning",
"cron": "30 7 * * 1-5",
"timezone": "UTC"
}Outlook / Microsoft 365 unread audit
Audit only unread Outlook messages received since a date for sensitive data
Config Payload
{
"type": "EMAIL",
"required": {
"host": "outlook.office365.com",
"port": 993
},
"masked": {
"username": "[email protected]",
"password": "your-app-password"
},
"optional": {
"scope": {
"folders": [
"INBOX"
],
"unseen_only": true,
"since_date": "2026-01-01",
"max_attachment_size_bytes": 26214400
}
},
"sampling": {
"strategy": "AUTOMATIC"
}
}Schedule
{
"enabled": true,
"preset": "weekday_morning",
"cron": "15 6 * * 1-5",
"timezone": "UTC"
}Corporate IMAP full mailbox scan
Scan every message across multiple folders on a self-hosted IMAP server
Config Payload
{
"type": "EMAIL",
"required": {
"host": "mail.example.com",
"port": 993
},
"masked": {
"username": "[email protected]",
"password": "service-account-password"
},
"optional": {
"connection": {
"use_ssl": true,
"timeout_seconds": 60
},
"scope": {
"folders": [
"INBOX",
"Sent",
"Archive"
],
"include_attachments": true
}
},
"sampling": {
"strategy": "AUTOMATIC",
"enable_ocr": true
},
"detectors": [
{
"type": "PII",
"enabled": true
},
{
"type": "SECRETS",
"enabled": true
}
]
}Schedule
{
"enabled": true,
"preset": "weekly",
"cron": "0 2 * * 0",
"timezone": "UTC"
}