Customer APIs, webhooks, and evidence reports for suspicious-email response
ThreatDrop Free keeps submission intake open to everyone. ThreatDrop Pro and Enterprise add customer access to your own submissions, webhook delivery on analysis completion, and downloadable evidence reports for investigations and takedown workflows.
| Capability | Free | Pro | Enterprise |
|---|---|---|---|
| Forward emails to submit@blackdome.ai | Yes | Yes | Yes |
| Community verdict visibility | Basic | Detailed | Detailed |
| Submission API | No | Yes | Yes |
| Webhook notifications | No | Yes | Yes |
| Priority analysis queue | No | Yes | Dedicated |
| Phone identification results | No | Yes | Yes |
| Brand monitoring | No | No | Included |
ThreatDrop customer submissions endpoints
ThreatDrop Pro and Enterprise API keys can list your forwarded submissions, open a detailed evidence view, and download the evidence report as JSON.
GET /api/threatdrop/submissions
List your submissions with verdict, confidence, risk score, and the evidence-report link.
curl -H "Authorization: Bearer bd_your_key" \
"https://blackdome.ai/api/threatdrop/submissions"GET /api/threatdrop/submissions/{id}
Return the full detail record including detonations, abuse reports, and phone-report outcomes.
curl -H "Authorization: Bearer bd_your_key" \
"https://blackdome.ai/api/threatdrop/submissions/8421"GET /api/threatdrop/submissions/{id}/evidence
Download the evidence report JSON generated for that submission.
curl -H "Authorization: Bearer bd_your_key" \
-OJ "https://blackdome.ai/api/threatdrop/submissions/8421/evidence"Analysis-complete webhook events
Configure your webhook URL in the ThreatDrop customer dashboard. BlackDome sends a POST when analysis is complete and the submission evidence is ready.
Webhook payload
Current event type: analysis_complete.
{
"event": "analysis_complete",
"submission_id": "8421",
"verdict": "phishing",
"confidence": 85,
"urls_detonated": 3,
"abuse_reports_sent": 1,
"evidence_url": "https://blackdome.ai/api/threatdrop/submissions/8421/evidence"
}Evidence report format
The downloadable evidence report is a JSON document intended for IR tooling, ticket attachments, and takedown workflows.
Sample evidence report
Reports include the submission summary, normalized email content, detonations, abuse reports, and phone-report results.
{
"submission": {
"id": 8421,
"subject": "Invoice attached",
"verdict": "phishing",
"confidence": 92,
"risk_score": 91
},
"campaign_indicators": {
"impersonated_brand": "Microsoft 365",
"lure_type": "account_suspension"
},
"normalized_email": {
"urls": [
{
"url": "https://login-security-check.example/auth",
"detonation": {
"verdict": "phishing",
"risk_score": 91
}
}
]
},
"detonations": [
{
"detonation_id": "det_123",
"final_url": "https://login-security-check.example/auth",
"verdict": "phishing",
"evidence_summary": "Credential capture form, spoofed Microsoft branding, and cross-domain form action were observed."
}
],
"abuse_reports": [
{
"id": 19,
"status": "sent",
"hosting_provider": "Cloudflare"
}
],
"phone_reports": [
{
"id": 7,
"phone_number": "+1 888 555 0109",
"status": "sent"
}
]
}How to forward suspicious emails
Every ThreatDrop plan still starts the same way: forward the suspicious email to submit@blackdome.ai.
Gmail
Open the suspicious message, click the three-dot menu, choose Forward, and send it to submit@blackdome.ai without editing the body.
Outlook
Open the message, choose Forward, keep the original headers intact, and send it to submit@blackdome.ai.
Apple Mail
Select the message, click Forward, leave the original content attached inline, and send to submit@blackdome.ai.