Key terms used throughout the delivr.to platform.
Key Concepts
| Term |
Description |
| Payload |
A file or content designed to test email security controls. Can be delivered as attachments, links, or embedded in the email body. |
| Campaign Template |
A curated collection of payloads grouped by attack technique, threat actor, or testing purpose (e.g., EICAR Testing, HTML Smuggling, Top 10 Payloads). |
| Campaign |
An instance of testing where payloads are sent to target mailboxes. You configure the recipient, sender, delivery method, and schedule before launching. |
| Integration |
A connection to external services for sending emails (Senders) or verifying delivery (Mailboxes). Supports Microsoft 365, Google Workspace, and Defender. |
| Body Payload |
A payload where the content is embedded directly in the email body rather than as an attachment or link. Tests inline content scanning. |
| Quick Launch |
A streamlined way to start a campaign from the Dashboard with minimal configuration. |
| Deliverability |
The success rate of payloads reaching the inbox. Tracked at User, Team (Enterprise), and Global levels. |
Delivery Methods
| Method |
Description |
| Attachment |
Payload sent as an email file attachment |
| Link |
Payload hosted at delivrto.me with URL in email body |
| Body |
Payload content embedded directly in the email HTML |
Email Statuses
For every email sent with delivr.to, a delivery status is determined:
| Status |
Description |
 Pending |
Email is queued and has not yet been sent. |
 Sent |
Email sent by delivr.to but delivery status unknown. Remains in this state without a Mailbox Integration or if blocked silently. |
 Delivered |
Confirmed in your inbox. Payload hash verified to ensure content arrived intact. |
 Rewritten |
For link payloads: the delivrto.me URL was modified by mail controls (e.g., Safe Links, URL rewriting). Classified as delivered since the email reached the inbox. |
 Junk (Delivered) |
Payload delivered to the Junk/Spam folder rather than inbox with content intact. |
 Junk (Rewritten) |
Link payload delivered to Junk/Spam with the URL rewritten by mail controls. |
 Stripped |
Email arrived but the payload was modified. Security controls may have removed macro content, scripts, or other suspicious elements. |
 Held |
Blocked by email policy (e.g., disallowed file extension). You may receive a notification email about the held message. |
 Junk (Stripped) |
Payload delivered to Junk/Spam with content modified or partially removed by security controls. |
 Junk (Held) |
Payload held by policy and routed to Junk/Spam. |
 Failed |
Email could not be sent due to a delivery failure (e.g., invalid recipient, sender error). |
 Error |
An unexpected error occurred during sending or processing. |
 Blocked (Dropped) |
Email silently dropped by the mail gateway before reaching the mailbox. |
 Blocked (Bounced) |
Email explicitly rejected. Detected via bounce messages or Security Tool integrations. |
 Blocked (Trashed) |
Email accepted but subsequently deleted by mail controls before the user could access it. |
Integration Types
| Type |
Description |
| Sender |
Service used to send campaign emails (SMTP, Microsoft 365, Google Workspace) |
| Mailbox |
Email account where payloads are delivered and verified |
| Mail Control |
Security tool integrated for enhanced status detection (e.g., Microsoft Defender) |
Filtering Terms
| Term |
Description |
| Attack Technique |
MITRE ATT&CK technique used by a payload |
| Threat Group |
Known threat actor whose TTPs a payload emulates |
| Software |
Malware family or tool the payload represents |
| File Type |
The file extension/format of the payload |
Repeating Campaigns
| Term |
Description |
| Parent Campaign |
The original campaign that was configured to repeat |
| Child Campaign |
An automatically-created run spawned from a parent |
| Repeat Interval |
Days between each automated run |
| Repeat For |
Number of remaining runs (-1 = forever, 0 = complete) |