# Email security (formerly Area 1)

Cloudflare Email security is a cloud based service that stops phishing attacks, the biggest cybersecurity threat, across all traffic vectors - email, web and network.

> Links below point directly to Markdown versions of each page. Any page can also be retrieved as Markdown by sending an `Accept: text/markdown` header to the page's URL without the `index.md` suffix (for example, `curl -H "Accept: text/markdown" https://docs.ahq.lat/email-security/`).
>
> For other Cloudflare products, see the [Cloudflare documentation directory](https://docs.ahq.lat/llms.txt).

## Overview

- [Overview](https://docs.ahq.lat/email-security/index.md): Cloudflare Email Security stops phishing attacks with cloud-native email protection for your organization.

## API

- [API](https://docs.ahq.lat/email-security/api/index.md): Access Email Security phishing campaign rulesets and indicators through the API.
- [Service accounts](https://docs.ahq.lat/email-security/api/service-accounts/index.md): Create and manage API service account credentials for Email Security.

## Channel and Alliance Partners

- [Channel and Alliance Partners](https://docs.ahq.lat/email-security/partners/index.md): Set up and manage Email Security accounts for channel and alliance partner organizations and their customers.

## Migrate to Email security

- [Migrate to Email security](https://docs.ahq.lat/email-security/migrate-to-email-security/index.md): Migrate from Area 1 to Cloudflare Email Security, including equivalent actions and updated terminology.

## account-setup

- [Escalation contacts](https://docs.ahq.lat/email-security/account-setup/escalation-contacts/index.md): Configure escalation contacts in Cloudflare Email security to prioritize alerts for phishing threats and email irregularities. Set up SOC, Triage, Analyst, and Executive contacts.
- [Manage account members](https://docs.ahq.lat/email-security/account-setup/manage-account-members/index.md): Add, edit, delete, and reset 2FA for user accounts in Email Security.
- [Manage parent permissions](https://docs.ahq.lat/email-security/account-setup/manage-parent-permissions/index.md): Control the level of access a partner parent account has to your Email Security child account.
- [Permissions](https://docs.ahq.lat/email-security/account-setup/permissions/index.md): Available permission roles for parent and child accounts in Email Security.
- [SSO integration](https://docs.ahq.lat/email-security/account-setup/sso/index.md): Configure SAML-based single sign-on for Email Security with identity providers like Okta or Azure AD.
- [Cloudflare Access for SaaS](https://docs.ahq.lat/cloudflare-one/access-controls/applications/http-apps/saas-apps/area-1/index.md): Use Cloudflare Access for SaaS to enable SSO for Email Security.
- [Azure guide](https://docs.ahq.lat/email-security/account-setup/sso/azure/index.md): Configure Azure Active Directory for SAML SSO with Email Security.
- [Generic SSO guide](https://docs.ahq.lat/email-security/account-setup/sso/generic-sso/index.md): Set up SAML-based single sign-on for Email Security with any identity provider.
- [Okta guide](https://docs.ahq.lat/email-security/account-setup/sso/okta/index.md): Connect your Email Security account to Okta for SAML-based single sign-on authentication.

## deployment

- [API](https://docs.ahq.lat/email-security/deployment/api/index.md): Deploy Email Security using the API deployment method with journaling or BCC configurations.
- [Setup](https://docs.ahq.lat/email-security/deployment/api/setup/index.md): Connect your mail environment to Email Security using API deployment setup guides.
- [Email Retro Scan](https://docs.ahq.lat/email-security/deployment/api/setup/email-retro-scan/index.md): Scan up to 14 days of old Office 365 messages for missed threats using Email Security Retro Scan.
- [Exchange BCC setup](https://docs.ahq.lat/email-security/deployment/api/setup/exchange-bcc-setup/index.md): Configure Microsoft Exchange BCC rules to route email copies to Email Security for scanning.
- [Gmail BCC setup](https://docs.ahq.lat/email-security/deployment/api/setup/gsuite-bcc-setup/index.md): Configure Gmail BCC rules to route email copies to Email Security for phishing detection.
- [Find BCC address and add domain](https://docs.ahq.lat/email-security/deployment/api/setup/gsuite-bcc-setup/add-domain/index.md): Locate your Email Security BCC address and add your domain for Gmail integration.
- [Add retraction](https://docs.ahq.lat/email-security/deployment/api/setup/gsuite-bcc-setup/add-retraction/index.md): Configure message retraction settings for Email Security with Gmail.
- [Add BCC rules](https://docs.ahq.lat/email-security/deployment/api/setup/gsuite-bcc-setup/bcc-rules-to-area1/index.md): Add Gmail content compliance BCC rules to forward inbound email to Email Security for scanning.
- [Create a project on Google Cloud Console](https://docs.ahq.lat/email-security/deployment/api/setup/gsuite-bcc-setup/create-project-gcp/index.md): Create a Google Cloud project and enable required APIs for Email Security Gmail BCC setup.
- [Create service account](https://docs.ahq.lat/email-security/deployment/api/setup/gsuite-bcc-setup/create-service-account/index.md): Create a Google Cloud service account for Email Security message retraction in Gmail.
- [Geographic locations](https://docs.ahq.lat/email-security/deployment/api/setup/gsuite-bcc-setup/geographic-locations/index.md): BCC geographic endpoint locations available for Email Security Gmail integration.
- [Office 365 Graph API setup](https://docs.ahq.lat/email-security/deployment/api/setup/office365-graph-api/index.md): Learn how to scan and protect Office 365 emails with Email security (formerly Area 1) via a Microsoft Graph API setup.
- [Office 365 journaling setup](https://docs.ahq.lat/email-security/deployment/api/setup/office365-journaling/index.md): Configure Office 365 journaling to send email copies to Email Security for phishing analysis.
- [Inline](https://docs.ahq.lat/email-security/deployment/inline/index.md): Deploy Email Security inline as an MX record to scan email before it reaches your mail server.
- [Egress IPs](https://docs.ahq.lat/email-security/deployment/inline/reference/egress-ips/index.md): Egress IP addresses used by Email security for inline deployments, listed by region.
- [Cisco - Email security (formerly Area 1) as MX Record](https://docs.ahq.lat/email-security/deployment/inline/setup/cisco-area1-mx/index.md): Deploy Email Security as the MX record with Cisco IronPort for inline email scanning.
- [Cisco - Cisco as MX record](https://docs.ahq.lat/email-security/deployment/inline/setup/cisco-cisco-mx/index.md): Deploy Email Security with Cisco as the MX record for inline email protection.
- [Google Workspace - Email security (formerly Area 1) as MX Record](https://docs.ahq.lat/email-security/deployment/inline/setup/gsuite-area1-mx/index.md): Deploy Email Security as the MX record for Google Workspace inline email protection.
- [Office 365 - Email security (formerly Area 1) as MX Record](https://docs.ahq.lat/email-security/deployment/inline/setup/office-365-area1-mx/index.md): Deploy Email Security as the MX record for Office 365 inline email protection.
- [Use cases](https://docs.ahq.lat/email-security/deployment/inline/setup/office-365-area1-mx/use-cases/index.md): Office 365 deployment use cases for Email Security with junk folder and quarantine configurations.
- [5 - Junk email folder and administrative quarantine](https://docs.ahq.lat/email-security/deployment/inline/setup/office-365-area1-mx/use-cases/five-junk-admin-quarantine/index.md): Configure Office 365 to deliver suspicious messages to junk and threats to admin quarantine.
- [4 - User managed quarantine and administrative quarantine](https://docs.ahq.lat/email-security/deployment/inline/setup/office-365-area1-mx/use-cases/four-user-quarantine-admin-quarantine/index.md): Configure Office 365 to deliver spam to user quarantine and malicious messages to admin quarantine.
- [1 - Junk email and Email security (formerly Area 1) Admin Quarantine](https://docs.ahq.lat/email-security/deployment/inline/setup/office-365-area1-mx/use-cases/one-junk-admin-quarantine/index.md): Configure Office 365 to deliver emails to the junk folder and Email Security admin quarantine.
- [3 - Junk email and administrative quarantine](https://docs.ahq.lat/email-security/deployment/inline/setup/office-365-area1-mx/use-cases/three-junk-admin-quarantine/index.md): Configure Office 365 to deliver suspicious messages to junk and malicious messages to admin quarantine.
- [2 - Junk email and user managed quarantine](https://docs.ahq.lat/email-security/deployment/inline/setup/office-365-area1-mx/use-cases/two-junk-user-quarantine/index.md): Configure Office 365 to deliver suspicious messages to junk and spam to user managed quarantine.

## email-configuration

- [Admin Quarantine](https://docs.ahq.lat/email-security/email-configuration/admin-quarantine/index.md): Quarantine incoming messages based on Email security dispositions to prevent threats from reaching inboxes.
- [Alert Webhooks](https://docs.ahq.lat/email-security/email-configuration/domains-and-routing/alert-webhooks/index.md): Connect external services like Slack, SIEM tools, and Microsoft Teams to Email security using webhooks.
- [Domains](https://docs.ahq.lat/email-security/email-configuration/domains-and-routing/domains/index.md): Create and manage domains in Email security to control email routing and quarantine policies.
- [Partner Domains TLS](https://docs.ahq.lat/email-security/email-configuration/domains-and-routing/partner-domains-tls/index.md): Enforce TLS requirements for emails from specific partner domains in Email security.
- [Link actions](https://docs.ahq.lat/email-security/email-configuration/email-policies/link-actions/index.md): Configure URL defanging and Email Link Isolation for messages based on Email security dispositions.
- [Text add-ons](https://docs.ahq.lat/email-security/email-configuration/email-policies/text-addons/index.md): Add subject and body prefixes to emails based on Email security dispositions for inline deployments.
- [Added Detections](https://docs.ahq.lat/email-security/email-configuration/enhanced-detections/added-detections/index.md): Manage Email security detection settings for domain age, encrypted attachments, anti-spam, and more.
- [Business email compromise (BEC)](https://docs.ahq.lat/email-security/email-configuration/enhanced-detections/business-email-compromise/index.md): Protect against executive impersonation attacks with Email security BEC detection and directory integration.
- [Google Workspaces directory integration](https://docs.ahq.lat/email-security/email-configuration/enhanced-detections/business-email-compromise/gworkspaces-directory-guide/index.md): Integrate Email security with Google Workspace directories to enforce BEC protection against user impersonation.
- [Office 365 directory integration](https://docs.ahq.lat/email-security/email-configuration/enhanced-detections/business-email-compromise/o365-directory-guide/index.md): Integrate Email security with Office 365 directories to enforce BEC protection against user impersonation.
- [Allowed patterns](https://docs.ahq.lat/email-security/email-configuration/lists/allowed-patterns/index.md): Exempt messages matching specific patterns from Email security detection scanning.
- [Block lists](https://docs.ahq.lat/email-security/email-configuration/lists/block-list/index.md): Block senders in Email security to automatically mark their messages with a MALICIOUS disposition.
- [Trusted domains](https://docs.ahq.lat/email-security/email-configuration/lists/trusted-domains/index.md): Exempt specific domains from Email security proximity and recent domain detections.
- [Phish submissions](https://docs.ahq.lat/email-security/email-configuration/phish-submissions/index.md): Submit missed phishing samples to Email security to improve detection models and threat coverage.
- [KnowBe4](https://docs.ahq.lat/email-security/email-configuration/phish-submissions/knowbe4/index.md): Configure the KnowBe4 Phish Alert Button to report suspicious emails to Email security.
- [Microsoft Report Message (not compatible)](https://docs.ahq.lat/email-security/email-configuration/phish-submissions/microsoft-report-message/index.md): Microsoft Report Message is no longer compatible with Email security due to changes in submission message flow.
- [PhishNet for Google Workspace](https://docs.ahq.lat/email-security/email-configuration/phish-submissions/phishnet-gworkspace/index.md): Deploy the PhishNet add-in for Google Workspace so users can report missed phishing emails to Email security.
- [PhishNet for Office 365](https://docs.ahq.lat/email-security/email-configuration/phish-submissions/phishnet-o365/index.md): Deploy the PhishNet add-in for Office 365 so users can report missed phishing emails to Email security.
- [Retract settings](https://docs.ahq.lat/email-security/email-configuration/retract-settings/index.md): Set up Email security message retraction to remove suspicious emails from user mailboxes after delivery.
- [Office 365 retraction](https://docs.ahq.lat/email-security/email-configuration/retract-settings/office365-retraction/index.md): Set up Email security email retraction for Microsoft Office 365 using the Graph API.

## Glossary

- [Glossary](https://docs.ahq.lat/email-security/glossary/index.md): Definitions for terms used across Cloudflare Email Security documentation.

## reference

- [Cloudflare SSO](https://docs.ahq.lat/email-security/reference/cloudflare-sso/index.md): You can use your Cloudflare account as the single sign-on (SSO) authentication scheme to log in to the Email security dashboard.
- [Dispositions and attributes](https://docs.ahq.lat/email-security/reference/dispositions-and-attributes/index.md): Email security dispositions classify messages as malicious, suspicious, spam, or other categories for policy actions.
- [How we detect phish](https://docs.ahq.lat/email-security/reference/how-we-detect-phish/index.md): Learn how Email security uses web crawling, machine learning, and other techniques to detect phishing threats.
- [Language support](https://docs.ahq.lat/email-security/reference/language-support/index.md): Email security scanning is language agnostic and the dashboard supports multiple localized languages.
- [MS Office 365 GCC](https://docs.ahq.lat/email-security/reference/office365-gcc/index.md): Email security supports Microsoft 365 Government Community Cloud (GCC) Low environments.
- [Timestamps](https://docs.ahq.lat/email-security/reference/timestamps/index.md): Email security dashboard timestamps are localized to the user's current time zone.

## reporting

- [Audit Logs](https://docs.ahq.lat/email-security/reporting/audit-logs/index.md): Use Email security (formerly Area 1) logs to review actions performed on your account.
- [Phish reports](https://docs.ahq.lat/email-security/reporting/phish-reports/index.md): Access Phish reports through the dashboard or an email digest.
- [Search](https://docs.ahq.lat/email-security/reporting/search/index.md): Search for messages with a detection disposition or that have been processeded by Email security (formerly Area 1).
- [Available parameters](https://docs.ahq.lat/email-security/reporting/search/available-parameters/index.md): Search parameters available for querying Email security message detections, including sender, subject, and disposition fields.
- [SIEM integration](https://docs.ahq.lat/email-security/reporting/siem-integration/index.md): SIEM integrations allow you to view message-level information outside of the dashboard and create your own custom reports.
- [KnowBe4](https://docs.ahq.lat/email-security/reporting/siem-integration/knowbe4-integration-guide/index.md): KnowBe4 integration guide
- [LogScale](https://docs.ahq.lat/email-security/reporting/siem-integration/logscale-integration-guide/index.md): Falcon LogScale integration guide
- [Splunk](https://docs.ahq.lat/email-security/reporting/siem-integration/splunk-integration-guide/index.md): Splunk Cloud integration guide
- [Sumo Logic](https://docs.ahq.lat/email-security/reporting/siem-integration/sumo-logic-integration-guide/index.md): Sumo Logic integration guide
- [Statistics overview](https://docs.ahq.lat/email-security/reporting/statistics-overview/index.md): Statistics overview allows you to have an at-a-glance overview of emails processed and number of threats detected.
- [Types of malicious detections](https://docs.ahq.lat/email-security/reporting/types-malicious-detections/index.md): Types of malicious detections shows you information related to the number and types of malicious detections made on your account.