Address Dom's suggestions

Maddy-Cloudflare · Maddy-Cloudflare · commit 3d1631f75f4d · 2025-08-05T15:51:58.000+01:00
diff --git a/src/content/docs/cloudflare-one/email-security/detection-settings/additional-detections.mdx b/src/content/docs/cloudflare-one/email-security/detection-settings/additional-detections.mdx
@@ -23,6 +23,8 @@ To configure additional detections:
 
 The domain age is the time since the domain has been registered.
 
+Because of the domain age detection, [trusted domains](/cloudflare-one/email-security/detection-settings/trusted-domains/) can be used to create an exception to the age detection. 
+
 To configure a domain age:
 
 1. On the **Edit additional detections** page:
diff --git a/src/content/docs/cloudflare-one/email-security/detection-settings/allow-policies.mdx b/src/content/docs/cloudflare-one/email-security/detection-settings/allow-policies.mdx
@@ -13,9 +13,9 @@ Email Security allows you to configure allow policies. An allow policy exempts m
 
 Allow policies are crucial for legitimate messages that may otherwise be blocked due to, for example, an incorrect setup.
 
-<Example title="Example of an incorrect setup">
+<Example title="Example of allow policy">
 
-An example of incorrect setup is a [sender policy framework (SPF)](https://www.cloudflare.com/en-gb/learning/dns/dns-records/dns-spf-record/) misconfiguration. If the IP address of the server which is sending the email is not listed as part of the SPF records, SPF authentication will fail and therefore may classify an email as malicious or suspicious.
+An example of allow policy is a phishing simulation product. You want to configure a phishing simulation product as **Accept sender** so Email Security does not scan the messages (or crawl links) in these simulated messages.
 
 </Example>
 
@@ -27,7 +27,9 @@ Allow policies are used to mitigate false positives. When an email has been mark
 
 Allow policies in Email Security give you the option to choose **Accept sender**. 
 
-When you choose **Accept sender**, any email that is malicious or suspicious will be blocked. Accept sender will bypass all emails marked as spoof, spam, and bulk. It is recommended to choose this option, as it is the safest option to protect your email inbox from malicious or suspicious activities.
+Accept sender creates exceptions for messages that would otherwise be marked as spam, bulk, or spoof. However, Email Security will continue to scan the message for maliciousness.
+
+It is recommended to choose this option, as it is the safest option to protect your email inbox from malicious or suspicious activities.
 
 <Example title="Example of a use case where marketing emails that are legitimate have been blocked">
 
@@ -58,7 +60,7 @@ To configure allow policies:
            - **Email addresses**: Must be a valid email. Enter an email address whose emails are going to be exempted.
            - **IP addresses**: It is the IP address of the email server. Any email address sent from that email server is going to be allowed. The IP address can only be IPv4. IPv6 and CIDR are invalid entries.
            - **Domains**: Must be a valid domain.
-           - **Regular expressions**: Must be valid Java expressions. Regular expressions are matched with fields related to the sender email address (envelope from, header from, reply-to), the originating IP address, and the server name for the email. For example, you can enter `.*@domain.com` to exempt any email address that ends with `domain.com`.
+           - **Regular expressions**: Must be valid Java expressions. Regular expressions are matched with fields related to the sender email address (envelope from, header from, reply-to), the originating IP address, and the server name for the email. For example, you can enter `.*@domain\.com` to exempt any email address that ends with `domain.com`.
      - **(Recommended) Sender verification**: This option enforces DMARC, SPF, or DKIM authentication. If you choose to enable this option, Email Security will only honor policies that pass authentication.
        - **Notes**: Provide additional information about your allow policy.
    - **Uploading an allow policy**: Upload a file no larger than 150 KB. The file can only contain `Pattern`, `Pattern Type`, `Verify Email`, `Trusted Sender`, `Exempt Recipient`, `Acceptable Sender`, `Notes` fields. The first row must be a header row. Refer to [CSV uploads](/cloudflare-one/email-security/detection-settings/allow-policies/#csv-uploads) for an example file.
diff --git a/src/content/docs/cloudflare-one/email-security/detection-settings/blocked-senders.mdx b/src/content/docs/cloudflare-one/email-security/detection-settings/blocked-senders.mdx
@@ -9,7 +9,7 @@ Email Security marks all messages from these senders with a malicious [dispositi
 
 ## How blocked senders work
 
-Blocked senders ensures messages from untrusted sources are automatically marked as malicious, preventing them from reaching users' inbox.
+Blocked senders ensures messages from any sender is automatically marked as malicious, preventing them from reaching users' inbox.
 
 Sometimes, the same email, IP address or domain always sends malicious emails to the company. In this case, you can add an email address, IP address or domain as a blocked sender. You can choose to enter a regular expression by turning **Regular expression** on. 
 
@@ -27,7 +27,7 @@ To configure blocked senders:
              - **Email addresses**: Must be a valid email.
              - **IP addresses**: Can only be IPv4. IPv6 and CIDR are invalid entries.
              - **Domains**: Must be a valid domain.
-             - **Regular expressions**: Must be valid Java expressions. Regular expressions are matched with fields related to the sender email address (envelope from, header from, reply-to), the originating IP address, and the server name for the email. For example, you can enter `.*@domain.com` to exempt any email address that ends with `domain.com`.
+             - **Regular expressions**: Must be valid Java expressions. Regular expressions are matched with fields related to the sender email address (envelope from, header from, reply-to), the originating IP address, and the server name for the email. For example, you can enter `.*@domain\.com` to exempt any email address that ends with `domain.com`.
          - **Notes**: Provide additional information about the blocked sender policy.
    - **Upload blocked sender list**: Upload a file no larger than 150 KB. The file cannot can only contain `Blocked_Sender`, `Pattern Type,` and `Notes` fields. The first row must be a header row. Refer to [CSV uploads](/cloudflare-one/email-security/detection-settings/blocked-senders/#csv-uploads) for an example file.
 6. Select **Save**.
diff --git a/src/content/docs/cloudflare-one/email-security/detection-settings/trusted-domains.mdx b/src/content/docs/cloudflare-one/email-security/detection-settings/trusted-domains.mdx
@@ -11,6 +11,8 @@ Email Security allows you to exempt known partner and internal domains from typi
 
 Trusted domains are not for the email message itself, but for entire domains. 
 
+By default, Email Security automatically detects look alike domains. This means that if an email is received from a domain that looks like a configured domain, this will trigger a detection. Trusted domain is configured to ignore this detection. 
+
 In [Additional detections](/cloudflare-one/email-security/detection-settings/additional-detections/), you can configure malicious domain and suspicious [domain age](/cloudflare-one/email-security/detection-settings/additional-detections/).
 
 Malicious domain age means that someone may create a domain today, similar to a target, and start sending emails with that domain. This is usually how many phish campaigns start. In this case, the domain is usually marked as Malicious. Malicious domain age is usually set to 7 days.
