Update src/content/docs/reference-architecture/design-guides/zero-trust-for-saas.mdx

Co-authored-by: hyperlint-ai[bot] <154288675+hyperlint-ai[bot]@users.noreply.github.com>

Author: securitypedant

src/content/docs/reference-architecture/design-guides/zero-trust-for-saas.mdx

@@ -171,7 +171,7 @@ Integrating Cloudflare into the existing email infrastructure is both flexible a
 
 In an inline deployment, Cloudflare’s Email Security will evaluate email messages before they reach a user’s inboxes (by pointing the email domain MX record to Cloudflare). This allows Cloudflare to [quarantine messages](https://developers.cloudflare.com/email-security/email-configuration/admin-quarantine/) so they never reach the user’s inbox or [tag messages via email headers](https://developers.cloudflare.com/email-security/reference/dispositions-and-attributes/#header-structure) to inform the email provider how emails should be handled (for example, [by redirecting bulk emails directly to the spam folder](https://developers.cloudflare.com/email-security/deployment/inline/setup/office-365-area1-mx/use-cases/one-junk-admin-quarantine/)). Cloudflare can also [modify the subject and body of email messages](https://developers.cloudflare.com/email-security/email-configuration/email-policies/text-addons/) to inform a user to be more cautious about a suspicious email and [rewrite links within emails and even isolate those links behind a remote browser](https://developers.cloudflare.com/email-security/email-configuration/email-policies/link-actions/).
 
-In an API deployment, Cloudflare’s Email Security will see the email messages only after they have reached the users’ inboxes by setting up Journaling/BCC rules in the email provider or via API scan. Then, through integrations with the email provider, Cloudflare can [retract phishing emails](https://developers.cloudflare.com/email-security/email-configuration/retract-settings/) from user’s inboxes. Unlike the Inline mode, this deployment method does not support quarantining emails or modifying the email messages, however, it is an easy way to add protection in complex email infrastructures with no changes to the existing mail flow operations.
+In an API deployment, Cloudflare's Email Security will see the email messages only after they have reached the users' inboxes by setting up Journaling/BCC rules in the email provider or via API scan. Then, through integrations with the email provider, Cloudflare can [retract phishing emails](/email-security/email-configuration/retract-settings/) from user's inboxes. Unlike the Inline mode, this deployment method does not support quarantining emails or modifying the email messages, however, it is an easy way to add protection in complex email infrastructures with no changes to the existing mail flow operations.
 
 These modes can be used concurrently to enhance email security. The Inline mode ensures that Cloudflare’s Email Security scans and filters emails before they reach users' inboxes. For emails that initially pass through without being flagged as threats, Cloudflare [periodically re-evaluates them](https://developers.cloudflare.com/email-security/email-configuration/retract-settings/office365-retraction/#post-delivery-retractions-for-new-threats). If these emails are later identified as part of a phishing campaign, they are automatically retracted via API. This proactive approach protects organizations against deferred phishing attacks, where attackers send emails with seemingly benign links that are weaponized after delivery to bypass initial detection.