update text

Author: Maddy-Cloudflare

src/content/docs/email-security/reference/dispositions-and-attributes.mdx

@@ -34,7 +34,7 @@ You can use disposition values when [creating your quarantine policy](/email-sec
 | `SUSPICIOUS` | Traffic associated with phishing campaigns (and is under further analysis by our automated systems). | Research these messages internally to evaluate legitimacy. |
 | `SPOOF` | Traffic associated with phishing campaigns that is either non-compliant with your email authentication policies (SPF, DKIM, DMARC) or has mismatching `Envelope From` and `Header From` values. | Block after investigating (can be triggered by third-party mail services). |
 | `SPAM` | Traffic associated with non-malicious, commercial campaigns. | Route to existing Spam quarantine folder. |
-| `BULK` (dashboard only) | Traffic associated with [Graymail](https://en.wikipedia.org/wiki/Graymail_\(email\)), that fall in between the definitions of `SPAM` and `SUSPICIOUS`. For example, a marketing email that intentionally obscures its unsubscribe link. | Monitor or tag |
+| `BULK` (dashboard only) | Traffic associated with [Graymail](https://en.wikipedia.org/wiki/Graymail_\(email\)). | Monitor or tag |
 
 ### Header structure
 

src/content/partials/cloudflare-one/email-security/dispositions-and-attributes.mdx

@@ -1,10 +1,10 @@
-- **Malicious**: Traffic invoked multiple phishing verdict triggers, met thresholds for bad behavior, and is associated with active campaigns.
+- **Malicious**: Traffic associated with active threat campaigns. Malicious messages invoked multiple phishing verdict triggers and met thresholds for bad behavior.
     - **Recommendation**: Block.
 - **Spoof**: Traffic associated with phishing campaigns that is either non-compliant with your email authentication policies ([SPF](https://www.cloudflare.com/en-gb/learning/dns/dns-records/dns-spf-record/), [DKIM](https://www.cloudflare.com/en-gb/learning/dns/dns-records/dns-dkim-record/), [DMARC](https://www.cloudflare.com/en-gb/learning/dns/dns-records/dns-dmarc-record/)) or has mismatching `Envelope From` and `Header From` values.
     - **Recommendation**: Block after investigating (can be triggered by third-party mail services).
 - **Suspicious**: Traffic associated with phishing campaigns (and is under further analysis by our automated systems).
     - **Recommendation**: Research these messages internally to evaluate legitimacy.
-- **UCE**: Traffic associated with non-malicious, commercial campaigns.
+- **Spam**: Traffic associated with non-malicious, commercial campaigns.
     - **Recommendation**: Route to existing Spam quarantine folder.
 - **Bulk**: Traffic associated with [Graymail](https://en.wikipedia.org/wiki/Graymail_%28email%29).
     - **Recommendation**: Monitor or tag.