diff --git a/public/__redirects b/public/__redirects
index 1803a02d14f70c2..7442cc9d227d201 100644
--- a/public/__redirects
+++ b/public/__redirects
@@ -594,7 +594,7 @@
 /cloudflare-one/insights/email-monitoring/download-disposition-report/ /cloudflare-one/email-security/email-monitoring/download-disposition-report/ 301
 /cloudflare-one/insights/email-monitoring/ /cloudflare-one/email-security/email-monitoring/ 301
 /cloudflare-one/insights/email-monitoring/search-email/ /cloudflare-one/email-security/email-monitoring/search-email/ 301
-/cloudflare-one/insights/email-monitoring/phish-submissions/ /cloudflare-one/email-security/phish-submissions/ 301
+/cloudflare-one/email-security/phish-submissions/ /cloudflare-one/email-security/settings/phish-submissions/ 301
 /cloudflare-one/insights/email-monitoring/enable-logs/ /cloudflare-one/insights/logs/enable-logs/ 301
 /cloudflare-one/email-security/directories/manage-ms-directories/ /cloudflare-one/email-security/directories/manage-integrated-directories/ 301
 /cloudflare-one/email-security/directories/manage-ms-directories/manage-groups-directory/ /cloudflare-one/email-security/directories/manage-integrated-directories/manage-groups-directory/ 301
@@ -2402,6 +2402,22 @@
 /cloudflare-one/applications/non-http/* /cloudflare-one/access-controls/applications/non-http/:splat 301
 /cloudflare-one/identity/devices/* /cloudflare-one/reusable-components/posture-checks/:splat 301
 
+# Email Security new revamp
+/cloudflare-one/email-security/email-monitoring/download-report/ /cloudflare-one/email-security/monitoring/download-report/ 301
+/cloudflare-one/email-security/email-monitoring/* /cloudflare-one/email-security/monitoring/:splat 301
+/cloudflare-one/email-security/auto-moves/ /cloudflare-one/email-security/settings/auto-moves/ 301
+/cloudflare-one/email-security/detection-settings/additional-detections/ /cloudflare-one/email-security/settings/additional-detections/ 301
+/cloudflare-one/email-security/detection-settings/allow-policies/ /cloudflare-one/email-security/settings/allow-policies/ 301
+/cloudflare-one/email-security/detection-settings/blocked-senders/ /cloudflare-one/email-security/settings/blocked-senders/ 301
+/cloudflare-one/email-security/detection-settings/configure-link-actions/ /cloudflare-one/email-security/settings/configure-link-actions/ 301
+/cloudflare-one/email-security/detection-settings/detection-settings/ /cloudflare-one/email-security/settings/detection-settings/ 301
+/cloudflare-one/email-security/detection-settings/configure-text-add-ons/ /cloudflare-one/email-security/settings/configure-text-add-ons/ 301
+/cloudflare-one/email-security/settings/detection-settings/impersonation-registry/ /cloudflare-one/email-security/settings/impersonation-registry/ 301
+/cloudflare-one/email-security/detection-settings/trusted-domains/ /cloudflare-one/email-security/settings/trusted-domains/ 301
+/cloudflare-one/email-security/settings/detection-settings/impersonation-registry/* /cloudflare-one/email-security/settings/impersonation-registry/:splat 301
+/cloudflare-one/email-security/detection-settings/* /cloudflare-one/email-security/settings/detection-settings/:splat 301
+
+
 # Learning paths
 
 /learning-paths/modules/get-started/onboarding/* /learning-paths/get-started-free/onboarding/:splat 301
diff --git a/src/content/changelog/email-security-cf1/2024-12-19-escalate-user-submissions.mdx b/src/content/changelog/email-security-cf1/2024-12-19-escalate-user-submissions.mdx
index faee83b81fb76e6..cbc779921612b11 100644
--- a/src/content/changelog/email-security-cf1/2024-12-19-escalate-user-submissions.mdx
+++ b/src/content/changelog/email-security-cf1/2024-12-19-escalate-user-submissions.mdx
@@ -10,7 +10,7 @@ After you triage your users' submissions (that are machine reviewed), you can no
 
 From **Reclassifications**, go to **User submissions**. Select the three dots next to any of the user submissions, then select **Escalate** to create a team request for reclassification. The Cloudflare dashboard will then show you the submissions on the **Team Submissions** tab. 
 
-Refer to [User submissions](/cloudflare-one/email-security/email-monitoring/search-email/#user-submissions) to learn more about this feature. 
+Refer to [User submissions](/cloudflare-one/email-security/reclassifications/user-submissions/) to learn more about this feature. 
 
 This feature is available across these Email Security packages: 
 
diff --git a/src/content/changelog/email-security-cf1/2024-12-19-reclassification-tab.mdx b/src/content/changelog/email-security-cf1/2024-12-19-reclassification-tab.mdx
index 46bee5632949273..1afb1da75dec499 100644
--- a/src/content/changelog/email-security-cf1/2024-12-19-reclassification-tab.mdx
+++ b/src/content/changelog/email-security-cf1/2024-12-19-reclassification-tab.mdx
@@ -8,7 +8,7 @@ import { Render } from "~/components";
 
 You now have more transparency about team and user submissions for phishing emails through a **Reclassification** tab in the Zero Trust dashboard.
 
-Reclassifications happen when users or admins [submit a phish](/cloudflare-one/email-security/phish-submissions/) to Email Security. Cloudflare reviews and - in some cases - reclassifies these emails based on improvements to our machine learning models.
+Reclassifications happen when users or admins [submit a phish](/cloudflare-one/email-security/settings/phish-submissions/) to Email Security. Cloudflare reviews and - in some cases - reclassifies these emails based on improvements to our machine learning models.
 
 This new tab increases your visibility into this process, allowing you to view what submissions you have made and what the outcomes of those submissions are.
 
diff --git a/src/content/changelog/email-security-cf1/2025-02-07-open-links-security-center.mdx b/src/content/changelog/email-security-cf1/2025-02-07-open-links-security-center.mdx
index 65c31c55710a7fc..0988e570a15d4b4 100644
--- a/src/content/changelog/email-security-cf1/2025-02-07-open-links-security-center.mdx
+++ b/src/content/changelog/email-security-cf1/2025-02-07-open-links-security-center.mdx
@@ -4,16 +4,16 @@ description: You can now investigate links in emails with Cloudflare Security Ce
 date: 2025-02-07T23:22:49Z
 ---
 
-You can now investigate links in emails with Cloudflare Security Center to generate a report containing a myriad of technical details: a phishing scan, SSL certificate data, HTTP request and response data, page performance data, DNS records, what technologies and libraries the page uses, and more. 
+You can now investigate links in emails with Cloudflare Security Center to generate a report containing a myriad of technical details: a phishing scan, SSL certificate data, HTTP request and response data, page performance data, DNS records, what technologies and libraries the page uses, and more.
 
 ![Open links in Security Center](~/assets/images/changelog/email-security/Open-Links-Security-Center.png)
 
-From **Investigation**, go to **View details**, and look for the **Links identified** section. Select **Open in Security Center** next to each link. **Open in Security Center** allows your team to quickly generate a detailed report about the link with no risk to the analyst or your environment. 
+From **Investigation**, go to **View details**, and look for the **Links identified** section. Select **Open in Security Center** next to each link. **Open in Security Center** allows your team to quickly generate a detailed report about the link with no risk to the analyst or your environment.
 
-For more details, refer to [Open links](/cloudflare-one/email-security/email-monitoring/search-email/#open-links).
+For more details, refer to [Open links](/cloudflare-one/email-security/monitoring/search-email/#open-links).
 
-This feature is available across these Email Security packages: 
+This feature is available across these Email Security packages:
 
--  **Advantage**
--  **Enterprise** 
--  **Enterprise + PhishGuard** 
\ No newline at end of file
+- **Advantage**
+- **Enterprise**
+- **Enterprise + PhishGuard**
diff --git a/src/content/changelog/email-security-cf1/2025-05-15-open-links-browser-isolation.mdx b/src/content/changelog/email-security-cf1/2025-05-15-open-links-browser-isolation.mdx
index 36c97fa357a5712..15d253bfb47dd20 100644
--- a/src/content/changelog/email-security-cf1/2025-05-15-open-links-browser-isolation.mdx
+++ b/src/content/changelog/email-security-cf1/2025-05-15-open-links-browser-isolation.mdx
@@ -8,7 +8,7 @@ You can now safely open links in emails to view and investigate them.
 
 ![Open links with Browser Isolation](~/assets/images/changelog/email-security/investigate-links.jpg)
 
-From **Investigation**, go to **View details**, and look for the **Links identified** section. Next to each link, the Cloudflare dashboard will display an **Open in Browser Isolation** icon which allows your team to safely open the link in a clientless, isolated browser with no risk to the analyst or your environment. Refer to [Open links](/cloudflare-one/email-security/email-monitoring/search-email/#open-links) to learn more about this feature.
+From **Investigation**, go to **View details**, and look for the **Links identified** section. Next to each link, the Cloudflare dashboard will display an **Open in Browser Isolation** icon which allows your team to safely open the link in a clientless, isolated browser with no risk to the analyst or your environment. Refer to [Open links](/cloudflare-one/email-security/monitoring/search-email/#open-links) to learn more about this feature.
 
 To use this feature, you must:
 
@@ -21,4 +21,4 @@ This feature is available across these Email Security packages:
 
 - **Advantage**
 - **Enterprise**
-- **Enterprise + PhishGuard**
\ No newline at end of file
+- **Enterprise + PhishGuard**
diff --git a/src/content/changelog/email-security-cf1/2025-08-07-expanded-link-isolation.mdx b/src/content/changelog/email-security-cf1/2025-08-07-expanded-link-isolation.mdx
index d7a497b0680cfad..e155b8b44eb2ea0 100644
--- a/src/content/changelog/email-security-cf1/2025-08-07-expanded-link-isolation.mdx
+++ b/src/content/changelog/email-security-cf1/2025-08-07-expanded-link-isolation.mdx
@@ -10,7 +10,7 @@ For example, you may want to deliver suspicious messages but isolate the links f
 
 ![Expanded Email Link Isolation Configuration](~/assets/images/changelog/email-security/expanded-link-actions.jpg)
 
-To isolate all links within a message based on the disposition, select **Settings** > **Link Actions** > **View** and select **Configure**. As with other other links you isolate, an interstitial will be provided to warn users that this site has been isolated and the link will be recrawled live to evaluate if there are any changes in our threat intel. Learn more about this feature on [Configure link actions](https://developers.cloudflare.com/cloudflare-one/email-security/detection-settings/configure-link-actions/).
+To isolate all links within a message based on the disposition, select **Settings** > **Link Actions** > **View** and select **Configure**. As with other other links you isolate, an interstitial will be provided to warn users that this site has been isolated and the link will be recrawled live to evaluate if there are any changes in our threat intel. Learn more about this feature on [Configure link actions](https://developers.cloudflare.com/cloudflare-one/email-security/settings/detection-settings/configure-link-actions/).
 
 This feature is available across these Email Security packages:
 
diff --git a/src/content/changelog/email-security-cf1/2025-09-01-updated-new-roles.mdx b/src/content/changelog/email-security-cf1/2025-09-01-updated-new-roles.mdx
index b63dcbc493044f1..db4e3784fbeb71d 100644
--- a/src/content/changelog/email-security-cf1/2025-09-01-updated-new-roles.mdx
+++ b/src/content/changelog/email-security-cf1/2025-09-01-updated-new-roles.mdx
@@ -4,28 +4,23 @@ description: More granular controls for Email Security roles
 date: 2025-09-01T23:25:49Z
 ---
 
-
-To provide more granular controls, we refined the [existing roles](/cloudflare-one/roles-permissions/#email-security-roles) for Email Security and launched a new Email Security role as well. 
-
+To provide more granular controls, we refined the [existing roles](/cloudflare-one/roles-permissions/#email-security-roles) for Email Security and launched a new Email Security role as well.
 
 All Email Security roles no longer have read or write access to any of the other Zero Trust products:
--   **Email Configuration Admin**
--   **Email Integration Admin**
--   **Email Security Read Only**
--   **Email Security Analyst**
--   **Email Security Policy Admin**
--   **Email Security Reporting**
 
+- **Email Configuration Admin**
+- **Email Integration Admin**
+- **Email Security Read Only**
+- **Email Security Analyst**
+- **Email Security Policy Admin**
+- **Email Security Reporting**
 
 To configure [Data Loss Prevention (DLP)](/cloudflare-one/email-security/outbound-dlp/) or [Remote Browser Isolation (RBI)](/cloudflare-one/remote-browser-isolation/setup/clientless-browser-isolation/#set-up-clientless-web-isolation), you now need to be an admin for the Zero Trust dashboard with the **Cloudflare Zero Trust** role.
 
+Also through customer feedback, we have created a new additive role to allow **Email Security Analyst** to create, edit, and delete Email Security policies, without needing to provide access via the **Email Configuration Admin** role. This role is called **Email Security Policy Admin**, which can read all settings, but has write access to [allow policies](/cloudflare-one/email-security/settings/detection-settings/allow-policies/), [trusted domains](/cloudflare-one/email-security/settings/detection-settings/trusted-domains/), and [blocked senders](/cloudflare-one/email-security/settings/detection-settings/blocked-senders/).
 
-Also through customer feedback, we have created a new additive role to allow **Email Security Analyst** to create, edit, and delete Email Security policies, without needing to provide access via the **Email Configuration Admin** role. This role is called **Email Security Policy Admin**, which can read all settings, but has write access to [allow policies](/cloudflare-one/email-security/detection-settings/allow-policies/), [trusted domains](/cloudflare-one/email-security/detection-settings/trusted-domains/), and [blocked senders](/cloudflare-one/email-security/detection-settings/blocked-senders/).
-
-
-
+This feature is available across these Email Security packages:
 
-This feature is available across these Email Security packages: 
--   **Advantage** 
--   **Enterprise** 
--   **Enterprise + PhishGuard** 
+- **Advantage**
+- **Enterprise**
+- **Enterprise + PhishGuard**
diff --git a/src/content/changelog/email-security-cf1/2025-09-23-invalid-submissions.mdx b/src/content/changelog/email-security-cf1/2025-09-23-invalid-submissions.mdx
index 50df245916e905c..35ab24c47bb783a 100644
--- a/src/content/changelog/email-security-cf1/2025-09-23-invalid-submissions.mdx
+++ b/src/content/changelog/email-security-cf1/2025-09-23-invalid-submissions.mdx
@@ -6,22 +6,20 @@ date: 2025-09-23T23:11:49Z
 
 Email Security relies on your submissions to continuously improve our detection models. However, we often receive submissions in formats that cannot be ingested, such as incomplete EMLs, screenshots, or text files.
 
-To ensure all customer feedback is actionable, we have launched two new features to manage invalid submissions sent to our team and user [submission aliases](/cloudflare-one/email-security/phish-submissions/#submission-addresses):
-
--   **Email Notifications:** We now automatically notify users by email when they provide an invalid submission, educating them on the correct format. To disable notifications, go to **[Settings](https://one.dash.cloudflare.com/?to=/:account/email-security/settings)** > **Invalid submission emails** and turn the feature off.
+To ensure all customer feedback is actionable, we have launched two new features to manage invalid submissions sent to our team and user [submission aliases](/cloudflare-one/email-security/settings/phish-submissions/submission-addresses/):
 
+- **Email Notifications:** We now automatically notify users by email when they provide an invalid submission, educating them on the correct format. To disable notifications, go to **[Settings](https://one.dash.cloudflare.com/?to=/:account/email-security/settings)** > **Invalid submission emails** and turn the feature off.
 
 ![EmailSec-Invalid-Submissions-Toggle](~/assets/images/changelog/email-security/EmailSec-Invalid-Submissions-Toggle.png)
 
--   **Invalid Submission dashboard:** You can quickly identify which users need education to provide valid submissions so Cloudflare can provide continuous protection.  
+- **Invalid Submission dashboard:** You can quickly identify which users need education to provide valid submissions so Cloudflare can provide continuous protection.
 
 ![EmailSec-Invalid-Submissions-Dashboard](~/assets/images/changelog/email-security/EmailSec-Invalid-Submissions-Dashboard.png)
 
+Learn more about this feature on [invalid submissions](https://developers.cloudflare.com/cloudflare-one/email-security/monitoring/search-email/#invalid-submissions).
 
-Learn more about this feature on [invalid submissions](https://developers.cloudflare.com/cloudflare-one/email-security/email-monitoring/search-email/#invalid-submissions).
-
-This feature is available across these Email Security packages: 
--   **Advantage** 
--   **Enterprise** 
--   **Enterprise + PhishGuard** 
+This feature is available across these Email Security packages:
 
+- **Advantage**
+- **Enterprise**
+- **Enterprise + PhishGuard**
diff --git a/src/content/changelog/email-security-cf1/2025-10-16-on-demand-security-report.mdx b/src/content/changelog/email-security-cf1/2025-10-16-on-demand-security-report.mdx
index 5eab2fc5d2486ba..fcd7ffe27186c28 100644
--- a/src/content/changelog/email-security-cf1/2025-10-16-on-demand-security-report.mdx
+++ b/src/content/changelog/email-security-cf1/2025-10-16-on-demand-security-report.mdx
@@ -1,21 +1,22 @@
 ---
 title: On-Demand Security Report
-description: Generate on-demand reports to prove Email Security value 
+description: Generate on-demand reports to prove Email Security value
 date: 2025-10-17T22:14:43Z
 ---
 
-
 You can now generate on-demand security reports directly from the Cloudflare dashboard. This new feature provides a comprehensive overview of your email security posture, making it easier than ever to demonstrate the value of Cloudflare’s Email Security to executives and other decision makers.
 
 These reports offer several key benefits:
+
 - **Executive Summary:** Quickly view the performance of Email Security with a high-level executive summary.
 - **Actionable Insights:** Dive deep into trend data, breakdowns of threat types, and analysis of top targets to identify and address vulnerabilities.
 - **Configuration Transparency:** Gain a clear view of your policy, submission, and domain configurations to ensure optimal setup.
 
-To get started, refer to [Download a security report](/cloudflare-one/email-security/email-monitoring/download-report/#download-a-security-report).
+To get started, refer to [Download a security report](/cloudflare-one/email-security/monitoring/download-report/#download-a-security-report).
 ![Report](~/assets/images/changelog/email-security/report.png)
 
-This feature is available across the following Email Security packages: 
--   **Advantage** 
--   **Enterprise** 
--   **Enterprise + PhishGuard** 
+This feature is available across the following Email Security packages:
+
+- **Advantage**
+- **Enterprise**
+- **Enterprise + PhishGuard**
diff --git a/src/content/docs/cloudflare-one/email-security/directories/index.mdx b/src/content/docs/cloudflare-one/email-security/directories/index.mdx
index 1ae4c5d06aa99e5..7d608538dd6e687 100644
--- a/src/content/docs/cloudflare-one/email-security/directories/index.mdx
+++ b/src/content/docs/cloudflare-one/email-security/directories/index.mdx
@@ -2,14 +2,14 @@
 title: Directories
 pcx_content_type: how-to
 sidebar:
-  order: 13
+  order: 16
 ---
 
 Directories are folders to store user data. Email Security allows you to manage directories from the Cloudflare dashboard.
 
 To add a directory:
 
-1. Log in to [Zero Trust](https://one.dash.cloudflare.com/) > **Email Security**.
+1. Log in to [Cloudflare One](https://one.dash.cloudflare.com/) > **Email Security**.
 2. Select **Directories**.
 3. Select **Add a directory** > **Connect an integration**.
 4. Select either **Google Workspace CASB + EMAIL** or **Microsoft CASB+EMAIL**. 
diff --git a/src/content/docs/cloudflare-one/email-security/directories/manage-es-directories.mdx b/src/content/docs/cloudflare-one/email-security/directories/manage-es-directories.mdx
index fd322c9beea39c9..386f85354c4583f 100644
--- a/src/content/docs/cloudflare-one/email-security/directories/manage-es-directories.mdx
+++ b/src/content/docs/cloudflare-one/email-security/directories/manage-es-directories.mdx
@@ -8,12 +8,12 @@ sidebar:
 You can manage your Email Security directory by editing and deleting added users.
 
 :::note[Registered users]
-The Email Security directory contains registered users only. A registered user is a user added to the [impersonation registry](/cloudflare-one/email-security/detection-settings/impersonation-registry/).
+The Email Security directory contains registered users only. A registered user is a user added to the [impersonation registry](/cloudflare-one/email-security/settings/detection-settings/impersonation-registry/).
 :::
 
 To modify or delete users in the Email Security directory:
 
-1. In [Zero Trust](https://one.dash.cloudflare.com/), go to **Email Security** > **Directories**.
+1. In [Cloudflare One](https://one.dash.cloudflare.com/), go to **Email Security** > **Directories**.
 2. Select **Email Security Directory**.
 
 ## Add a user
diff --git a/src/content/docs/cloudflare-one/email-security/directories/manage-integrated-directories/index.mdx b/src/content/docs/cloudflare-one/email-security/directories/manage-integrated-directories/index.mdx
index 910b8b8a120a382..7497d1d5aab93a3 100644
--- a/src/content/docs/cloudflare-one/email-security/directories/manage-integrated-directories/index.mdx
+++ b/src/content/docs/cloudflare-one/email-security/directories/manage-integrated-directories/index.mdx
@@ -9,7 +9,7 @@ sidebar:
 
 To manage an integrated directory:
 
-1. Log in to [Zero Trust](https://one.dash.cloudflare.com/).
+1. Log in to [Cloudflare One](https://one.dash.cloudflare.com/).
 2. Select **Email Security**.
 3. Select **Directories**.
 4. Under **Directory name**, select your directory.
diff --git a/src/content/docs/cloudflare-one/email-security/directories/manage-integrated-directories/manage-groups-directory.mdx b/src/content/docs/cloudflare-one/email-security/directories/manage-integrated-directories/manage-groups-directory.mdx
index 096925e197d93be..b81e3255c4204ec 100644
--- a/src/content/docs/cloudflare-one/email-security/directories/manage-integrated-directories/manage-groups-directory.mdx
+++ b/src/content/docs/cloudflare-one/email-security/directories/manage-integrated-directories/manage-groups-directory.mdx
@@ -5,11 +5,11 @@ sidebar:
   order: 3
 ---
 
-Email Security allows you to view and manage your groups directory and their [impersonation registry](/cloudflare-one/email-security/detection-settings/impersonation-registry/). When a group is added to the registry, all members are registered by default.
+Email Security allows you to view and manage your groups directory and their [impersonation registry](/cloudflare-one/email-security/settings/detection-settings/impersonation-registry/). When a group is added to the registry, all members are registered by default.
 
 To manage a group directory:
 
-1. In [Zero Trust](https://one.dash.cloudflare.com/), go to **Email Security** > **Directories**.
+1. In [Cloudflare One](https://one.dash.cloudflare.com/), go to **Email Security** > **Directories**.
 2. Locate your directory, select the three dots > **View details**.
 3. Select **Groups**.
 
@@ -47,7 +47,7 @@ To remove multiple groups from the registry at once:
 
 You can filter the list of group names by registered and unregistered.
 
-A group name is registered when it is part of the [impersonation registry](/cloudflare-one/email-security/detection-settings/impersonation-registry/). A group name is unregistered when they are not part of the impersonation registry.
+A group name is registered when it is part of the [impersonation registry](/cloudflare-one/email-security/settings/detection-settings/impersonation-registry/). A group name is unregistered when they are not part of the impersonation registry.
 
 To filter the list:
 
diff --git a/src/content/docs/cloudflare-one/email-security/directories/manage-integrated-directories/manage-users-directory.mdx b/src/content/docs/cloudflare-one/email-security/directories/manage-integrated-directories/manage-users-directory.mdx
index 1d0c3d87c6debbb..d33463e32dc85ac 100644
--- a/src/content/docs/cloudflare-one/email-security/directories/manage-integrated-directories/manage-users-directory.mdx
+++ b/src/content/docs/cloudflare-one/email-security/directories/manage-integrated-directories/manage-users-directory.mdx
@@ -5,11 +5,11 @@ sidebar:
   order: 4
 ---
 
-Email Security allows you to view and manage the [impersonation registry](/cloudflare-one/email-security/detection-settings/impersonation-registry/) status of your users directory.
+Email Security allows you to view and manage the [impersonation registry](/cloudflare-one/email-security/settings/detection-settings/impersonation-registry/) status of your users directory.
 
 To manage users directory:
 
-1. In [Zero Trust](https://one.dash.cloudflare.com/), go to **Email Security** > **Directories**.
+1. In [Cloudflare One](https://one.dash.cloudflare.com/), go to **Email Security** > **Directories**.
 2. Locate your directory, select the three dots > **View details**.
 3. Select **Users**.
 
@@ -53,7 +53,7 @@ To edit a user:
 
 You can filter the list of users by registered and unregistered.
 
-A user is registered when they are added to the [impersonation registry](/cloudflare-one/email-security/detection-settings/impersonation-registry/). A user is unregistered when they are not part of the impersonation registry.
+A user is registered when they are added to the [impersonation registry](/cloudflare-one/email-security/settings/detection-settings/impersonation-registry/). A user is unregistered when they are not part of the impersonation registry.
 
 To filter the impersonation registry:
 
diff --git a/src/content/docs/cloudflare-one/email-security/index.mdx b/src/content/docs/cloudflare-one/email-security/index.mdx
index 9cb5de863db8b09..8f0ae4e279bda32 100644
--- a/src/content/docs/cloudflare-one/email-security/index.mdx
+++ b/src/content/docs/cloudflare-one/email-security/index.mdx
@@ -30,15 +30,15 @@ When you complete the [setup process](/cloudflare-one/email-security/setup/), th
 The Email Security overview provides you with:
 
 - **Quick actions**, where you can:
-  - View [reclassifications](/cloudflare-one/email-security/email-monitoring/search-email/#reclassify-messages)
-  - Manage detection settings: manage [allow policies](/cloudflare-one/email-security/detection-settings/allow-policies/), [blocked senders](/cloudflare-one/email-security/detection-settings/blocked-senders/), [trusted domains](/cloudflare-one/email-security/detection-settings/trusted-domains/), [impersonation registry](/cloudflare-one/email-security/detection-settings/impersonation-registry/) and [additional detections](/cloudflare-one/email-security/detection-settings/additional-detections/).
-  - [Run screens](/cloudflare-one/email-security/email-monitoring/search-email/#screen-criteria)
-- **Recommendations**: A series of recommendations. For example, you may be recommended to learn how to submit emails for reclassification, create policies, or protect users at risk of [impersonation](/cloudflare-one/email-security/detection-settings/impersonation-registry/)
+  - View [reclassifications](/cloudflare-one/email-security/reclassifications/)
+  - Manage detection settings: manage [allow policies](/cloudflare-one/email-security/settings/detection-settings/allow-policies/), [blocked senders](/cloudflare-one/email-security/settings/detection-settings/blocked-senders/), [trusted domains](/cloudflare-one/email-security/settings/detection-settings/trusted-domains/), [impersonation registry](/cloudflare-one/email-security/settings/detection-settings/impersonation-registry/) and [additional detections](/cloudflare-one/email-security/settings/detection-settings/additional-detections/).
+  - [Run screens](/cloudflare-one/email-security/investigation/search-email/#screen-criteria)
+- **Recommendations**: A series of recommendations. For example, you may be recommended to learn how to submit emails for reclassification, create policies, or protect users at risk of [impersonation](/cloudflare-one/email-security/settings/detection-settings/impersonation-registry/)
 - **Email Security metrics**: Activity from the last seven days.
 - **Recently modified policies** A list of modified policies.
 - **Education and resources**: Links to [implementation guides](/cloudflare-one/implementation-guides/), [Email Security changelogs](/cloudflare-one/changelog/email-security/), and [API documentation](https://developers.cloudflare.com/api/resources/email_security/subresources/investigate/methods/get/)
 
 To access the Email Security overview:
 
-1. Log in to [Zero Trust](https://one.dash.cloudflare.com/).
+1. Log in to [Cloudflare One](https://one.dash.cloudflare.com/).
 2. Go to **Email Security** > **Overview**.
\ No newline at end of file
diff --git a/src/content/docs/cloudflare-one/email-security/investigation/index.mdx b/src/content/docs/cloudflare-one/email-security/investigation/index.mdx
new file mode 100644
index 000000000000000..2d089a6f9715f7d
--- /dev/null
+++ b/src/content/docs/cloudflare-one/email-security/investigation/index.mdx
@@ -0,0 +1,12 @@
+---
+pcx_content_type: navigation
+title: Investigation
+sidebar:
+  order: 14
+  group:
+    hideIndex: true
+---
+
+import { DirectoryListing } from "~/components"
+
+<DirectoryListing />
\ No newline at end of file
diff --git a/src/content/docs/cloudflare-one/email-security/investigation/search-email.mdx b/src/content/docs/cloudflare-one/email-security/investigation/search-email.mdx
new file mode 100644
index 000000000000000..c9fecfd7d3b05e1
--- /dev/null
+++ b/src/content/docs/cloudflare-one/email-security/investigation/search-email.mdx
@@ -0,0 +1,280 @@
+---
+title: Search email
+pcx_content_type: how-to
+sidebar:
+  order: 1
+---
+
+With Email Security, you can use different screen criteria to search through your email, reclassify and move a certain volume of messages, find similar emails, and export messages.
+
+## Screen criteria
+
+Email Security allows you to use popular, regular, and advanced screening criteria to search through your inbox. Advanced screening will give you the most in-depth investigation of your inbox.
+
+To screen through your email traffic:
+
+1. Log in to [Cloudflare One](https://one.dash.cloudflare.com/).
+2. Select **Email Security**.
+3. Select **Investigation**, then **Run new screen**.
+4. Choose between **Popular**, **Regular**, and **Advanced** screen methods. Refer to the explanation below to learn what each method does.
+
+The results will be displayed on a table. The table allows you to review and take action on the messages that match your chosen screening criteria.
+
+### Popular screen
+
+A popular screen allows you to view messages based on common pre-defined criteria.
+
+To use a popular screen criteria:
+
+1. Under **Method**, select **Popular screens**.
+2. Select one of the following criteria:
+   - **Moved emails**: View emails automatically or manually moved within the last seven days.
+   - **Reclassified emails**: Emails that had their disposition reclassified within the last seven days.
+   - **Malicious emails**: Emails assigned the malicious disposition within the last seven days.
+   - **Spoof emails**: Emails assigned the spoof disposition within the last seven days.
+   - **Suspicious emails**: Emails assigned the suspicious disposition within the last seven days.
+   - **Spam emails**: Emails assigned to the spam disposition within the last seven days.
+3. Select **Run screen**.
+
+To modify your screening criteria, under **Active screen criteria**, select **Modify**.
+
+### Regular screen
+
+A regular screen allows you to investigate your inbox by inserting a term to screen across all criteria.
+
+To use a regular screen criteria:
+
+1. Under **Method**, select **Regular screen**.
+2. Select a **Date range**.
+3. Enter a keyword.
+4. Select **Run screen**.
+
+To include all emails as part of the search, enable **Include all mail**.
+
+To modify your screening criteria, under **Active screen criteria**, select **Modify**.
+
+To reset your screening criteria, select **Reset**.
+
+### Advanced screen
+
+The advanced screen criteria gives you the option to narrow message results based on specific criteria. The advanced screen has several options (such as keywords, subject keywords, sender domain, and more) to scan your inbox.
+
+To use advanced screen criteria:
+
+1. Under **Method**, select **Advanced screen**.
+2. (Required) Select a date range.
+3. (Optional) Fill in the other fields. All fields, except for Subject, must be filled with one value only.
+4. Select **Run screen**.
+
+To include all emails as part of the search, enable **Include all mail**.
+
+To modify your screening criteria, under **Active screen criteria**, select **Modify**.
+
+To reset your screening criteria, select **Reset**.
+
+## Reclassify messages
+
+Reclassifying messages allows you to choose the disposition of your messages if the disposition is incorrect.
+
+To reclassify a message:
+
+1. In [Cloudflare One](https://one.dash.cloudflare.com/), go to **Email Security** and select **Investigation**.
+2. On the Investigation page, under **Your matching messages**, select the message you want to reclassify.
+3. Select the three dots, then select **Request reclassification**.
+4. Under **New disposition**, select among the following:
+   - **Malicious**: Traffic invoked multiple phishing verdict triggers, met thresholds for bad behavior, and is associated with active campaigns.
+   - **Spoof**: Traffic associated with phishing campaigns that is either non-compliant with your email authentication policies (SPF, DKIM, DMARC) or has mismatching Envelope From and Header From values.
+   - **Spam**: Traffic associated with non-malicious, commercial campaigns.
+   - **Bulk**: Traffic associated with [Graymail](https://en.wikipedia.org/wiki/Graymail_%28email%29), that falls in between the definitions of SPAM and SUSPICIOUS. For example, a marketing email that intentionally obscures its unsubscribe link.
+   - **Clean**: Traffic not associated with any phishing campaigns.
+5. Select **Save**.
+
+To reclassify messages in bulk, select **Select all messages** > **Action** > **Request reclassification**.
+
+To release messages in bulk, select **Select all messages** > **Action** > **Release**.
+
+### Upload EML files
+
+Email Security classifies certain emails as "Clean". If you disagree with the disposition, you can upload an EML file and reclassify the email.
+
+On the **Investigation** page:
+
+1. Go to the email marked as Clean.
+2. Select the three dots > **Request reclassification**.
+3. Upload the EML file.
+4. Select a new disposition.
+5. Select **Save**.
+
+Once you have reclassified your messages, you can access those on Reclassifications.
+
+To view reclassifications:
+
+1. Log in to [Cloudflare One](https://one.dash.cloudflare.com/).
+2. Select **Email Security** > **Reclassifications**.
+3. Choose **Team submissions** to view emails your security team submitted for reclassification, or **User submissions** to view emails your users submitted for reclassification.
+
+## Move messages
+
+Moving messages allows you to move messages to a specific folder. You can move up to 1,000 messages at a time.
+
+To move messages:
+
+1. In [Cloudflare One](https://one.dash.cloudflare.com/), go to **Email Security**, and select **Investigation**.
+2. On the Investigation page, select all the messages you want to move.
+3. Select the **Action** dropdown, then select **Move**.
+4. Select among one of the following folders:
+   - **Inbox**: Move messages to the primary email folder.
+   - **Junk email**: Move messages to the junk or spam folder.
+   - **Trash**: Move messages to the trash or deleted items email folder.
+   - **Soft delete (user recoverable)**: Move messages to the user's Deleted Items folder. This option is for Microsoft 365 only.
+   - **Hard delete (admin recoverable)**: Delete messages from a user's inbox.
+5. Select **Save**.
+
+To move messages in bulk, select **Select all messages** > **Action** > **Move**.
+
+## Find similar emails
+
+Each detection has an Email Detection Fingerprint (EDF) hash that Email Security sends to the Search API to retrieve similar detections.
+
+To find similar detection results:
+
+1. In [Cloudflare One](https://one.dash.cloudflare.com/), go to **Email Security**, and select **Investigation**.
+2. On the Investigation page, under **Your matching messages**, search for the **Similar emails** column.
+3. Select the number of similar emails. Selecting the number will show you a list of similar emails.
+
+## Export messages
+
+With Email Security, you can export messages to a CSV file.
+
+To export messages:
+
+1. In [Cloudflare One](https://one.dash.cloudflare.com/), go to **Email Security**, and select **Investigation**.
+2. On the Investigation page, under **Your matching messages**, select **Export to CSV**.
+3. Select **Export messages** on the pop-up message. You can export up to 500 messages from the dashboard. To export up to 1,000 matching messages, use the [API](/api/resources/email_security/subresources/investigate/methods/get/).
+
+To export messages in bulk, select **Select all messages** > **Export to CSV**.
+
+## Email status
+
+Email Security allows you to review the status and actions of each email.
+
+To view status and actions for each email:
+
+1. In [Cloudflare One](https://one.dash.cloudflare.com/), go to **Email Security**, and select **Investigation**.
+2. On the Investigation page, select the three dots.
+3. Selecting the three dots will show you the following options:
+
+- If the email is quarantined:
+  - **View details**: Refer to [Email details](#email-details) to learn more.
+  - **View similar emails**: Find similar emails based on the `value_edf_hash` (Electronic Detection Fingerprint hash).
+  - **Release**: Email Security will no longer quarantine your chosen messages.
+  - **Request reclassification**: Choose the dispositions of your messages if they are incorrect. Refer to [Reclassify messages](#reclassify-messages) to learn more.
+
+- If the email is not quarantined:
+  - **View details**.
+  - **View similar emails**.
+  - **View submission detail**.
+  - **[Move](/cloudflare-one/email-security/settings/auto-moves/)** (only available if you authorized moves).
+  - **[Request reclassification](#reclassify-messages)**.
+
+## Email details
+
+Email Security shows you the following email detail information:
+
+- Details
+- Action log
+- Raw message
+- Mail trace
+
+### Details
+
+Email Security displays the following details:
+
+1. **Threat type**: Threat type of the email, for example, [credential harvester](/cloudflare-one/email-security/reference/how-es-detects-phish/), and [IP-based spam](/cloudflare-one/email-security/reference/how-es-detects-phish/).
+2. **Validation**: Email validation methods [SPF](https://www.cloudflare.com/learning/dns/dns-records/dns-spf-record/), [DKIM](https://www.cloudflare.com/learning/dns/dns-records/dns-dkim-record/), [DMARC](https://www.cloudflare.com/learning/dns/dns-records/dns-dmarc-record/). The dashboard will display Pass if SPF, DKIM and DMARC checks have passed.
+3. **Sender details**: Information include:
+   - IP address
+   - Registered domain
+   - Autonomous sys number: This number identifies your [autonomous system (AS)](https://www.cloudflare.com/en-gb/learning/network-layer/what-is-an-autonomous-system/).
+   - Autonomous sys name: This name identifies your autonomous system (AS).
+   - Country
+4. **Links identified**: A list of malicious links identified by Email Security. Refer to [Open links](#open-links) to open links in Security Center, Browser Isolation or an external tool of your choice.
+5. **Attachments**: If an email has an attachment, the Cloudflare dashboard will display the filename, and the disposition assigned. You can open attachments in [Browser Isolation](/cloudflare-one/remote-browser-isolation/). Only PDF files are currently supported.
+6. **Reasons for disposition**: Description of why the email was deemed as malicious, suspicious, or spam.
+
+#### Open links
+
+You can open links in Security Center or [Browser Isolation](/cloudflare-one/remote-browser-isolation/), or copy and paste the link so you can investigate content in external tools.
+
+To open links in Security Center:
+
+1. In [Cloudflare One](https://one.dash.cloudflare.com), go to **Email Security** > **Investigation**.
+2. Locate the message you want to open links for, select the three dots, then select **View details**.
+3. Under **Details**, go to **Links identified**.
+4. Locate the link you want to open, and select **Open in Security Center**.
+5. You will be redirected to Investigate in the Cloudflare dashboard.
+6. Select **Scan now**.
+7. The dashboard will generate a report for your link.
+
+To open links in Browser Isolation:
+
+1. In [Cloudflare One](https://one.dash.cloudflare.com), go to **Email Security** > **Investigation**.
+2. Locate the message you want to open links for, select the three dots, then select **View details**.
+3. Under **Details**, go to **Links identified**.
+4. Locate the link you want to open, and select **Open in Browser Isolation**.
+5. The link will open in a separate window where you will be able to browse the content securely.
+
+Alternatively, you can directly [open links in Browser Isolation](/cloudflare-one/remote-browser-isolation/setup/clientless-browser-isolation/).
+
+:::note
+If you purchased Gateway and [Browser Isolation](/cloudflare-one/remote-browser-isolation/), you can perform more actions when opening links.
+:::
+
+When opening links, Email Security will not allow you to:
+
+- [Copy (from remote to client)](/cloudflare-one/remote-browser-isolation/isolation-policies/)
+- [Paste (from client to remote)](/cloudflare-one/remote-browser-isolation/isolation-policies/)
+- Use [keyboard](/cloudflare-one/remote-browser-isolation/isolation-policies/)
+- [Print](/cloudflare-one/remote-browser-isolation/isolation-policies/)
+- [Download files](/cloudflare-one/remote-browser-isolation/isolation-policies/)
+- [Uploads files](/cloudflare-one/remote-browser-isolation/isolation-policies/)
+
+To open and investigate a link in an external tool:
+
+1. In [Cloudflare One](https://one.dash.cloudflare.com), go to **Email Security** > **Investigation**.
+2. Locate the message you want to open links for, select the three dots, then select **View details**.
+3. Under **Details**, go to **Links identified**.
+4. Locate the link you want to open, and select **Copy URL**.
+5. Paste the link in your external tool.
+
+:::caution[Warning]
+You may encounter a `400 Bad Request` error after turning Clientless Web Isolation on.
+:::
+
+If you encounter this error:
+
+1. In [Cloudflare One](https://one.dash.cloudflare.com), go to **Settings** > **Resources**.
+2. Select **Generate certificate**.
+3. Choose the **Expiration** (5 years is recommended), then select **Generate certificate**. Your certificate is now generated, and the dashboard will display its Deployment Status as INACTIVE.
+4. Select the three dots, and then select **Activate** to activate your certificate.
+5. Select the three dots, and then select **Mark as in-use**.
+6. Your certificate deployment status should display AVAILABLE IN-USE.
+
+### Action log
+
+Action log allows you to review post-delivery actions performed on your selected message. The action log displays:
+
+- **Date**: Date when the post-delivery action was performed.
+- **Activity**: The activity taken on an email. For example, moving the email to the trash folder, releasing a quarantined email, and more.
+
+### Raw message
+
+Raw message allows you to view the raw details of the message. You can also choose to download the email message. To download the message, select **Download .EML**.
+
+### Mail trace
+
+Mail trace allows you to track the path your selected message took from the sender to the recipient. Mail trace displays:
+
+- **Date**: The date and time when the mail was tracked.
+- **Type**: An email can be inbound (email sent to you from another email), or outbound (emails sent from your email address).
+- **Activity**: The activity taken on an email. For example, moving the email to the trash folder, releasing a quarantined email, and more.
\ No newline at end of file
diff --git a/src/content/docs/cloudflare-one/email-security/email-monitoring/download-report.mdx b/src/content/docs/cloudflare-one/email-security/monitoring/download-report.mdx
similarity index 88%
rename from src/content/docs/cloudflare-one/email-security/email-monitoring/download-report.mdx
rename to src/content/docs/cloudflare-one/email-security/monitoring/download-report.mdx
index 3a8b7c7bd46dd51..89f7ca2bad9c5a9 100644
--- a/src/content/docs/cloudflare-one/email-security/email-monitoring/download-report.mdx
+++ b/src/content/docs/cloudflare-one/email-security/monitoring/download-report.mdx
@@ -15,7 +15,7 @@ Email Security allows you to download three types of reports:
 
 A disposition report shows you all the email messages based on the type of disposition you selected.
 
-1. In [Zero Trust](https://one.dash.cloudflare.com/), select **Email Security**.
+1. In [Cloudflare One](https://one.dash.cloudflare.com/), select **Email Security**.
 2. Select **Monitoring** > **Download report**.
 3. In **Report type**, select **Email disposition report**.
 4. Under **Email disposition report**, select the **Date Range** (required), and the **Disposition**.
@@ -27,7 +27,7 @@ Refer to [Dispositions and attributes](/cloudflare-one/email-security/reference/
 
 Retro scan scans the last 14 days of your emails, and gives you a report on bulk, spam, spoof, suspicious and malicious emails.
 
-1. In [Zero Trust](https://one.dash.cloudflare.com/), select **Email Security**.
+1. In [Cloudflare One](https://one.dash.cloudflare.com/), select **Email Security**.
 2. Select **Monitoring** > **Download report**.
 4. In **Report type**, select **Retro Scan report**.
 5. Select **View report** to view a report of your last 14 days of emails. 
@@ -46,7 +46,7 @@ The reports contains:
 
 To download a security report:
 
-1. In [Zero Trust](https://one.dash.cloudflare.com/), select **Email Security**.
+1. In [Cloudflare One](https://one.dash.cloudflare.com/), select **Email Security**.
 2. Select **Monitoring** > **Download report**.
 4. In **Report type**, select **Security report** and the **Date range**.
 5. Select **Generate report**.
diff --git a/src/content/docs/cloudflare-one/email-security/email-monitoring/index.mdx b/src/content/docs/cloudflare-one/email-security/monitoring/index.mdx
similarity index 80%
rename from src/content/docs/cloudflare-one/email-security/email-monitoring/index.mdx
rename to src/content/docs/cloudflare-one/email-security/monitoring/index.mdx
index 2a2fc4919126eff..2f75094dd8e2307 100644
--- a/src/content/docs/cloudflare-one/email-security/email-monitoring/index.mdx
+++ b/src/content/docs/cloudflare-one/email-security/monitoring/index.mdx
@@ -1,5 +1,5 @@
 ---
-title: Email monitoring
+title: Monitoring
 pcx_content_type: how-to
 sidebar:
   order: 12
@@ -15,7 +15,7 @@ With Email Security, you can enable logs to send detection data to an endpoint o
 
 To monitor your inbox:
 
-1. Log in to [Zero Trust](https://one.dash.cloudflare.com/).
+1. Log in to [Cloudflare One](https://one.dash.cloudflare.com/).
 2. Select **Email Security**.
 3. Under **Email Security**, select **Monitoring**.
 
@@ -24,10 +24,10 @@ The dashboard will display the following metrics:
 - Email activity
 - [Disposition evaluation](/cloudflare-one/email-security/reference/dispositions-and-attributes/)
 - Detection details
-- [Impersonations](/cloudflare-one/email-security/detection-settings/impersonation-registry/)
-- [Phish submissions](/cloudflare-one/email-security/phish-submissions/)
-- [Auto-move events](/cloudflare-one/email-security/auto-moves/)
-- [Detection settings metrics](/cloudflare-one/email-security/detection-settings/)
+- [Impersonations](/cloudflare-one/email-security/settings/detection-settings/impersonation-registry/)
+- [Phish submissions](/cloudflare-one/email-security/settings/phish-submissions/)
+- [Auto-move events](/cloudflare-one/email-security/settings/auto-moves/)
+- [Detection settings metrics](/cloudflare-one/email-security/settings/detection-settings/)
 
 ## Email activity
 
@@ -74,13 +74,13 @@ Impersonations are a form of phishing attack where the actor pretends to be some
 - To view all impersonation emails, select **View all impersonation emails**.
 - To view impersonated users, select **View impersonated users**.
 
-Refer to [Trusted domains](/cloudflare-one/email-security/detection-settings/trusted-domains/) to add a trusted domain, and [Impersonation registry](/cloudflare-one/email-security/detection-settings/impersonation-registry/) to add a user to the impersonation registry.
+Refer to [Trusted domains](/cloudflare-one/email-security/settings/detection-settings/trusted-domains/) to add a trusted domain, and [Impersonation registry](/cloudflare-one/email-security/settings/detection-settings/impersonation-registry/) to add a user to the impersonation registry.
 
 ## Phish submissions
 
 Phishing is a type of attack that involves stealing sensitive information with the aim of using and selling the information.
 
-A phish submission happens when a user or an administrator reports a phishing attack. Refer to [Phish submissions](/cloudflare-one/email-security/phish-submissions/) to learn how to submit a phish.
+A phish submission happens when a user or an administrator reports a phishing attack. Refer to [Phish submissions](/cloudflare-one/email-security/settings/phish-submissions/) to learn how to submit a phish.
 
 Phish submissions displays the following information:
 
@@ -96,7 +96,7 @@ Auto-move events are emails moved to different inboxes based on the disposition
 
 This panel shows you the total number of auto-moves and the source folder from which these retractions are originating from.
 
-Refer to [Auto-moves](/cloudflare-one/email-security/auto-moves/) to configure auto-move events.
+Refer to [Auto-moves](/cloudflare-one/email-security/settings/auto-moves/) to configure auto-move events.
 
 ## Detection settings metrics
 
@@ -106,4 +106,4 @@ Detection settings metric displays information about:
 - **Blocked traffic**: Traffic that Email Security automatically blocks from senders. Blocked traffic shows metrics on emails that were blocked from user inboxes.
 - **Domain age**: The number of days since domain registration.
 
-Select **Configure** to configure policy and rules for [allowed traffic](/cloudflare-one/email-security/detection-settings/allow-policies/), [blocked traffic](/cloudflare-one/email-security/detection-settings/blocked-senders/) and [domain age](/cloudflare-one/email-security/detection-settings/additional-detections/).
+Select **Configure** to configure policy and rules for [allowed traffic](/cloudflare-one/email-security/settings/detection-settings/allow-policies/), [blocked traffic](/cloudflare-one/email-security/settings/detection-settings/blocked-senders/) and [domain age](/cloudflare-one/email-security/settings/detection-settings/additional-detections/).
diff --git a/src/content/docs/cloudflare-one/email-security/email-monitoring/search-email.mdx b/src/content/docs/cloudflare-one/email-security/monitoring/search-email.mdx
similarity index 77%
rename from src/content/docs/cloudflare-one/email-security/email-monitoring/search-email.mdx
rename to src/content/docs/cloudflare-one/email-security/monitoring/search-email.mdx
index 92c1970912ddf21..6f1a2cecda5c295 100644
--- a/src/content/docs/cloudflare-one/email-security/email-monitoring/search-email.mdx
+++ b/src/content/docs/cloudflare-one/email-security/monitoring/search-email.mdx
@@ -13,7 +13,7 @@ Email Security allows you to use popular, regular, and advanced screening criter
 
 To screen through your email traffic:
 
-1. Log in to [Zero Trust](https://one.dash.cloudflare.com/).
+1. Log in to [Cloudflare One](https://one.dash.cloudflare.com/).
 2. Select **Email Security**.
 3. Select **Investigation**, then **Run new screen**.
 4. Choose between **Popular**, **Regular**, and **Advanced** screen methods. Refer to the explanation below to learn what each method does.
@@ -28,12 +28,12 @@ To use a popular screen criteria:
 
 1. Under **Method**, select **Popular screens**.
 2. Select one of the following criteria:
-   * **Moved emails**: View emails automatically or manually moved within the last seven days.
-   * **Reclassified emails**: Emails that had their disposition reclassified within the last seven days.
-   * **Malicious emails**: Emails assigned the malicious disposition within the last seven days.
-   * **Spoof emails**: Emails assigned the spoof disposition within the last seven days.
-   * **Suspicious emails**: Emails assigned the suspicious disposition within the last seven days.
-   * **Spam emails**: Emails assigned to the spam disposition within the last seven days.
+   - **Moved emails**: View emails automatically or manually moved within the last seven days.
+   - **Reclassified emails**: Emails that had their disposition reclassified within the last seven days.
+   - **Malicious emails**: Emails assigned the malicious disposition within the last seven days.
+   - **Spoof emails**: Emails assigned the spoof disposition within the last seven days.
+   - **Suspicious emails**: Emails assigned the suspicious disposition within the last seven days.
+   - **Spam emails**: Emails assigned to the spam disposition within the last seven days.
 3. Select **Run screen**.
 
 To modify your screening criteria, under **Active screen criteria**, select **Modify**.
@@ -78,7 +78,7 @@ Reclassifying messages allows you to choose the disposition of your messages if
 
 To reclassify a message:
 
-1. In [Zero Trust](https://one.dash.cloudflare.com/), go to **Email Security** and select **Investigation**.
+1. In [Cloudflare One](https://one.dash.cloudflare.com/), go to **Email Security** and select **Investigation**.
 2. On the **Investigation** page, under **Your matching messages**, select the message you want to reclassify.
 3. Select the three dots, then select **Request reclassification**.
 4. Under **New disposition**, select among the following:
@@ -109,7 +109,7 @@ Once you have reclassified your messages, you can access those on **Reclassifica
 
 To view reclassifications:
 
-1. Log in to [Zero Trust](https://one.dash.cloudflare.com/).
+1. Log in to [Cloudflare One](https://one.dash.cloudflare.com/).
 2. Select **Email Security** > **Reclassifications**.
 3. Choose **Team submissions** to view emails your security team submitted for reclassification, or **User submissions** to view emails your users submitted for reclassification.
 
@@ -138,10 +138,10 @@ To gain more details on a specific reclassification:
 
 User submissions are the emails your users submitted for reclassification. User submissions help enhance our detection model, but can be escalated for human review.
 
-Any email that is reported as [phish](/cloudflare-one/email-security/phish-submissions/#reclassify-an-email) will be displayed under **User submissions**.
+Any email that is reported as [phish](/cloudflare-one/email-security/settings/phish-submissions/#reclassify-an-email) will be displayed under **User submissions**.
 
 :::note
-[PhishGuard](/cloudflare-one/email-security/phish-guard/) customers can have submissions analyzed when submitting at either user or team level. Any non-PhishGuard customer can still have submissions analyzed by submitting at team level.
+[PhishGuard](/cloudflare-one/email-security/phishguard/) customers can have submissions analyzed when submitting at either user or team level. Any non-PhishGuard customer can still have submissions analyzed by submitting at team level.
 :::
 
 Select among the following filters:
@@ -165,37 +165,13 @@ To escalate a reclassification:
 2. Select the three dots > select **Escalate**.
 3. The dashboard will display a message to authorize escalation. Select **Escalate**.
 
-### Invalid submissions
-
-A submission is invalid when:
-
-- A submission has no EML file attached.
-- A submission has been made with an incorrect file extension.
-- A submission was made to the wrong team or user alias.
-
-To ensure your submission is valid:
-
-- Ensure your submission has a file attached with a `.eml` file extension.
-- Ensure you configure the domain you are submitting emails for.
-- Ensure policies are configured correctly.
-
-To view invalid submissions:
-
-1. Log in to [Zero Trust](https://one.dash.cloudflare.com/).
-2. Select **Email Security** > **Reclassifications**.
-3. Select **Invalid submissions**.
-
-You can search by submission ID or submitted email.
-
-You can filter based on **Date Range** and **Submitted by** (which will list emails that made the invalid submissions). Once you have configured your desired filters, select **Apply filters**.
-
 ## Move messages
 
 Moving messages allows you to move messages to a specific folder. You can move up to 1,000 messages at a time.
 
 To move messages:
 
-1. In [Zero Trust](https://one.dash.cloudflare.com/), go to **Email Security**, and select **Investigation**.
+1. In [Cloudflare One](https://one.dash.cloudflare.com/), go to **Email Security**, and select **Investigation**.
 2. On the **Investigation** page, select all the messages you want to move.
 3. Select the **Action** dropdown, then select **Move**.
 4. Select among one of the following folders:
@@ -214,7 +190,7 @@ Each detection has an Email Detection Fingerprint (EDF) hash that Email Security
 
 To find similar detection results:
 
-1. In [Zero Trust](https://one.dash.cloudflare.com/), go to **Email Security**, and select **Investigation**.
+1. In [Cloudflare One](https://one.dash.cloudflare.com/), go to **Email Security**, and select **Investigation**.
 2. On the **Investigation** page, under **Your matching messages**, search for the **Similar emails** column.
 3. Select the number of similar emails. Selecting the number will show you a list of similar emails.
 
@@ -224,7 +200,7 @@ With Email Security, you can export messages to a CSV file.
 
 To export messages:
 
-1. In [Zero Trust](https://one.dash.cloudflare.com/), go to **Email Security**, and select **Investigation**.
+1. In [Cloudflare One](https://one.dash.cloudflare.com/), go to **Email Security**, and select **Investigation**.
 2. On the **Investigation** page, under **Your matching messages**, select **Export to CSV**.
 3. Select **Export messages** on the pop-up message. You can export up to 500 messages from the dashboard. To export up to 1,000 matching messages, use the [API](/api/resources/email_security/subresources/investigate/methods/get/).
 
@@ -236,20 +212,20 @@ Email Security allows you to review the status and actions of each email.
 
 To view status and actions for each email:
 
-1. In [Zero Trust](https://one.dash.cloudflare.com/), go to **Email Security**, and select **Investigation**.
+1. In [Cloudflare One](https://one.dash.cloudflare.com/), go to **Email Security**, and select **Investigation**.
 2. On the **Investigation** page, select the three dots.
 3. Selecting the three dots will show you the following options:
    - If the email is quarantined:
-      - **View details**: Refer to [Email details](/cloudflare-one/email-security/email-monitoring/search-email/#email-details) to learn more.
-      - **View similar emails**: Find similar emails based on the `value_edf_hash` (Electronic Detection Fingerprint hash).
-      - **Release**: Email Security will no longer quarantine your chosen messages.
-      - **Request reclassification**: Choose the dispositions of your messages if they are incorrect. Refer to [Reclassify messages](/cloudflare-one/email-security/email-monitoring/search-email/#reclassify-messages) to learn more.
+     - **View details**: Refer to [Email details](/cloudflare-one/email-security/monitoring/search-email/#email-details) to learn more.
+     - **View similar emails**: Find similar emails based on the `value_edf_hash` (Electronic Detection Fingerprint hash).
+     - **Release**: Email Security will no longer quarantine your chosen messages.
+     - **Request reclassification**: Choose the dispositions of your messages if they are incorrect. Refer to [Reclassify messages](/cloudflare-one/email-security/monitoring/search-email/#reclassify-messages) to learn more.
 4. If the email is not quarantined:
    - **View details**.
    - **View similar emails**.
    - **View submission detail**.
-   - [Move](/cloudflare-one/email-security/auto-moves/) (only available if you authorized moves).
-   - [Request reclassification](/cloudflare-one/email-security/email-monitoring/search-email/#reclassify-messages).
+   - [Move](/cloudflare-one/email-security/settings/auto-moves/) (only available if you authorized moves).
+   - [Request reclassification](/cloudflare-one/email-security/investigation/search-email/#reclassify-messages).
 
 ## Email details
 
@@ -272,7 +248,7 @@ Email Security displays the following details:
    - Autonomous sys number: This number identifies your [autonomous system (AS)](https://www.cloudflare.com/en-gb/learning/network-layer/what-is-an-autonomous-system/).
    - Autonomous sys name: This name identifies your autonomous system (AS).
    - Country
-4. **Links identified**: A list of malicious links identified by Email Security. Refer to [Open links](/cloudflare-one/email-security/email-monitoring/search-email/#open-links) to open links in Security Center, Browser Isolation or an external tool of your choice.
+4. **Links identified**: A list of malicious links identified by Email Security. Refer to [Open links](/cloudflare-one/email-security/monitoring/search-email/#open-links) to open links in Security Center, Browser Isolation or an external tool of your choice.
 5. **Attachments**: If an email has an attachment, the Cloudflare dashboard will display the filename, and the disposition assigned. You can open attachments in [Browser Isolation](/cloudflare-one/remote-browser-isolation/). Only PDF files are currently supported.
 6. **Reasons for disposition**: Description of why the email was deemed as malicious, suspicious, or spam.
 
@@ -282,21 +258,21 @@ You can open links in [Security Center](/security-center/) or [Browser Isolation
 
 To open links in Security Center:
 
-1. In [Zero Trust](https://one.dash.cloudflare.com/), go to **Email Security** > **Investigation**.
+1. In [Cloudflare One](https://one.dash.cloudflare.com/), go to **Email Security** > **Investigation**.
 2. Locate the message you want to open links for, select the three dots, then select **View details**.
-2. Under **Details**, go to **Links identified**.
-3. Locate the link you want to open, and select **Open in Security Center**.
-4. You will be redirected to **Investigate** in the Cloudflare dashboard.
-5. Select **Scan now**.
-6. The dashboard will generate a report for your link.
+3. Under **Details**, go to **Links identified**.
+4. Locate the link you want to open, and select **Open in Security Center**.
+5. You will be redirected to **Investigate** in the Cloudflare dashboard.
+6. Select **Scan now**.
+7. The dashboard will generate a report for your link.
 
 To open links in Browser Isolation:
 
-1. In [Zero Trust](https://one.dash.cloudflare.com/), go to **Email Security** > **Investigation**.
+1. In [Cloudflare One](https://one.dash.cloudflare.com/), go to **Email Security** > **Investigation**.
 2. Locate the message you want to open links for, select the three dots, then select **View details**.
-2. Under **Details**, go to **Links identified**.
-3. Locate the link you want to open, and select **Open in Browser Isolation**.
-4. The link will open in a separate window where you will be able to browse the content securely.
+3. Under **Details**, go to **Links identified**.
+4. Locate the link you want to open, and select **Open in Browser Isolation**.
+5. The link will open in a separate window where you will be able to browse the content securely.
 
 Alternatively, you can directly [open links in Browser Isolation](/cloudflare-one/remote-browser-isolation/setup/clientless-browser-isolation/#open-links-in-browser-isolation).
 
@@ -316,24 +292,24 @@ When opening links, Email Security will not allow you to:
 
 To open and investigate a link in an external tool:
 
-1. In [Zero Trust](https://one.dash.cloudflare.com/), go to **Email Security** > **Investigation**.
+1. In [Cloudflare One](https://one.dash.cloudflare.com/), go to **Email Security** > **Investigation**.
 2. Locate the message you want to open links for, select the three dots, then select **View details**.
-2. Under **Details**, go to **Links identified**.
-3. Locate the link you want to open, and select **Copy URL**.
-3. Paste the link in your external tool.
+3. Under **Details**, go to **Links identified**.
+4. Locate the link you want to open, and select **Copy URL**.
+5. Paste the link in your external tool.
 
 :::caution
 You may encounter a `400 Bad Request` error after turning **Clientless Web Isolation** on.
 
 If you encounter this error:
 
-1. In [Zero Trust](https://one.dash.cloudflare.com/), go to **Settings** > **Resources**.
+1. In [Cloudflare One](https://one.dash.cloudflare.com/), go to **Settings** > **Resources**.
 2. Select **Generate certificate**.
 3. Choose the **Expiration** (5 years is recommended), then select **Generate certificate**. Your certificate is now generated, and the dashboard will display its **Deployment Status** as **INACTIVE**.
 4. Select the three dots, and then select **Activate** to activate your certificate.
 5. Select the three dots, and then select **Mark as in-use**.
 6. Your certificate deployment status should display **AVAILABLE IN-USE**.
-:::
+   :::
 
 ### Action log
 
@@ -352,4 +328,4 @@ Mail trace allows you to track the path your selected message took from the send
 
 - **Date**: The date and time when the mail was tracked.
 - **Type**: An email can be inbound (email sent to you from another email), or outbound (emails sent from your email address).
-- **Activity**: The activity taken on an email. For example, moving the email to the trash folder, releasing a quarantined email, and more.
\ No newline at end of file
+- **Activity**: The activity taken on an email. For example, moving the email to the trash folder, releasing a quarantined email, and more.
diff --git a/src/content/docs/cloudflare-one/email-security/outbound-dlp.mdx b/src/content/docs/cloudflare-one/email-security/outbound-dlp.mdx
index 0c4ea7be1aa6116..4f888fd18340663 100644
--- a/src/content/docs/cloudflare-one/email-security/outbound-dlp.mdx
+++ b/src/content/docs/cloudflare-one/email-security/outbound-dlp.mdx
@@ -2,7 +2,7 @@
 title: Outbound Data Loss Prevention (DLP)
 pcx_content_type: how-to
 sidebar:
-  order: 17
+  order: 18
 ---
 
 :::note[Compatibility]
@@ -22,7 +22,7 @@ An outbound policy allows you to control outbound email flow.
 
 To create an outbound DLP policy:
 
-1. In [Zero Trust](https://one.dash.cloudflare.com), go to **Email Security** > **Outbound DLP**.
+1. In [Cloudflare One](https://one.dash.cloudflare.com), go to **Email Security** > **Outbound DLP**.
 2. Select **Add a policy**.
 3. Name your policy.
 4. Build an expression to match specific email traffic. For example, you can create a policy that blocks outbound emails containing identifying numbers:
@@ -51,7 +51,7 @@ The Data Loss Prevention (DLP) Assist add-in allows Microsoft 365 users to deplo
 
 To set up DLP Assist add-in:
 
-1. In [Zero Trust](https://one.dash.cloudflare.com), go to **Email Security** > **Outbound DLP**.
+1. In [Cloudflare One](https://one.dash.cloudflare.com), go to **Email Security** > **Outbound DLP**.
 2. Select **View Microsoft add-in instructions** > Select **Download add-in**. This downloads a `.xml` file necessary to install the add-in on the client side.
 3. Set up the add-in in Microsoft 365:
     - Log in to the [Microsoft admin panel](https://security.microsoft.com/homepage) and go to **Microsoft 365 Admin Center** > **Settings** > **Integrated Apps**.
diff --git a/src/content/docs/cloudflare-one/email-security/phish-submissions.mdx b/src/content/docs/cloudflare-one/email-security/phish-submissions.mdx
deleted file mode 100644
index 8054cf2419f9c78..000000000000000
--- a/src/content/docs/cloudflare-one/email-security/phish-submissions.mdx
+++ /dev/null
@@ -1,71 +0,0 @@
----
-title: Phish submissions
-pcx_content_type: how-to
-sidebar:
-  order: 16
----
-
-import { GlossaryTooltip, Render } from "~/components"
-
-As part of your continuous email security posture, administrators and security analysts need to submit missed <GlossaryTooltip term="phishing">phishing</GlossaryTooltip> samples to Email Security, so Cloudflare can process them and take necessary action.
-
-Submitting missed phish samples to Cloudflare is of paramount importance and necessary for continuous protection. Submitting missed phish samples helps Cloudflare improve our machine learning (ML) models, and alerts us of new attack vectors before they become prevalent.
-
-There are three routes you can use to report an email as a phish:
-
-- Via Investigation, by [reclassifying an email](/cloudflare-one/email-security/phish-submissions/#reclassify-an-email).
-- Via [PhishNet M365](/cloudflare-one/email-security/phish-submissions/#phishnet-m365) or [PhishNet for Google Workspace](/cloudflare-one/email-security/phish-submissions/#phishnet-for-google-workspace), depending on your email provider.
-- Via [Submission addresses](/cloudflare-one/email-security/phish-submissions/#submission-addresses).
-
-## Reclassify an email
-
-1. Log in to [Zero Trust](https://one.dash.cloudflare.com/).
-2. Select **Email Security** > **Investigation**.
-3. On the **Investigation** page, under **Your matching messages**, select the message you want to reclassify. Select the three dots, then select **Request reclassification**. By selecting **Request reclassification**, you are requesting a new disposition for the message.
-4. Select the new disposition, then select **Save**. 
-
-When you report an email as phish, this email will be displayed under [User submissions](/cloudflare-one/email-security/email-monitoring/search-email/#user-submissions).
-## PhishNet M365
-
-PhishNet is an add-in button that helps users to submit directly to Email Security <GlossaryTooltip term="phishing">phish</GlossaryTooltip> samples missed by Email Security's detection.
-
-To set up PhishNet M365:
-
-1. Get the customized manifest URL from [Zero Trust](https://one.dash.cloudflare.com/?to=/:account/email-security/settings/email-policy/phish-submission?tab=phish-submission).
-2. Log in to the [Microsoft admin panel](https://admin.microsoft.com/). 
-3. Go to **Microsoft 365 admin center** > **Settings** > **Integrated Apps**.
-4. Select **Upload custom apps**.
-5. Choose **Provide link to manifest file** and paste the URL you copied from the Zero Trust dashboard.
-6. Verify and complete the wizard.
-
-## PhishNet for Google Workspace
-
-To set up PhishNet with Google Workspace you need admin access to your Google Workspace account.
-
-### Set up PhishNet for Google Workspace
-
-1. Log in to [Google Workspace Marketplace apps](https://workspace.google.com/marketplace/app/cloudflare_phishnet/11369379045) using this direct link and an administrator account.
-2. Select **Admin install** to install Cloudflare PhishNet. Read the warning, and select **Continue**.
-3. You will be redirected to the **Allow data access** page, where you can choose to install Cloudflare PhishNet for **Everyone at your organization**, or **Certain groups or organizational units**. If you choose the latter option, you will have to select the users in the next step.
-4. After choosing the groups you want to install PhishNet for, agree with Google's terms of service, and select **Finish**.
-5. Cloudflare PhishNet has been installed. Select **DONE**.
-
-You have now successfully installed Cloudflare PhishNet.
-
-### Submit phish with PhishNet
-
-1. In your Gmail web client, open the message you would like to flag as either spam or phish.
-2. Select the PhishNet logo on the side panel.
-3. Under **Select Submission Type**, select **Spam** or **Phish**.
-4. Select **Submit Report**.
-
-## Submission addresses
-
-To view the destination addresses of user and team submissions:
-
-1. Log in to [Zero Trust](https://one.dash.cloudflare.com/).
-2. Select **Email Security**.
-3. Select **Settings**.
-4. Go to **Phish submission** > **Submission addresses** > **View**.
-
-The dashboard will display **User submission addresses** and **Team submission addresses**.
\ No newline at end of file
diff --git a/src/content/docs/cloudflare-one/email-security/phish-guard.mdx b/src/content/docs/cloudflare-one/email-security/phishguard.mdx
similarity index 82%
rename from src/content/docs/cloudflare-one/email-security/phish-guard.mdx
rename to src/content/docs/cloudflare-one/email-security/phishguard.mdx
index 98d1616f6e2ee65..829de72d774d094 100644
--- a/src/content/docs/cloudflare-one/email-security/phish-guard.mdx
+++ b/src/content/docs/cloudflare-one/email-security/phishguard.mdx
@@ -2,26 +2,26 @@
 title: PhishGuard
 pcx_content_type: how-to
 sidebar:
-  order: 18
+  order: 17
 ---
 
 PhishGuard is a team of analysts that routinely inspects your email environment and responds to threats that come through your email inbox.
 
 While Email Security uses advanced technologies to protect your email inbox, PhishGuard offers an additional human component to protect your email environment against impersonation events, suspicious items, false negatives/false positives, and any new event that automated intelligent systems may miss due to a lack of context (for example, a compromised account activity).
 
-PhishGuard only works on a post-delivery environment (only emails that have already landed in your email inbox are reviewed). As a result, PhishGuard analysts may perform a [reclassification](/cloudflare-one/email-security/email-monitoring/search-email/#reclassify-messages) or [auto-move](/cloudflare-one/email-security/auto-moves/) based on their findings.
+PhishGuard only works on a post-delivery environment (only emails that have already landed in your email inbox are reviewed). As a result, PhishGuard analysts may perform a [reclassification](/cloudflare-one/email-security/investigation/search-email/#reclassify-messages) or [auto-move](/cloudflare-one/email-security/settings/auto-moves/) based on their findings.
 
 PhishGuard coordinates with the email detections team, allowing you to directly request immediate detection for specific items and implement custom detections unique to your needs. An example of this is requesting to block all PayPal traffic if you do not use PayPal for invoicing. This capability allows you to take ownership over the rules governing your email environment through PhishGuard's human intervention.
 
 Additionally, PhishGuard analysts:
 
 - Use real-time threat data to identify malicious activity. Email-based threats are responded to rapidly, and immediately reported and documented. 
-- Review every [user](/cloudflare-one/email-security/email-monitoring/search-email/#user-submissions) and [team](/cloudflare-one/email-security/email-monitoring/search-email/#team-submissions) submission so your security team can focus on more critical activites.
+- Review every [user](/cloudflare-one/email-security/investigation/search-email/#user-submissions) and [team](/cloudflare-one/email-security/investigation/search-email/#team-submissions) submission so your security team can focus on more critical activites.
 - Help you detect and mitigate threats faster, reducing the time attacks have access to your network. This also helps reducing business impact, because it prevents data breaches, financial loss, and reputational damage.
 
 To use PhishGuard:
 
-1. Log in to [Zero Trust](https://one.dash.cloudflare.com/).
+1. Log in to [Cloudflare One](https://one.dash.cloudflare.com/).
 2. Select **Email security**.
 3. Select **PhishGuard**.
 
@@ -55,7 +55,7 @@ Insider threat defense on the dashboard displays **Insider leads** and **Insider
 
 PhishGuard reviews suspicious and highly malicious activity in your email environment.
 
-On the Zero Trust dashboard, email threat hunting displays previously unknown phishing attacks.
+On the Cloudflare One dashboard, email threat hunting displays previously unknown phishing attacks.
 
 Email threat hunting also gives you information on **Threat leads generated** and **Total reposts generated**.
 
@@ -67,7 +67,7 @@ Email threat hunting also gives you information on **Threat leads generated** an
 
 API Status allows you to monitor and configure the current status of API message auto-moves and directory integrations.
 
-Select **Message moves** to [configure auto-moves](/cloudflare-one/email-security/auto-moves/). Select **Directory integration** to [configure directories](/cloudflare-one/email-security/directories/).
+Select **Message moves** to [configure auto-moves](/cloudflare-one/email-security/settings/auto-moves/). Select **Directory integration** to [configure directories](/cloudflare-one/email-security/directories/).
 
 ## Managed email security operations
 
@@ -75,7 +75,7 @@ Managed email security operations allows you to review the results of phish subm
 
 It displays the following:
 
-- Total [phish submissions](/cloudflare-one/email-security/phish-submissions/)
+- Total [phish submissions](/cloudflare-one/email-security/settings/phish-submissions/)
 - Tracked incidents
 - Median time to resolve
 - Resolved track incidents
@@ -92,4 +92,4 @@ If you select the three dots, you can:
   - **Details**: Displays information such as delivery disposition, current disposition, ES Alert ID, Message-ID, Timestamp, Subject, and Attempted Fraudulent Amount.
   - **Indicators of compromise (IOC)**: [Indicators of compromise (IOC)](https://www.cloudflare.com/en-gb/learning/security/what-are-indicators-of-compromise/) are information about a specific security breach that can help security teams determine if an attack has taken place.
 - Preview email.
-- [Move email](/cloudflare-one/email-security/auto-moves/).
\ No newline at end of file
+- [Move email](/cloudflare-one/email-security/settings/auto-moves/).
\ No newline at end of file
diff --git a/src/content/docs/cloudflare-one/email-security/reclassifications/index.mdx b/src/content/docs/cloudflare-one/email-security/reclassifications/index.mdx
new file mode 100644
index 000000000000000..9483c28b6756675
--- /dev/null
+++ b/src/content/docs/cloudflare-one/email-security/reclassifications/index.mdx
@@ -0,0 +1,52 @@
+---
+title: Reclassifications
+pcx_content_type: how-to
+sidebar:
+  order: 13
+---
+
+Reclassifying messages allows you to choose the disposition of your messages if the disposition is incorrect. This helps improve Email Security's detection accuracy and ensures proper handling of email threats.
+
+## Reclassify messages
+
+To reclassify a message:
+
+1. In [Cloudflare One](https://one.dash.cloudflare.com/), go to **Email Security** and select **Investigation**.
+2. On the **Investigation** page, under **Your matching messages**, select the message you want to reclassify.
+3. Select the three dots, then select **Request reclassification**.
+4. Under **New disposition**, select among the following:
+   - **Malicious**: Traffic invoked multiple phishing verdict triggers, met thresholds for bad behavior, and is associated with active campaigns.
+   - **Spoof**: Traffic associated with phishing campaigns that is either non-compliant with your email authentication policies (SPF, DKIM, DMARC) or has mismatching Envelope From and `Header From` values.
+   - **Spam**: Traffic associated with non-malicious, commercial campaigns.
+   - **Bulk**: Traffic associated with [Graymail](https://en.wikipedia.org/wiki/Graymail_%28email%29), that falls in between the definitions of `SPAM` and `SUSPICIOUS`. For example, a marketing email that intentionally obscures its unsubscribe link.
+   - **Clean**: Traffic not associated with any phishing campaigns.
+5. Select **Save**.
+
+To reclassify messages in bulk, select **Select all messages** > **Action** > **Request reclassification**.
+
+To release messages in bulk, select **Select all messages** > **Action** > **Release**.
+
+## Upload EML files
+
+Email Security classifies certain emails as "Clean". If you disagree with the disposition, you can upload an EML file and reclassify the email.
+
+On the **Investigation** page:
+
+1. Go to the email marked as **Clean**.
+2. Select the three dots > **Request reclassification**.
+3. Upload the EML file.
+4. Select a new disposition.
+5. Select **Save**.
+
+## View reclassifications
+
+Once you have reclassified your messages, you can access those on **Reclassifications**.
+
+To view reclassifications:
+
+1. Log in to [Cloudflare One](https://one.dash.cloudflare.com/).
+2. Select **Email Security** > **Reclassifications**.
+3. Choose from the following submission types:
+   - [**Team submissions**](/cloudflare-one/email-security/reclassifications/team-submissions/): View emails your security team submitted for reclassification
+   - [**User submissions**](/cloudflare-one/email-security/reclassifications/user-submissions/): View emails your users submitted for reclassification
+   - [**Invalid submissions**](/cloudflare-one/email-security/reclassifications/invalid-submissions/): View submissions that could not be processed
diff --git a/src/content/docs/cloudflare-one/email-security/reclassifications/invalid-submissions.mdx b/src/content/docs/cloudflare-one/email-security/reclassifications/invalid-submissions.mdx
new file mode 100644
index 000000000000000..9497b26d6ce2ce9
--- /dev/null
+++ b/src/content/docs/cloudflare-one/email-security/reclassifications/invalid-submissions.mdx
@@ -0,0 +1,36 @@
+---
+title: Invalid submissions
+pcx_content_type: how-to
+sidebar:
+  order: 3
+---
+
+A submission is invalid when it cannot be processed by Email Security due to various issues with the submission format or content.
+
+## What makes a submission invalid
+
+A submission is invalid when:
+
+- A submission has no EML file attached.
+- A submission has been made with an incorrect file extension.
+- A submission was made to the wrong team or user alias.
+
+## Ensure valid submissions
+
+To ensure your submission is valid:
+
+- Ensure your submission has a file attached with a `.eml` file extension.
+- Ensure you configure the domain you are submitting emails for.
+- Ensure policies are configured correctly.
+
+## View invalid submissions
+
+To view invalid submissions:
+
+1. Log in to [Cloudflare One](https://one.dash.cloudflare.com/).
+2. Select **Email Security** > **Reclassifications**.
+3. Select **Invalid submissions**.
+
+You can search by submission ID or submitted email.
+
+You can filter based on **Date Range** and **Submitted by** (which will list emails that made the invalid submissions). Once you have configured your desired filters, select **Apply filters**.
\ No newline at end of file
diff --git a/src/content/docs/cloudflare-one/email-security/reclassifications/team-submissions.mdx b/src/content/docs/cloudflare-one/email-security/reclassifications/team-submissions.mdx
new file mode 100644
index 000000000000000..1b24f6a41f6daba
--- /dev/null
+++ b/src/content/docs/cloudflare-one/email-security/reclassifications/team-submissions.mdx
@@ -0,0 +1,38 @@
+---
+title: Team submissions
+pcx_content_type: how-to
+sidebar:
+  order: 1
+---
+
+
+Team submissions are the emails your security team submitted for reclassification. All team submissions receive a human review by Cloudflare.
+
+## View team submissions
+
+To view team submissions:
+
+1. Log in to [Cloudflare One](https://one.dash.cloudflare.com/).
+2. Select **Email Security** > **Reclassifications**.
+3. Select **Team submissions**.
+
+## Filter team submissions
+
+Select among the following filters:
+
+- **Date Range**: You can select a date range from the last 7, last 30, and last 90 days.
+- **Original disposition**: Select among the [available values](/cloudflare-one/email-security/reference/dispositions-and-attributes/#available-values).
+- **Submitted as**: Select among the [available values](/cloudflare-one/email-security/reference/dispositions-and-attributes/#available-values).
+- **Final disposition**: Select among the [available values](/cloudflare-one/email-security/reference/dispositions-and-attributes/#available-values).
+- **Escalation**: Filter by team submissions that have been escalated or not. Select among `Yes`, `No`, or `All`.
+
+Once you have selected all the filters, select **Apply filters**.
+
+The dashboard will populate the table with the list of emails your security team submitted for reclassification, including a **Submission ID**, and the **Email subject**.
+
+## View submission details
+
+To gain more details on a specific reclassification:
+
+1. Go to the reclassification you want to have more details for.
+2. Select the three dots > select among **View more**, **View email message** and **View similar details**.
\ No newline at end of file
diff --git a/src/content/docs/cloudflare-one/email-security/reclassifications/user-submissions.mdx b/src/content/docs/cloudflare-one/email-security/reclassifications/user-submissions.mdx
new file mode 100644
index 000000000000000..215aad23b8dcd77
--- /dev/null
+++ b/src/content/docs/cloudflare-one/email-security/reclassifications/user-submissions.mdx
@@ -0,0 +1,49 @@
+---
+title: User submissions
+pcx_content_type: how-to
+sidebar:
+  order: 2
+---
+
+User submissions are the emails your users submitted for reclassification. User submissions help enhance our detection model, but can be escalated for human review.
+
+Any email that is reported as [phish](/cloudflare-one/email-security/settings/phish-submissions/#reclassify-an-email) will be displayed under **User submissions**.
+
+:::note
+[PhishGuard](/cloudflare-one/email-security/phishguard/) customers can have submissions analyzed when submitting at either user or team level. Any non-PhishGuard customer can still have submissions analyzed by submitting at team level.
+:::
+
+## View user submissions
+
+To view user submissions:
+
+1. Log in to [Cloudflare One](https://one.dash.cloudflare.com/).
+2. Select **Email Security** > **Reclassifications**.
+3. Select **User submissions**.
+
+## Filter user submissions
+
+Select among the following filters:
+
+- **Date Range**: Select a date range from the last 7, last 30, and last 90 days.
+- **Original disposition**: Select among the [available values](/cloudflare-one/email-security/reference/dispositions-and-attributes/#available-values).
+- **Submitted as**: Select among the [available values](/cloudflare-one/email-security/reference/dispositions-and-attributes/#available-values).
+
+Once you have selected all the filters, select **Apply filters**.
+
+The dashboard will populate the table with the list of emails your users submitted for reclassification, including a **Submission ID**, and the **Email subject**.
+
+## View submission details
+
+To gain more details on a specific reclassification:
+
+1. Go to the reclassification you want to have more details for.
+2. Select the three dots > select among **View more**, **View email message**, **View similar details**, and **Escalate**.
+
+## Escalate a reclassification
+
+To escalate a reclassification:
+
+1. Go to the reclassification you want to escalate.
+2. Select the three dots > select **Escalate**.
+3. The dashboard will display a message to authorize escalation. Select **Escalate**.
diff --git a/src/content/docs/cloudflare-one/email-security/reference/dispositions-and-attributes.mdx b/src/content/docs/cloudflare-one/email-security/reference/dispositions-and-attributes.mdx
index 04dd26dd5aa3cb9..c771f02a392518d 100644
--- a/src/content/docs/cloudflare-one/email-security/reference/dispositions-and-attributes.mdx
+++ b/src/content/docs/cloudflare-one/email-security/reference/dispositions-and-attributes.mdx
@@ -17,7 +17,7 @@ Detection is the process Email Security does to identify what threat an email ma
 
 Any traffic that flows through Email Security is given a final disposition, which represents our evaluation of that specific message. Each message will receive only one disposition header, so your organization can take clear and specific actions on different message types.
 
-You can use disposition values when [setting up auto-moves](/cloudflare-one/email-security/auto-moves/).
+You can use disposition values when [setting up auto-moves](/cloudflare-one/email-security/settings/auto-moves/).
 
 ### Available values
 
@@ -55,7 +55,7 @@ Traffic that flows through Email Security can also receive one or more Attribute
 | `NEW_DOMAIN_LINK=<REGISTRATION_DATE>`   | Alerts to mail with links pointing out to a newly registered domain. Formatted as yyyy-MM-dd HH:mm:ss ZZZ.                                                                                                           |
 | `ENCRYPTED`                             | Email message is encrypted.                                                                                                                                                                                          |
 | `EXECUTABLE`                            | Email message contains an executable file.                                                                                                                                                                           |
-| `BEC`                                   | Indicates that an email address was contained in your [impersonation registry](/cloudflare-one/email-security/detection-settings/impersonation-registry/) list. Associated with `MALICIOUS` or `SPOOF` dispositions. |
+| `BEC`                                   | Indicates that an email address was contained in your [impersonation registry](/cloudflare-one/email-security/settings/detection-settings/impersonation-registry/) list. Associated with `MALICIOUS` or `SPOOF` dispositions. |
 
 ### Header structure
 
diff --git a/src/content/docs/cloudflare-one/email-security/retro-scan.mdx b/src/content/docs/cloudflare-one/email-security/retro-scan.mdx
index 50f5cafbd48048c..47cd4d38625e169 100644
--- a/src/content/docs/cloudflare-one/email-security/retro-scan.mdx
+++ b/src/content/docs/cloudflare-one/email-security/retro-scan.mdx
@@ -13,7 +13,7 @@ Retro Scan is only available for Microsoft 365 accounts.
 
 To start a free scan:
 
-1. Log in to [Zero Trust](https://one.dash.cloudflare.com/).
+1. Log in to [Cloudflare One](https://one.dash.cloudflare.com/).
 2. Select **Email Security** > **Overview**.
 3. Select **Start a free scan** > **Generate report**.
 4. Enable your [Microsoft integration](/cloudflare-one/email-security/setup/post-delivery-deployment/api/m365-api/#enable-microsoft-integration). Once you enabled your Microsoft integration, you will redirected to a page wheer you will add your domains and speficy your current email security system.
@@ -24,13 +24,13 @@ To start a free scan:
 6. Go to your email inbox and select the link to view the full report.
 7. On the Cloudflare dashboard, select **View report**.
 
-The dashboard will display **Overview** and **Details** pages. 
+The dashboard will display **Overview** and **Details** pages.
 
 ### Overview
 
 Overview displays the total scanned domains. The overview shows you:
 
-- [Disposition evaluation](/cloudflare-one/email-security/email-monitoring/#disposition-evaluation)
+- [Disposition evaluation](/cloudflare-one/email-security/monitoring/#disposition-evaluation)
 - Malicious threat types
 - Malicious targets
 - Malicious threat origins
@@ -39,4 +39,4 @@ Overview displays the total scanned domains. The overview shows you:
 
 Details allows you to review the first 1,000 emails assigned a disposition.
 
-Select an email to review [details](/cloudflare-one/email-security/email-monitoring/search-email/#details) about the message. 
\ No newline at end of file
+Select an email to review [details](/cloudflare-one/email-security/monitoring/search-email/#details) about the message.
diff --git a/src/content/docs/cloudflare-one/email-security/auto-moves.mdx b/src/content/docs/cloudflare-one/email-security/settings/auto-moves.mdx
similarity index 95%
rename from src/content/docs/cloudflare-one/email-security/auto-moves.mdx
rename to src/content/docs/cloudflare-one/email-security/settings/auto-moves.mdx
index 6a40d33e457efe1..f34eb86b511e87e 100644
--- a/src/content/docs/cloudflare-one/email-security/auto-moves.mdx
+++ b/src/content/docs/cloudflare-one/email-security/settings/auto-moves.mdx
@@ -2,7 +2,7 @@
 title: Auto-move events
 pcx_content_type: how-to
 sidebar:
-  order: 15
+  order: 3
 ---
 
 Auto-move events are events where emails are automatically moved to different inboxes based on the disposition Email Security assigned to them.
@@ -11,7 +11,7 @@ Email Security shows you the total number of auto-moves and the source folder fr
 
 To configure auto-move events:
 
-1. Log in to [Zero Trust](https://one.dash.cloudflare.com/).
+1. Log in to [Cloudflare One](https://one.dash.cloudflare.com/).
 2. Select **Email security**.
 3. Select **Settings**.
 4. Select **Moves**.
diff --git a/src/content/docs/cloudflare-one/email-security/detection-settings/additional-detections.mdx b/src/content/docs/cloudflare-one/email-security/settings/detection-settings/additional-detections.mdx
similarity index 92%
rename from src/content/docs/cloudflare-one/email-security/detection-settings/additional-detections.mdx
rename to src/content/docs/cloudflare-one/email-security/settings/detection-settings/additional-detections.mdx
index 30c44f1403bc338..dc458363a0b2436 100644
--- a/src/content/docs/cloudflare-one/email-security/detection-settings/additional-detections.mdx
+++ b/src/content/docs/cloudflare-one/email-security/settings/detection-settings/additional-detections.mdx
@@ -14,7 +14,7 @@ Email Security allows you to configure the following additional detections:
 
 To configure additional detections:
 
-1. Log in to [Zero Trust](https://one.dash.cloudflare.com/).
+1. Log in to [Cloudflare One](https://one.dash.cloudflare.com/).
 2. Select **Email Security**.
 3. Select **Settings**.
 4. On the **Settings** page, go to **Detection settings** > **Additional detections**, and select **Edit**.
@@ -23,7 +23,7 @@ To configure additional detections:
 
 The domain age is the time since the domain has been registered.
 
-Because of the domain age detection, [trusted domains](/cloudflare-one/email-security/detection-settings/trusted-domains/) can be used to create an exception to the age detection. 
+Because of the domain age detection, [trusted domains](/cloudflare-one/email-security/settings/detection-settings/trusted-domains/) can be used to create an exception to the age detection.
 
 To configure a domain age:
 
@@ -60,4 +60,4 @@ To enable HTML attachment email detection:
 
 1. On the **Edit additional detections** page, enable **HTML attachment email detection**.
 2. Choose between **Malicious** and **Suspicious**.
-3. Select **Save**.
\ No newline at end of file
+3. Select **Save**.
diff --git a/src/content/docs/cloudflare-one/email-security/detection-settings/allow-policies.mdx b/src/content/docs/cloudflare-one/email-security/settings/detection-settings/allow-policies.mdx
similarity index 68%
rename from src/content/docs/cloudflare-one/email-security/detection-settings/allow-policies.mdx
rename to src/content/docs/cloudflare-one/email-security/settings/detection-settings/allow-policies.mdx
index fc7cd96fc664fe0..5c4653e04e69eae 100644
--- a/src/content/docs/cloudflare-one/email-security/detection-settings/allow-policies.mdx
+++ b/src/content/docs/cloudflare-one/email-security/settings/detection-settings/allow-policies.mdx
@@ -5,7 +5,7 @@ sidebar:
   order: 1
 ---
 
-import { Example, Details } from "~/components"
+import { Example, Details } from "~/components";
 
 Email Security allows you to configure allow policies. An allow policy exempts messages that match certain patterns from normal detection scanning.
 
@@ -25,7 +25,7 @@ Allow policies are used to mitigate false positives. When an email has been mark
 
 ### Accept sender
 
-Allow policies in Email Security give you the option to choose **Accept sender**. 
+Allow policies in Email Security give you the option to choose **Accept sender**.
 
 Accept sender creates exceptions for messages that would otherwise be marked as spam, bulk, or spoof. However, Email Security will continue to scan the message for maliciousness.
 
@@ -33,11 +33,11 @@ It is recommended to choose this option, as it is the safest option to protect y
 
 <Example title="Example of a use case where marketing emails that are legitimate have been blocked">
 
-When a marketing email does not follow the correct template, it may be marked as malicious or spam. It may not be possible to change the template. However, in this scenario, the marketing email is legitimate. 
+When a marketing email does not follow the correct template, it may be marked as malicious or spam. It may not be possible to change the template. However, in this scenario, the marketing email is legitimate.
 
 To make sure that users still receive the marketing email, you will have to select **Accept sender** and add the marketing domain in **Rule Type** > **Domains**.
 
-**Accept sender** and **Domains** combined exempt marketing emails that may not follow the correct template. 
+**Accept sender** and **Domains** combined exempt marketing emails that may not follow the correct template.
 
 </Example>
 
@@ -45,25 +45,25 @@ To make sure that users still receive the marketing email, you will have to sele
 
 To configure allow policies:
 
-1. Log in to [Zero Trust](https://one.dash.cloudflare.com/).
+1. Log in to [Cloudflare One](https://one.dash.cloudflare.com/).
 2. Select **Email Security**.
 3. Select **Settings**, then go to **Detection settings** > **Allow policies**.
 4. On the **Detection settings** page, select **Add a policy**.
 5. On the **Add an allow policy** page, enter the policy information:
    - **Input method**: Choose between **Manual input**, and **Uploading an allow policy**:
-       - **Manual input**:
-           - **Action**: Select one of the following to choose how Email Security will handle messages that match your criteria:
-               - **Trust sender**: Messages will bypass all detections and link following.
-               - **Exempt recipient**: Message to this recipient will bypass all detections.
-               - **Accept sender**: Messages from this sender will be exempted from Spam, Spoof, and Bulk dispositions. Refer to [Allow policy configuration use cases](#use-case-1) for use case examples on how to configure allow policies for accept sender.
-       - **Rule type**: Specify the scope of your policy. Choose one of the following:
-           - **Email addresses**: Must be a valid email. Enter an email address whose emails are going to be exempted.
-           - **IP addresses**: This is the IP address of the email server. Any email address sent from this email server is going to be allowed. The IP address can only be IPv4. IPv6 and CIDR are invalid entries.
-           - **Domains**: Must be a valid domain.
-           - **Regular expressions**: Must be valid Java expressions. Regular expressions are matched with fields related to the sender email address (envelope from, header from, reply-to), the originating IP address, and the server name for the email. For example, you can enter `.*@domain\.com` to exempt any email address that ends with `domain.com`.
+     - **Manual input**:
+       - **Action**: Select one of the following to choose how Email Security will handle messages that match your criteria:
+         - **Trust sender**: Messages will bypass all detections and link following.
+         - **Exempt recipient**: Message to this recipient will bypass all detections.
+         - **Accept sender**: Messages from this sender will be exempted from Spam, Spoof, and Bulk dispositions. Refer to [Allow policy configuration use cases](#use-case-1) for use case examples on how to configure allow policies for accept sender.
+     - **Rule type**: Specify the scope of your policy. Choose one of the following:
+       - **Email addresses**: Must be a valid email. Enter an email address whose emails are going to be exempted.
+       - **IP addresses**: This is the IP address of the email server. Any email address sent from this email server is going to be allowed. The IP address can only be IPv4. IPv6 and CIDR are invalid entries.
+       - **Domains**: Must be a valid domain.
+       - **Regular expressions**: Must be valid Java expressions. Regular expressions are matched with fields related to the sender email address (envelope from, header from, reply-to), the originating IP address, and the server name for the email. For example, you can enter `.*@domain\.com` to exempt any email address that ends with `domain.com`.
      - **(Recommended) Sender verification**: This option enforces DMARC, SPF, or DKIM authentication. If you choose to enable this option, Email Security will only honor policies that pass authentication.
        - **Notes**: Provide additional information about your allow policy.
-   - **Uploading an allow policy**: Upload a file no larger than 150 KB. The file can only contain `Pattern`, `Pattern Type`, `Verify Email`, `Trusted Sender`, `Exempt Recipient`, `Acceptable Sender`, `Notes` fields. The first row must be a header row. Refer to [CSV uploads](/cloudflare-one/email-security/detection-settings/allow-policies/#csv-uploads) for an example file.
+   - **Uploading an allow policy**: Upload a file no larger than 150 KB. The file can only contain `Pattern`, `Pattern Type`, `Verify Email`, `Trusted Sender`, `Exempt Recipient`, `Acceptable Sender`, `Notes` fields. The first row must be a header row. Refer to [CSV uploads](/cloudflare-one/email-security/settings/detection-settings/allow-policies/#csv-uploads) for an example file.
 6. Select **Save**.
 
 <Details header="Allow policy configuration use cases">
@@ -77,41 +77,40 @@ The following use cases show how you could configure allow policies for accept s
 
     To solve this:
 
-    1. Create a [team submission](/cloudflare-one/email-security/email-monitoring/search-email/#team-submissions).
+    1. Create a [team submission](/cloudflare-one/email-security/monitoring/search-email/#team-submissions).
     2. Inform your Cloudflare contact about the escalation.
     3. Do not set up allow policies or blocked senders. In this use case, configuring allow policies will create a security gap. Setting up blocked senders will block legitimate emails from providers such as Shopify, PayPal, and Docusign.
+
 </Example>
 
 ### Use case 2
 
-
 <Example title="Company receives emails via third-party providers that are used internally. These emails are sent from the company's custom domain, but Email Security marks these emails as bulk, spam, or spoof.">
 
-  This use case can cause the emails you want to receive to follow the auto-moves rules you set up. This use case affects emails from internal tools (such as Salesforce, Atlassian, and Figma) that are given an incorrect disposition.
+This use case can cause the emails you want to receive to follow the auto-moves rules you set up. This use case affects emails from internal tools (such as Salesforce, Atlassian, and Figma) that are given an incorrect disposition.
 
-  To solve this, when you add an allow policy in the Zero Trust dashboard:
-  
-  1. Choose **Accept sender**.
-  2. Verify that **Sender verification (recommended)** is turned on.
-  
-</Example>
+To solve this, when you add an allow policy in the Cloudflare One dashboard:
 
+1. Choose **Accept sender**.
+2. Verify that **Sender verification (recommended)** is turned on.
+
+</Example>
 
 ### Use case 3
 
 <Example title="Company receives emails via third-party providers that are used internally. These emails are sent from the company's custom domain, but Email Security marks these emails as bulk, spam, or spoof. The custom email domain does not support DMARC, SPF, or DKIM, and would fail Sender Verification.">
 
-  This use case impacts the emails from internal tools (such as Salesforce, Atlassian, and Figma) that are given an incorrect disposition.
+This use case impacts the emails from internal tools (such as Salesforce, Atlassian, and Figma) that are given an incorrect disposition.
+
+To solve this, when you add an allow policy in the Cloudflare One dashboard:
 
-  To solve this, when you add an allow policy in the Zero Trust dashboard:
+1. Choose **Accept sender** based on the static IP you own.
+2. Ensure that **Sender verification (recommended)** is turned off.
 
-  1. Choose **Accept sender** based on the static IP you own.
-  2. Ensure that **Sender verification (recommended)** is turned off.
+:::caution
+Do not use email addresses or email domains for this policy as they can be easily spoofed without **Sender Verification (Recommended)** enabled.
+:::
 
-  :::caution
-  Do not use email addresses or email domains for this policy as they can be easily spoofed without **Sender Verification (Recommended)** enabled.
-  :::
- 
 </Example>
 
 </Details>
@@ -137,7 +136,7 @@ To export all allow policies:
 To export specific allow policies:
 
 1. On the **Detection settings** page, select the allow policies you want to export.
-2. Select **Export to CSV**. 
+2. Select **Export to CSV**.
 
 ## Edit allow policy
 
@@ -160,4 +159,4 @@ To delete multiple allow policies at once:
 
 1. On the **Detection settings** page, select the allow policies you want to delete.
 2. Select **Action**.
-3. Select **Delete**. 
\ No newline at end of file
+3. Select **Delete**.
diff --git a/src/content/docs/cloudflare-one/email-security/detection-settings/blocked-senders.mdx b/src/content/docs/cloudflare-one/email-security/settings/detection-settings/blocked-senders.mdx
similarity index 72%
rename from src/content/docs/cloudflare-one/email-security/detection-settings/blocked-senders.mdx
rename to src/content/docs/cloudflare-one/email-security/settings/detection-settings/blocked-senders.mdx
index c271ecfd81b76a7..71d3f94054741c9 100644
--- a/src/content/docs/cloudflare-one/email-security/detection-settings/blocked-senders.mdx
+++ b/src/content/docs/cloudflare-one/email-security/settings/detection-settings/blocked-senders.mdx
@@ -11,30 +11,30 @@ Email Security marks all messages from these senders with a malicious [dispositi
 
 Blocked senders ensures messages from any sender is automatically marked as malicious, preventing them from reaching users' inbox.
 
-Sometimes, the same email, IP address or domain always sends malicious emails to the company. In this case, you can add an email address, IP address or domain as a blocked sender. You can choose to enter a regular expression by turning **Regular expression** on. 
+Sometimes, the same email, IP address or domain always sends malicious emails to the company. In this case, you can add an email address, IP address or domain as a blocked sender. You can choose to enter a regular expression by turning **Regular expression** on.
 
 ## Configure blocked senders
 
 To configure blocked senders:
 
-1. Log in to [Zero Trust](https://one.dash.cloudflare.com/).
+1. Log in to [Cloudflare One](https://one.dash.cloudflare.com/).
 2. Select **Email Security**.
 3. Select **Settings**, go to **Detection settings** > **Blocked senders**.
 4. On the **Detection settings** page, select **Add a sender**.
 5. Select the **Input method**: Choose between **Manual input**, and **Upload blocked sender list**:
-     - **Manual input**:
-        - **Sender type**:
-             - **Email addresses**: Must be a valid email.
-             - **IP addresses**: Can only be IPv4. IPv6 and CIDR are invalid entries.
-             - **Domains**: Must be a valid domain.
-             - **Regular expressions**: Must be valid Java expressions. Regular expressions are matched with fields related to the sender email address (envelope from, header from, reply-to), the originating IP address, and the server name for the email. For example, you can enter `.*@domain\.com` to exempt any email address that ends with `domain.com`.
-         - **Notes**: Provide additional information about the blocked sender policy.
-   - **Upload blocked sender list**: Upload a file no larger than 150 KB. The file cannot can only contain `Blocked_Sender`, `Pattern Type,` and `Notes` fields. The first row must be a header row. Refer to [CSV uploads](/cloudflare-one/email-security/detection-settings/blocked-senders/#csv-uploads) for an example file.
+   - **Manual input**:
+     - **Sender type**:
+       - **Email addresses**: Must be a valid email.
+       - **IP addresses**: Can only be IPv4. IPv6 and CIDR are invalid entries.
+       - **Domains**: Must be a valid domain.
+       - **Regular expressions**: Must be valid Java expressions. Regular expressions are matched with fields related to the sender email address (envelope from, header from, reply-to), the originating IP address, and the server name for the email. For example, you can enter `.*@domain\.com` to exempt any email address that ends with `domain.com`.
+     - **Notes**: Provide additional information about the blocked sender policy.
+   - **Upload blocked sender list**: Upload a file no larger than 150 KB. The file cannot can only contain `Blocked_Sender`, `Pattern Type,` and `Notes` fields. The first row must be a header row. Refer to [CSV uploads](/cloudflare-one/email-security/settings/detection-settings/blocked-senders/#csv-uploads) for an example file.
 6. Select **Save**.
 
 ### CSV uploads
 
-You can upload a file no larger than 150 KB. The file cannot can only contain `Blocked_Sender`, `Pattern Type,` and `Notes` fields. The first row must be a header row. 
+You can upload a file no larger than 150 KB. The file cannot can only contain `Blocked_Sender`, `Pattern Type,` and `Notes` fields. The first row must be a header row.
 
 An example file would look like this:
 
@@ -77,4 +77,4 @@ To delete multiple blocked senders at once:
 
 1. On the **Detection settings** page, under **Blocked senders**, select the senders you want to delete.
 2. Select **Action**
-3. Select **Delete**.
\ No newline at end of file
+3. Select **Delete**.
diff --git a/src/content/docs/cloudflare-one/email-security/detection-settings/configure-link-actions.mdx b/src/content/docs/cloudflare-one/email-security/settings/detection-settings/configure-link-actions.mdx
similarity index 96%
rename from src/content/docs/cloudflare-one/email-security/detection-settings/configure-link-actions.mdx
rename to src/content/docs/cloudflare-one/email-security/settings/detection-settings/configure-link-actions.mdx
index e7251954c0282be..5ce7ec72d985c02 100644
--- a/src/content/docs/cloudflare-one/email-security/detection-settings/configure-link-actions.mdx
+++ b/src/content/docs/cloudflare-one/email-security/settings/detection-settings/configure-link-actions.mdx
@@ -13,7 +13,7 @@ You can only configure link actions if you deploy Email Security via [MX/Inline]
 
 To configure link actions:
 
-1. Log in to [Zero Trust](https://one.dash.cloudflare.com/).
+1. Log in to [Cloudflare One](https://one.dash.cloudflare.com/).
 2. Select **Email Security**.
 3. Select **Settings**, then go to **Detection settings** > **Link actions** > **View**.
 
diff --git a/src/content/docs/cloudflare-one/email-security/detection-settings/configure-text-add-ons.mdx b/src/content/docs/cloudflare-one/email-security/settings/detection-settings/configure-text-add-ons.mdx
similarity index 78%
rename from src/content/docs/cloudflare-one/email-security/detection-settings/configure-text-add-ons.mdx
rename to src/content/docs/cloudflare-one/email-security/settings/detection-settings/configure-text-add-ons.mdx
index d2075718ff8336b..eb607bf1ccbc107 100644
--- a/src/content/docs/cloudflare-one/email-security/detection-settings/configure-text-add-ons.mdx
+++ b/src/content/docs/cloudflare-one/email-security/settings/detection-settings/configure-text-add-ons.mdx
@@ -19,7 +19,7 @@ If you currently do not have text add-ons enabled, configuring text add-ons will
 
 To configure a subject prefix:
 
-1. Log in to [Zero Trust](https://one.dash.cloudflare.com/).
+1. Log in to [Cloudflare One](https://one.dash.cloudflare.com/).
 2. Select **Email Security**.
 3. Select **Settings**, then go to **Detection settings** > **Text add-ons** > **View**.
 4. Select **Configure** > **Subject prefix**.
@@ -27,14 +27,14 @@ To configure a subject prefix:
 
 ### Advanced settings
 
-In **Advanced settings**, you can configure **Add "labels" variable**. This option allows you to add a dynamic value for a label that lists dispositions and allows for additional text. 
+In **Advanced settings**, you can configure **Add "labels" variable**. This option allows you to add a dynamic value for a label that lists dispositions and allows for additional text.
 
 To turn on **Add "labels" variable**:
 
 1. Go to **Advanced settings** > **Add "labels" variable**.
 2. Choose between:
-    - **Use default**.
-    - **Use custom "labels" variable**: Enter the custom label in the text box.
+   - **Use default**.
+   - **Use custom "labels" variable**: Enter the custom label in the text box.
 
 Once you have configured the subject prefix, select **Save**.
 
@@ -52,9 +52,9 @@ To turn on **Add "labels" or "threat types" variable**:
 
 1. Go to **Advanced settings**:
 2. Choose between:
-    - **Add "labels" variable**: This option allows you to add a dynamic value that for a label that lists dispositions and allows for additional text. Choose between:
-        - **Use default**.
-        - **Use custom "labels" variable**: Enter the custom label in the text box.
+   - **Add "labels" variable**: This option allows you to add a dynamic value that for a label that lists dispositions and allows for additional text. Choose between:
+     - **Use default**.
+     - **Use custom "labels" variable**: Enter the custom label in the text box.
 
 Once you have configured the body prefix, select **Save**.
 
@@ -62,4 +62,4 @@ Once you have configured the body prefix, select **Save**.
 
 This option allows you to include a dynamic value for '%THREATS' that lists the threat types behind an assigned disposition. It can include additional, HTML-formatted text.
 
-The dashboard will display **Default** or **Custom** (to use "labels" or "threat types" variable), depending on how you configured the [advanced settings](/cloudflare-one/email-security/detection-settings/configure-text-add-ons/#advanced-settings-1).
\ No newline at end of file
+The dashboard will display **Default** or **Custom** (to use "labels" or "threat types" variable), depending on how you configured the [advanced settings](/cloudflare-one/email-security/settings/detection-settings/configure-text-add-ons/#advanced-settings-1).
diff --git a/src/content/docs/cloudflare-one/email-security/detection-settings/impersonation-registry.mdx b/src/content/docs/cloudflare-one/email-security/settings/detection-settings/impersonation-registry.mdx
similarity index 84%
rename from src/content/docs/cloudflare-one/email-security/detection-settings/impersonation-registry.mdx
rename to src/content/docs/cloudflare-one/email-security/settings/detection-settings/impersonation-registry.mdx
index 6822390c22a2c62..f7d4558045dba9c 100644
--- a/src/content/docs/cloudflare-one/email-security/detection-settings/impersonation-registry.mdx
+++ b/src/content/docs/cloudflare-one/email-security/settings/detection-settings/impersonation-registry.mdx
@@ -16,20 +16,20 @@ For easier tracking, the Email Security team recommends syncing and structuring
 
 To add a user to the impersonation registry:
 
-1. Log in to [Zero Trust](https://one.dash.cloudflare.com/).
+1. Log in to [Cloudflare One](https://one.dash.cloudflare.com/).
 2. Select **Email Security**.
 3. Select **Settings** > **Impersonation registry**.
 4. Select **Add a user**.
 5. Select **Input method**: Choose between **Manual input**, **Upload manual list**, and **Select from existing directories**:
    - **Manual input**: Enter the following information:
-       - **User info**: enter a valid **Display name**.
-       - **User email**: Enter one of the following:
-         - **Email address**: Enter all known email addresses, separated by a comma.
-         - **Regular expressions**: Must be valid Java expressions.
-   - **Upload manual list**: You can upload a file no larger than 150 KB containing all variables of potential emails. The file must contain `Display_Name` and `Email`, and the first row must be the header row. Refer to [CSV uploads](/cloudflare-one/email-security/detection-settings/impersonation-registry/#csv-uploads) for an example file.
+     - **User info**: enter a valid **Display name**.
+     - **User email**: Enter one of the following:
+       - **Email address**: Enter all known email addresses, separated by a comma.
+       - **Regular expressions**: Must be valid Java expressions.
+   - **Upload manual list**: You can upload a file no larger than 150 KB containing all variables of potential emails. The file must contain `Display_Name` and `Email`, and the first row must be the header row. Refer to [CSV uploads](/cloudflare-one/email-security/settings/detection-settings/impersonation-registry/#csv-uploads) for an example file.
    - **Select from existing directories**:
-       - **Select directory**: Select your directory.
-       - **Add users or groups**: Choose the users or groups you want to register.
+     - **Select directory**: Select your directory.
+     - **Add users or groups**: Choose the users or groups you want to register.
 6. Select **Save**.
 
 ### CSV uploads
@@ -92,4 +92,4 @@ To remove multiple users at once from the impersonation registry:
 
 1. Select all the users you want to remove.
 2. Select **Action** > **Remove from registry**.
-3. Read the pop-up message, then select **Remove users**.
\ No newline at end of file
+3. Read the pop-up message, then select **Remove users**.
diff --git a/src/content/docs/cloudflare-one/email-security/detection-settings/index.mdx b/src/content/docs/cloudflare-one/email-security/settings/detection-settings/index.mdx
similarity index 93%
rename from src/content/docs/cloudflare-one/email-security/detection-settings/index.mdx
rename to src/content/docs/cloudflare-one/email-security/settings/detection-settings/index.mdx
index b982c6f28fb175d..db3ea03c37e3106 100644
--- a/src/content/docs/cloudflare-one/email-security/detection-settings/index.mdx
+++ b/src/content/docs/cloudflare-one/email-security/settings/detection-settings/index.mdx
@@ -2,7 +2,7 @@
 pcx_content_type: navigation
 title: Detection settings
 sidebar:
-  order: 14
+  order: 2
   group:
     hideIndex: true
 ---
diff --git a/src/content/docs/cloudflare-one/email-security/detection-settings/trusted-domains.mdx b/src/content/docs/cloudflare-one/email-security/settings/detection-settings/trusted-domains.mdx
similarity index 82%
rename from src/content/docs/cloudflare-one/email-security/detection-settings/trusted-domains.mdx
rename to src/content/docs/cloudflare-one/email-security/settings/detection-settings/trusted-domains.mdx
index 4603c634f7c848e..0c16d9c1a2b1cb3 100644
--- a/src/content/docs/cloudflare-one/email-security/detection-settings/trusted-domains.mdx
+++ b/src/content/docs/cloudflare-one/email-security/settings/detection-settings/trusted-domains.mdx
@@ -9,13 +9,13 @@ Email Security allows you to exempt known partner and internal domains from typi
 
 ## How trusted domains work
 
-Trusted domains are not for the email message itself, but for entire domains. 
+Trusted domains are not for the email message itself, but for entire domains.
 
 By default, Email Security automatically detects lookalike domains. Lookalike domains can be something like this: `thisisdomain.com` and `thisisadomain.com`. Both domains almost look identical.
 
-If an email is received from a domain that looks like a configured domain, this will trigger a detection. Trusted domain is configured to ignore this detection. 
+If an email is received from a domain that looks like a configured domain, this will trigger a detection. Trusted domain is configured to ignore this detection.
 
-In [Additional detections](/cloudflare-one/email-security/detection-settings/additional-detections/), you can configure malicious domain and suspicious [domain age](/cloudflare-one/email-security/detection-settings/additional-detections/).
+In [Additional detections](/cloudflare-one/email-security/settings/detection-settings/additional-detections/), you can configure malicious domain and suspicious [domain age](/cloudflare-one/email-security/settings/detection-settings/additional-detections/).
 
 Malicious domain age means that someone may create a domain today, similar to a target, and start sending emails with that domain. This is usually how many phish campaigns start. In this case, the domain is usually marked as Malicious. Malicious domain age is usually set to 7 days.
 
@@ -23,17 +23,17 @@ Suspicious domain age means that after 7 days (this number corresponds to the Ma
 
 To view whether a domain is malicious or suspicious:
 
-1. In [Zero Trust](https://one.dash.cloudflare.com/), go to **Investigation**.
+1. In [Cloudflare One](https://one.dash.cloudflare.com/), go to **Investigation**.
 2. Run a screen. For example, select **Run screen** for **Malicious emails**, then select **Run screen**.
 3. Under **Your matching messages**, if any message displays **Domain Age** under **Threat types**, that means that the domain age is too low, and therefore the disposition assigned is Malicious. If the domain is legitimate, you can add it as a trusted domain:
-    - Go to **Settings** > **Trusted Domains**.
-    - Under **Domain Info**, add the domain, and select **New Domain**. This will mark the domain whose age is low as a trusted domain.
+   - Go to **Settings** > **Trusted Domains**.
+   - Under **Domain Info**, add the domain, and select **New Domain**. This will mark the domain whose age is low as a trusted domain.
 
 ## Configure trusted domains
 
 To configure a trusted domain:
 
-1. Log in to [Zero Trust](https://one.dash.cloudflare.com/).
+1. Log in to [Cloudflare One](https://one.dash.cloudflare.com/).
 2. Select **Email Security**.
 3. Select **Settings**, go to **Detection settings** > **Trusted domains**.
 4. On the **Detection settings** page, select **Add a domain**.
@@ -41,10 +41,10 @@ To configure a trusted domain:
    - **Manual input**:
      - **Domain info**: Enter a valid domain name.
      - **Domain type**: Select one or both options:
-       * **Proximity domain**: Domains with similar spelling to your existing domain.
-       * **Recent domain**: Domains created recently.
+       - **Proximity domain**: Domains with similar spelling to your existing domain.
+       - **Recent domain**: Domains created recently.
      * **Notes**: Provide additional information about the trusted domain list.
-   - **Upload trusted domain list**: You can upload a file no larger than 150 KB of multiple trusted domains. The file can only contain `Domain`, `Proximity`, `New` and `Notes` fields. The first row must be a header row. Refer to [CSV uploads](/cloudflare-one/email-security/detection-settings/trusted-domains/#csv-uploads) for an example file.
+   - **Upload trusted domain list**: You can upload a file no larger than 150 KB of multiple trusted domains. The file can only contain `Domain`, `Proximity`, `New` and `Notes` fields. The first row must be a header row. Refer to [CSV uploads](/cloudflare-one/email-security/settings/detection-settings/trusted-domains/#csv-uploads) for an example file.
 6. Select **Save**.
 
 ### CSV uploads
@@ -92,4 +92,4 @@ To delete multiple trusted domains at once:
 
 1. On the **Detection settings** page, select the trusted domains you want to delete.
 2. Select **Action**.
-3. Select **Delete**.
\ No newline at end of file
+3. Select **Delete**.
diff --git a/src/content/docs/cloudflare-one/email-security/settings/domain-management/domain.mdx b/src/content/docs/cloudflare-one/email-security/settings/domain-management/domain.mdx
new file mode 100644
index 000000000000000..10fc092aab81376
--- /dev/null
+++ b/src/content/docs/cloudflare-one/email-security/settings/domain-management/domain.mdx
@@ -0,0 +1,10 @@
+---
+title: Information about your domain
+pcx_content_type: concept
+sidebar:
+  order: 1
+---
+
+import { GlossaryTooltip, Render } from "~/components";
+
+<Render file="email-security/domain-information" product="cloudflare-one" />
\ No newline at end of file
diff --git a/src/content/docs/cloudflare-one/email-security/settings/domain-management/index.mdx b/src/content/docs/cloudflare-one/email-security/settings/domain-management/index.mdx
new file mode 100644
index 000000000000000..806a3ff148a33a6
--- /dev/null
+++ b/src/content/docs/cloudflare-one/email-security/settings/domain-management/index.mdx
@@ -0,0 +1,12 @@
+---
+pcx_content_type: navigation
+title: Domain management
+sidebar:
+  order: 1
+  group:
+    hideIndex: true
+---
+
+import { DirectoryListing } from "~/components"
+
+<DirectoryListing />
\ No newline at end of file
diff --git a/src/content/docs/cloudflare-one/email-security/settings/index.mdx b/src/content/docs/cloudflare-one/email-security/settings/index.mdx
new file mode 100644
index 000000000000000..77fb8d20495b89f
--- /dev/null
+++ b/src/content/docs/cloudflare-one/email-security/settings/index.mdx
@@ -0,0 +1,12 @@
+---
+pcx_content_type: navigation
+title: Settings
+sidebar:
+  order: 15
+  group:
+    hideIndex: true
+---
+
+import { DirectoryListing } from "~/components"
+
+<DirectoryListing />
\ No newline at end of file
diff --git a/src/content/docs/cloudflare-one/email-security/settings/invalid-submissions.mdx b/src/content/docs/cloudflare-one/email-security/settings/invalid-submissions.mdx
new file mode 100644
index 000000000000000..ec72d2ff4ba0829
--- /dev/null
+++ b/src/content/docs/cloudflare-one/email-security/settings/invalid-submissions.mdx
@@ -0,0 +1,32 @@
+---
+pcx_content_type: navigation
+title: Invalid submissions
+sidebar:
+  order: 5
+  group:
+    hideIndex: true
+---
+
+### Invalid submissions
+
+A submission is invalid when:
+
+- A submission has no EML file attached.
+- A submission has been made with an incorrect file extension.
+- A submission was made to the wrong team or user alias.
+
+To ensure your submission is valid:
+
+- Ensure your submission has a file attached with a `.eml` file extension.
+- Ensure you configure the domain you are submitting emails for.
+- Ensure policies are configured correctly.
+
+To view invalid submissions:
+
+1. Log in to [Cloudflare One](https://one.dash.cloudflare.com/).
+2. Select **Email Security** > **Reclassifications**.
+3. Select **Invalid submissions**.
+
+You can search by submission ID or submitted email.
+
+You can filter based on **Date Range** and **Submitted by** (which will list emails that made the invalid submissions). Once you have configured your desired filters, select **Apply filters**.
\ No newline at end of file
diff --git a/src/content/docs/cloudflare-one/email-security/settings/phish-submissions/index.mdx b/src/content/docs/cloudflare-one/email-security/settings/phish-submissions/index.mdx
new file mode 100644
index 000000000000000..ff1c8ef5539c1e8
--- /dev/null
+++ b/src/content/docs/cloudflare-one/email-security/settings/phish-submissions/index.mdx
@@ -0,0 +1,27 @@
+---
+title: Phish submissions
+pcx_content_type: how-to
+sidebar:
+  order: 4
+---
+
+import { GlossaryTooltip, Render } from "~/components";
+
+As part of your continuous email security posture, administrators and security analysts need to submit missed <GlossaryTooltip term="phishing">phishing</GlossaryTooltip> samples to Email Security, so Cloudflare can process them and take necessary action.
+
+Submitting missed phish samples to Cloudflare is of paramount importance and necessary for continuous protection. Submitting missed phish samples helps Cloudflare improve our machine learning (ML) models, and alerts us of new attack vectors before they become prevalent.
+
+There are three routes you can use to report an email as a phish:
+
+- Via Investigation, by [reclassifying an email](/cloudflare-one/email-security/settings/phish-submissions/#reclassify-an-email).
+- Via [PhishNet 365](/cloudflare-one/email-security/settings/phish-submissions/phishnet-365/).
+- Via [Submission addresses](/cloudflare-one/email-security/settings/phish-submissions/submission-addresses/).
+
+## Reclassify an email
+
+1. Log in to [Cloudflare One](https://one.dash.cloudflare.com/).
+2. Select **Email Security** > **Investigation**.
+3. On the **Investigation** page, under **Your matching messages**, select the message you want to reclassify. Select the three dots, then select **Request reclassification**. By selecting **Request reclassification**, you are requesting a new disposition for the message.
+4. Select the new disposition, then select **Save**.
+
+When you report an email as phish, this email will be displayed under [User submissions](/cloudflare-one/email-security/monitoring/search-email/#user-submissions).
diff --git a/src/content/docs/cloudflare-one/email-security/settings/phish-submissions/phishnet-365.mdx b/src/content/docs/cloudflare-one/email-security/settings/phish-submissions/phishnet-365.mdx
new file mode 100644
index 000000000000000..75e9d145b6f6fc0
--- /dev/null
+++ b/src/content/docs/cloudflare-one/email-security/settings/phish-submissions/phishnet-365.mdx
@@ -0,0 +1,42 @@
+---
+title: PhishNet 365
+pcx_content_type: how-to
+sidebar:
+  order: 1
+---
+
+import { GlossaryTooltip } from "~/components"
+
+PhishNet is an add-in button that helps users to submit directly to Email Security <GlossaryTooltip term="phishing">phish</GlossaryTooltip> samples missed by Email Security's detection.
+
+## PhishNet M365
+
+To set up PhishNet M365:
+
+1. Get the customized manifest URL from [Cloudflare One](https://one.dash.cloudflare.com/?to=/:account/email-security/settings/email-policy/phish-submission?tab=phish-submission).
+2. Log in to the [Microsoft admin panel](https://admin.microsoft.com/). 
+3. Go to **Microsoft 365 admin center** > **Settings** > **Integrated Apps**.
+4. Select **Upload custom apps**.
+5. Choose **Provide link to manifest file** and paste the URL you copied from the Cloudflare One dashboard.
+6. Verify and complete the wizard.
+
+## PhishNet for Google Workspace
+
+To set up PhishNet with Google Workspace you need admin access to your Google Workspace account.
+
+### Set up PhishNet for Google Workspace
+
+1. Log in to [Google Workspace Marketplace apps](https://workspace.google.com/marketplace/app/cloudflare_phishnet/11369379045) using this direct link and an administrator account.
+2. Select **Admin install** to install Cloudflare PhishNet. Read the warning, and select **Continue**.
+3. You will be redirected to the **Allow data access** page, where you can choose to install Cloudflare PhishNet for **Everyone at your organization**, or **Certain groups or organizational units**. If you choose the latter option, you will have to select the users in the next step.
+4. After choosing the groups you want to install PhishNet for, agree with Google's terms of service, and select **Finish**.
+5. Cloudflare PhishNet has been installed. Select **DONE**.
+
+You have now successfully installed Cloudflare PhishNet.
+
+### Submit phish with PhishNet
+
+1. In your Gmail web client, open the message you would like to flag as either spam or phish.
+2. Select the PhishNet logo on the side panel.
+3. Under **Select Submission Type**, select **Spam** or **Phish**.
+4. Select **Submit Report**.
diff --git a/src/content/docs/cloudflare-one/email-security/settings/phish-submissions/submission-addresses.mdx b/src/content/docs/cloudflare-one/email-security/settings/phish-submissions/submission-addresses.mdx
new file mode 100644
index 000000000000000..764b4d691cf0e6d
--- /dev/null
+++ b/src/content/docs/cloudflare-one/email-security/settings/phish-submissions/submission-addresses.mdx
@@ -0,0 +1,15 @@
+---
+title: Submission addresses
+pcx_content_type: how-to
+sidebar:
+  order: 2
+---
+
+To view the destination addresses of user and team submissions:
+
+1. Log in to [Cloudflare One](https://one.dash.cloudflare.com/).
+2. Select **Email Security**.
+3. Select **Settings**.
+4. Go to **Phish submission** > **Submission addresses** > **View**.
+
+The dashboard will display **User submission addresses** and **Team submission addresses**.
\ No newline at end of file
diff --git a/src/content/docs/cloudflare-one/email-security/setup/index.mdx b/src/content/docs/cloudflare-one/email-security/setup/index.mdx
index 93e353e9087bc30..c59d2e0c7ce102c 100644
--- a/src/content/docs/cloudflare-one/email-security/setup/index.mdx
+++ b/src/content/docs/cloudflare-one/email-security/setup/index.mdx
@@ -27,7 +27,7 @@ The following table compares features available across API, BCC/Journaling and M
 | Message Remediation      	| Auto-moves through Read/Write API permissions     	| Auto-moves through Google or Microsoft integration  	| Auto-moves through Microsoft integration                        	| Messages can be blocked,  quarantined, or modified inline    	|
 | Message Modification     	| Primarily deletion/move post-delivery              	| Primarily deletion/move post-delivery             	| Primarily deletion/move post-delivery.                          	| Move post-delivery. Supports link actions and text add-ons.[^1]  	|
 
-[^1] With [inline deployment](/cloudflare-one/email-security/setup/pre-delivery-deployment/mx-inline-deployment/), Cloudflare recommends setting up the integrations to allow post-delivery response and phish submission response to work. Refer to step 7 in [Auto-moves](/cloudflare-one/email-security/auto-moves/) to learn more.
+[^1] With [inline deployment](/cloudflare-one/email-security/setup/pre-delivery-deployment/mx-inline-deployment/), Cloudflare recommends setting up the integrations to allow post-delivery response and phish submission response to work. Refer to step 7 in [Auto-moves](/cloudflare-one/email-security/settings/auto-moves/) to learn more.
 
 ## 1. Choose a deployment
 
@@ -41,7 +41,7 @@ If you are a [Google Workspace](/cloudflare-one/email-security/setup/post-delive
 
 #### Why you should consider post-delivery deployment
 
-Post-delivery deployment is time-efficient, because it does not involve MX changes. Post-delivery deployment does not disrupt mail flow. Post-delivery deployment allows you to enable [auto-move events](/cloudflare-one/email-security/auto-moves/) to hard or soft delete messages, and synchronize your [directory](/cloudflare-one/email-security/directories/) when you use Microsoft Graph API or Google Workspace.
+Post-delivery deployment is time-efficient, because it does not involve MX changes. Post-delivery deployment does not disrupt mail flow. Post-delivery deployment allows you to enable [auto-move events](/cloudflare-one/email-security/settings/auto-moves/) to hard or soft delete messages, and synchronize your [directory](/cloudflare-one/email-security/directories/) when you use Microsoft Graph API or Google Workspace.
 
 :::note
 When you choose post-delivery deployment:
@@ -56,7 +56,7 @@ When you choose pre-delivery deployment, Cloudflare scans emails **before** they
 
 #### Why you should consider pre-delivery deployment
 
-Pre-delivery deployment provides you with the highest level of protection. It enforces [text add-ons](/cloudflare-one/email-security/detection-settings/configure-text-add-ons/) or link rewrite at delivery.
+Pre-delivery deployment provides you with the highest level of protection. It enforces [text add-ons](/cloudflare-one/email-security/settings/detection-settings/configure-text-add-ons/) or link rewrite at delivery.
 
 Pre-delivery blocks threats in transit, and it adds banners or texts before the user views the email.
 
@@ -75,7 +75,7 @@ Refer to [Dispositions](/cloudflare-one/email-security/reference/dispositions-an
 
 ## 3. Set up the impersonation registry
 
-Most [business email compromise (BEC)](https://www.cloudflare.com/en-gb/learning/email-security/business-email-compromise-bec/) targets executives or finance roles. You must add addresses of roles who are likely to be impersonated. Refer to [Impersonation registry](/cloudflare-one/email-security/detection-settings/impersonation-registry/) to learn how to add a user to the impersonation registry.
+Most [business email compromise (BEC)](https://www.cloudflare.com/en-gb/learning/email-security/business-email-compromise-bec/) targets executives or finance roles. You must add addresses of roles who are likely to be impersonated. Refer to [Impersonation registry](/cloudflare-one/email-security/settings/detection-settings/impersonation-registry/) to learn how to add a user to the impersonation registry.
 
 Roles you may want to include in the impersonation registry are:
 
@@ -89,12 +89,12 @@ You should review your impersonation registry on a quarterly basis as roles chan
 
 ## 4. Reclassify messages
 
-A reclassification is a change to an email's disposition **after** initial scanning. It is Cloudflare's built-in feedback loop for correcting false positives/negatives **and** training the detection models to get smarter over time. Refer to [Reclassify messages](/cloudflare-one/email-security/email-monitoring/search-email/#reclassify-messages) to learn how to reclassify a message.
+A reclassification is a change to an email's disposition **after** initial scanning. It is Cloudflare's built-in feedback loop for correcting false positives/negatives **and** training the detection models to get smarter over time. Refer to [Reclassify messages](/cloudflare-one/email-security/investigation/search-email/#reclassify-messages) to learn how to reclassify a message.
 
 
 ### Who can reclassify messages
 
-[Security teams](/cloudflare-one/email-security/email-monitoring/search-email/#team-submissions) and [end users](/cloudflare-one/email-security/email-monitoring/search-email/#user-submissions) can submit a reclassification. 
+[Security teams](/cloudflare-one/email-security/investigation/search-email/#team-submissions) and [end users](/cloudflare-one/email-security/investigation/search-email/#user-submissions) can submit a reclassification. 
 
 ### Why you should reclassify messages
 
@@ -103,13 +103,13 @@ Reclassifications are critical because:
 - **They help improve model accuracy**: Every validated reclassification teaches Cloudflare's machine learning to recognise new lures, language, infrastructure, and benign patterns.
 - **They reduce alert fatigue**: Correcting Suspicious or Spam emails that users actually want tailors detections to your organization, cutting noise in the dashboard.
 - **They close the remediation loop**: When a disposition is upgraded to Malicious, Cloudflare auto-moves those emails out of every inbox (Graph API or Google Workspace API integrations).
-- **They can help you log activity taken on any reclassification**: Each reclassification displays a submission ID, details about original, requested and final dispositions, and more. Refer to [Reclassify messages](/cloudflare-one/email-security/email-monitoring/search-email/#reclassify-messages) to learn more about reclassifications.
+- **They can help you log activity taken on any reclassification**: Each reclassification displays a submission ID, details about original, requested and final dispositions, and more. Refer to [Reclassify messages](/cloudflare-one/email-security/investigation/search-email/#reclassify-messages) to learn more about reclassifications.
 
 To make the most of reclassifications:
 
 1. Review reclassifications on a weekly basis.
 2. Ensure you have an integration associated with any MX/Inline deployment. When you associate an integration, you will not need to upload the EMLs every time; Cloudflare can use APIs to receive a copy of your email messages.
-3. Investigate any increase in [user submissions](/cloudflare-one/email-security/email-monitoring/search-email/#user-submissions) (users may have found a phish that bypassed filters) and confirm that analyst-final dispositions align with your policies.
+3. Investigate any increase in [user submissions](/cloudflare-one/email-security/investigation/search-email/#user-submissions) (users may have found a phish that bypassed filters) and confirm that analyst-final dispositions align with your policies.
 
 A correct use of reclassifications ensures that Email Security delivers a stronger protection with less manual tuning.
 
@@ -123,11 +123,11 @@ Follow the below checklist to ensure your email environment is set up correctly:
 | Associate an integration with an MX/Inline domain                                                       |               | Required     |
 | Add/verify domains                                                                                      | Required      | Required     |
 | [Update MX records/connector](/cloudflare-one/email-security/setup/pre-delivery-deployment/mx-inline-deployment-setup/), then allow Cloudflare [egress IPs](/cloudflare-one/email-security/setup/pre-delivery-deployment/egress-ips/) on downstream mail server |               | Required     |
-| Enable [Post‑delivery response and Phish submission response](/cloudflare-one/email-security/auto-moves/)                                             | Required      | Required     |
-| Populate [impersonation registry](/cloudflare-one/email-security/detection-settings/impersonation-registry/) and [allow](/cloudflare-one/email-security/detection-settings/allow-policies/)/[block](/cloudflare-one/email-security/detection-settings/blocked-senders/) lists                                                 | Required      | Required     |
+| Enable [Post‑delivery response and Phish submission response](/cloudflare-one/email-security/settings/auto-moves/)                                             | Required      | Required     |
+| Populate [impersonation registry](/cloudflare-one/email-security/settings/detection-settings/impersonation-registry/) and [allow](/cloudflare-one/email-security/settings/detection-settings/allow-policies/)/[block](/cloudflare-one/email-security/settings/detection-settings/blocked-senders/) lists                                                 | Required      | Required     |
 | Configure [partner domain TLS](/cloudflare-one/email-security/setup/pre-delivery-deployment/partner-domain-tls/) and admin quarantine                                                              |               | Required     |
-| Configure [text add-ons](/cloudflare-one/email-security/detection-settings/configure-text-add-ons/) and [link actions](/cloudflare-one/email-security/detection-settings/configure-link-actions/)                                                                  |               | Required     |
-| Send a test email and verify it appears in **Monitoring** > [**Email activity**](/cloudflare-one/email-security/email-monitoring/#email-activity) with expected disposition        | Required      | Required     |
+| Configure [text add-ons](/cloudflare-one/email-security/settings/detection-settings/configure-text-add-ons/) and [link actions](/cloudflare-one/email-security/settings/detection-settings/configure-link-actions/)                                                                  |               | Required     |
+| Send a test email and verify it appears in **Monitoring** > [**Email activity**](/cloudflare-one/email-security/monitoring/#email-activity) with expected disposition        | Required      | Required     |
 
 [^1]: Associating an integration with BCC/Journaling is required for post-delivery but not for pre-delivery.
 [^2]: Still used for directory/auto‑move insight if desired as well as authorizing free API CASB.
diff --git a/src/content/docs/cloudflare-one/email-security/setup/manage-domains.mdx b/src/content/docs/cloudflare-one/email-security/setup/manage-domains.mdx
index 63752ceae358c87..b616a7949b8fe8f 100644
--- a/src/content/docs/cloudflare-one/email-security/setup/manage-domains.mdx
+++ b/src/content/docs/cloudflare-one/email-security/setup/manage-domains.mdx
@@ -10,7 +10,7 @@ Once you have deployed your domain, Email Security allows you to filter and edit
 
 To filter your domains:
 
-1. Log in to [Zero Trust](https://one.dash.cloudflare.com/) > **Email Security**.
+1. Log in to [Cloudflare One](https://one.dash.cloudflare.com/) > **Email Security**.
 2. Go to **Settings** > **Domain management** > **Domains**, then select **View**.
 3. Select **Show filters** > **Configured method**. Choose among the following filters:
         - **MS Graph API**: To view domains connected via MS Graph API.
@@ -23,7 +23,7 @@ To filter your domains:
 
 To edit your domains:
 
-1. Log in to [Zero Trust](https://one.dash.cloudflare.com/) > **Email Security**.
+1. Log in to [Cloudflare One](https://one.dash.cloudflare.com/) > **Email Security**.
 2. Go to **Settings** > **Domain management** > **Domains**, then select **View**.
 3. On the **Domains** page, locate your domain, select the three dots > **Edit**.
 4. If you did not manually add your domain, you will only be able to edit **Hops**. If you manually added your domain, you will be able to edit **Domain name** and **Hops**.
@@ -33,7 +33,7 @@ To edit your domains:
 
 To stop scanning domains:
 
-1. Log in to [Zero Trust](https://one.dash.cloudflare.com/) > **Email Security**.
+1. Log in to [Cloudflare One](https://one.dash.cloudflare.com/) > **Email Security**.
 2. Go to **Settings** > **Domain management** > **Domains**, then select **View**.
 3. On the **Domains** page, locate your domain, select the three dots > **Stop scanning**.
 4. Select **Stop scanning** again to stop Cloudflare from scanning your domain.
\ No newline at end of file
diff --git a/src/content/docs/cloudflare-one/email-security/setup/post-delivery-deployment/api/index.mdx b/src/content/docs/cloudflare-one/email-security/setup/post-delivery-deployment/api/index.mdx
index 5190341dd182599..3e062de34824b25 100644
--- a/src/content/docs/cloudflare-one/email-security/setup/post-delivery-deployment/api/index.mdx
+++ b/src/content/docs/cloudflare-one/email-security/setup/post-delivery-deployment/api/index.mdx
@@ -7,7 +7,7 @@ sidebar:
 
 When you choose an API deployment, email messages only reach Email Security after they have already reached a user's inbox.
 
-Then, through an integration with your email provider, Email Security can [auto-move messages](/cloudflare-one/email-security/auto-moves/) based on your organization's policies.
+Then, through an integration with your email provider, Email Security can [auto-move messages](/cloudflare-one/email-security/settings/auto-moves/) based on your organization's policies.
 
 ![With API deployment, messages travel through Email Security's email filter after reaching your users.](~/assets/images/email-security/deployment/api-setup/M365_API_Deployment_Graph.png)
 
diff --git a/src/content/docs/cloudflare-one/email-security/setup/post-delivery-deployment/api/m365-api.mdx b/src/content/docs/cloudflare-one/email-security/setup/post-delivery-deployment/api/m365-api.mdx
index d2f1f7480fa9ae6..b96b77b31f7beec 100644
--- a/src/content/docs/cloudflare-one/email-security/setup/post-delivery-deployment/api/m365-api.mdx
+++ b/src/content/docs/cloudflare-one/email-security/setup/post-delivery-deployment/api/m365-api.mdx
@@ -20,9 +20,8 @@ To use Email Security, you will need to have:
 
 ## Enable Email Security via the dashboard
 
-1. Log in to [Zero Trust](https://one.dash.cloudflare.com/).
-2. Select **Email Security**.
-3. Select **Overview**. Select one of the following options depending on your use case:
+1. Log in to [Cloudflare One](https://one.dash.cloudflare.com/) and select **Email Security**..
+2. Select **Overview**. Select one of the following options depending on your use case:
 
 - If you have not purchased Email Security, select **Contact sales**.
 - If you have not associated any integration:
@@ -55,7 +54,7 @@ On the **Set up Email Security** page, you will be able to connect your Microsof
 
 1. **Connect domains**: Select at least one domain. Then, select **Continue**.
 2. (Optional) **Modify default scanning**: You can configure which folder Email Security can scan.
-3. (Optional - select **Skip for now** to skip this step) **Redirect messages**: Refer to [Auto-moves](/cloudflare-one/email-security/auto-moves/) to learn what auto-moves are, and how to configure auto-moves.
+3. (Optional - select **Skip for now** to skip this step) **Redirect messages**: Refer to [Auto-moves](/cloudflare-one/email-security/settings/auto-moves/) to learn what auto-moves are, and how to configure auto-moves.
 4. **Review details**: Review your connected domains, then select **Go to Domains**.
 
 Your domains are now connected successfully.
@@ -64,7 +63,7 @@ Your domains are now connected successfully.
 
 To connect new domains:
 
-1. In [Zero Trust](https://one.dash.cloudflare.com/), select **Email Security**.
+1. In [Cloudflare One](https://one.dash.cloudflare.com/), select **Email Security**.
 2. Select **Settings** > **Domain management** > **Domains**, then select **View**.
 3. Select **Add a domain**.
 4. Select a method for connecting your mail environment to Email Security:
@@ -78,7 +77,7 @@ To connect new domains:
 
 If you want to prevent Cloudflare from scanning a domain:
 
-1. In [Zero Trust](https://one.dash.cloudflare.com/), select **Email Security**.
+1. In [Cloudflare One](https://one.dash.cloudflare.com/), select **Email Security**.
 2. Go to **Settings** > **Domain management** > **Domains**, then select **View**.
 3. On the **Domain management** page, select the domain you do not want to be scanned.
 4. Select the three dots > **Stop scanning**.
@@ -87,12 +86,12 @@ If you want to prevent Cloudflare from scanning a domain:
 
 To view the integration for each connected domain:
 
-1. In [Zero Trust](https://one.dash.cloudflare.com/), select **Email Security**.
+1. In [Cloudflare One](https://one.dash.cloudflare.com/), select **Email Security**.
 2. Go to **Settings** > **Domain management** > **Domains**, then select **View**.
 3. Select a domain.
 4. Select the three dots > **View integration**.
 
-Once you have set up Email Security to scan through your inbox, Email Security will display detailed information about your inbox. Refer to [Monitor your inbox](/cloudflare-one/email-security/email-monitoring/) to learn more.
+Once you have set up Email Security to scan through your inbox, Email Security will display detailed information about your inbox. Refer to [Monitor your inbox](/cloudflare-one/email-security/monitoring/) to learn more.
 
 <Render file="email-security/post-verification-setup" product="cloudflare-one" />
 
diff --git a/src/content/docs/cloudflare-one/email-security/setup/post-delivery-deployment/bcc-journaling/bcc-setup/gmail-bcc-setup/add-bcc-rules.mdx b/src/content/docs/cloudflare-one/email-security/setup/post-delivery-deployment/bcc-journaling/bcc-setup/gmail-bcc-setup/add-bcc-rules.mdx
index 26fc1434ea332f5..40211f6d6737b5f 100644
--- a/src/content/docs/cloudflare-one/email-security/setup/post-delivery-deployment/bcc-journaling/bcc-setup/gmail-bcc-setup/add-bcc-rules.mdx
+++ b/src/content/docs/cloudflare-one/email-security/setup/post-delivery-deployment/bcc-journaling/bcc-setup/gmail-bcc-setup/add-bcc-rules.mdx
@@ -24,7 +24,7 @@ sidebar:
         - Go to **Also deliver to**, select **Add more recipients** > **ADD** > Choose **Advanced**:
             - Under **Envelope recipient**, select **Change envelope recipient** > **Replace recipient** > Enter the service address. This is the service address you copied and pasted in step 5 when [connecting your domains](/cloudflare-one/email-security/setup/post-delivery-deployment/bcc-journaling/bcc-setup/gmail-bcc-setup/connect-domains/). 
             If you did not copy and paste the service address:
-                - In [Zero Trust](https://one.dash.cloudflare.com/), go to **Email Security**.
+                - In [Cloudflare One](https://one.dash.cloudflare.com/), go to **Email Security**.
                 - Go to **Settings** and locate your domain under **Your domains**.
                 - Select the three dots > **View domain** > **Service address**. Copy and paste the service address.
             - Under **Spam and delivery options**, select **Suppress bounces from this recipient**.
diff --git a/src/content/docs/cloudflare-one/email-security/setup/post-delivery-deployment/bcc-journaling/bcc-setup/gmail-bcc-setup/connect-domains.mdx b/src/content/docs/cloudflare-one/email-security/setup/post-delivery-deployment/bcc-journaling/bcc-setup/gmail-bcc-setup/connect-domains.mdx
index 6fd1f2d89ec62eb..780fd620ee4ee2a 100644
--- a/src/content/docs/cloudflare-one/email-security/setup/post-delivery-deployment/bcc-journaling/bcc-setup/gmail-bcc-setup/connect-domains.mdx
+++ b/src/content/docs/cloudflare-one/email-security/setup/post-delivery-deployment/bcc-journaling/bcc-setup/gmail-bcc-setup/connect-domains.mdx
@@ -14,7 +14,7 @@ On the **Set up Email Security** page:
 1. **Connect domains**: Select at least one domain. Then, select **Continue**.
 2. (**Optional**) **Add manual domains**: Select **Add domain name** to manually enter additional domains. Then, select **Continue**.
 3. (**Optional**) **Adjust hop count**: Enter the number of <GlossaryTooltip term="Hops">hops</GlossaryTooltip>. Then, select **Continue**.
-4. (**Optional**, select **Skip for now** to skip this step) **Move messages**: Refer to [Auto-moves](/cloudflare-one/email-security/auto-moves/) to configure auto-moves. Then, select **Continue**.
+4. (**Optional**, select **Skip for now** to skip this step) **Move messages**: Refer to [Auto-moves](/cloudflare-one/email-security/settings/auto-moves/) to configure auto-moves. Then, select **Continue**.
 5. **Select your processing location**: Configure where you want Cloudflare to process your email. **Global** will be the default option.  If you choose **Global**, `<account tag>@CF-emailsecurity.com` will be your regional service address. Once you have chosen your processing location, select **Continue**.
 6. **Review details**: Review your connected domains and service addresses. Then, select **Go to domains.**
 
@@ -28,7 +28,7 @@ Under **Source**, the dashboard will display **Google integration**, along with
 
 To add additional domains:
 
-1. In [Zero Trust](https://one.dash.cloudflare.com/), go to **Email Security** > **Settings**.
+1. In [Cloudflare One](https://one.dash.cloudflare.com/), go to **Email Security** > **Settings**.
 2. Select **Connect an integration** > **BCC/Journaling** > **Integrate with Google** > **Authorize**.
 3. **Connect domains**: Select the domains you want to add, then select **Next**.
 4. (Optional) Select **Add manual domains**: Enter additional domains manually, then select **Next**.
diff --git a/src/content/docs/cloudflare-one/email-security/setup/post-delivery-deployment/bcc-journaling/bcc-setup/gmail-bcc-setup/enable-auto-moves.mdx b/src/content/docs/cloudflare-one/email-security/setup/post-delivery-deployment/bcc-journaling/bcc-setup/gmail-bcc-setup/enable-auto-moves.mdx
index c07565c643a5ff8..c7a6b9aac7488f4 100644
--- a/src/content/docs/cloudflare-one/email-security/setup/post-delivery-deployment/bcc-journaling/bcc-setup/gmail-bcc-setup/enable-auto-moves.mdx
+++ b/src/content/docs/cloudflare-one/email-security/setup/post-delivery-deployment/bcc-journaling/bcc-setup/gmail-bcc-setup/enable-auto-moves.mdx
@@ -7,7 +7,7 @@ sidebar:
 
 If you do not have an integration:
 
-1. In [Zero Trust](https://one.dash.cloudflare.com/), go to **Email Security**.
+1. In [Cloudflare One](https://one.dash.cloudflare.com/), go to **Email Security**.
 2. Go to **Settings** > **Domain management** > **Domains** > select **View**.
 3. Locate your domain, select the three dots > Select **Associate an integration**.
 4. Select **Connect an integration**. You will then be redirected to the **Add an integration** page.
diff --git a/src/content/docs/cloudflare-one/email-security/setup/post-delivery-deployment/bcc-journaling/bcc-setup/gmail-bcc-setup/gmail-bcc-setup.mdx b/src/content/docs/cloudflare-one/email-security/setup/post-delivery-deployment/bcc-journaling/bcc-setup/gmail-bcc-setup/gmail-bcc-setup.mdx
index b9df02cadba6fcb..251cfea79e990dc 100644
--- a/src/content/docs/cloudflare-one/email-security/setup/post-delivery-deployment/bcc-journaling/bcc-setup/gmail-bcc-setup/gmail-bcc-setup.mdx
+++ b/src/content/docs/cloudflare-one/email-security/setup/post-delivery-deployment/bcc-journaling/bcc-setup/gmail-bcc-setup/gmail-bcc-setup.mdx
@@ -10,7 +10,7 @@ For customers using Gmail as their email provider, setting up Email Security is
 
 You will need to [create an integration](/cloudflare-one/email-security/setup/post-delivery-deployment/bcc-journaling/bcc-setup/gmail-bcc-setup/enable-gmail-integration/), [add BCC rules](/cloudflare-one/email-security/setup/post-delivery-deployment/bcc-journaling/bcc-setup/gmail-bcc-setup/add-bcc-rules/), and [connect your domain(s)](/cloudflare-one/email-security/setup/post-delivery-deployment/bcc-journaling/bcc-setup/gmail-bcc-setup/connect-domains/). You can choose to [add additional domains](/cloudflare-one/email-security/setup/post-delivery-deployment/bcc-journaling/bcc-setup/gmail-bcc-setup/connect-domains/#add-additional-domains) at a later stage.
 
-Once you set up Google integration, Email Security will receive a copy of your email messages. You will need a Google integration to enable [auto-moves](/cloudflare-one/email-security/auto-moves/).
+Once you set up Google integration, Email Security will receive a copy of your email messages. You will need a Google integration to enable [auto-moves](/cloudflare-one/email-security/settings/auto-moves/).
 
 The following email flow shows how this works:
 
diff --git a/src/content/docs/cloudflare-one/email-security/setup/post-delivery-deployment/bcc-journaling/journaling-setup/m365-journaling.mdx b/src/content/docs/cloudflare-one/email-security/setup/post-delivery-deployment/bcc-journaling/journaling-setup/m365-journaling.mdx
index c00463f83c1ac4d..dae623e14073db3 100644
--- a/src/content/docs/cloudflare-one/email-security/setup/post-delivery-deployment/bcc-journaling/journaling-setup/m365-journaling.mdx
+++ b/src/content/docs/cloudflare-one/email-security/setup/post-delivery-deployment/bcc-journaling/journaling-setup/m365-journaling.mdx
@@ -13,7 +13,7 @@ When you receive an email, the email lands on your Microsoft 365 inbox, and then
 
 To enable Microsoft 365 journaling deployment:
 
-1. Log in to [Zero Trust](https://one.dash.cloudflare.com/) > **Email Security**.
+1. Log in to [Cloudflare One](https://one.dash.cloudflare.com/) > **Email Security**.
 2. Select **Overview**. If you have not purchased Email Security, select **Contact Sales**. Otherwise, select **Set up** > **BCC/Journaling**.
 3. Select **Integrate with MS** > **Authorize**.
 4. Continue with [Integrate with Microsoft 365](/cloudflare-one/email-security/setup/post-delivery-deployment/bcc-journaling/journaling-setup/m365-journaling/#1-integrate-with-microsoft-365) to connect your Microsoft integration.
@@ -40,8 +40,8 @@ On the **Set up Email Security** page:
 1. **Connect domains**: Select at least one domain. Then, select **Continue**.
 2. (**Optional**) **Add manual domains**: Select **Add domain name** to manually enter additional domains. Then, select **Continue**.
 3. (**Optional**) **Adjust hop count**: Enter the number of <GlossaryTooltip term="Hops">hops</GlossaryTooltip>. Then, select **Continue**.
-4. (**Optional**, select **Skip for now** to skip this step) **Move messages**: Refer to [Auto-moves](/cloudflare-one/email-security/auto-moves/) to configure auto-moves. Then, select **Continue**.
-5. **Select your processing location**: Configure where you want Cloudflare to process your email. **Global** will be the default option.  If you choose **Global**, `<account tag>@CF-emailsecurity.com` will be your regional service address. Once you have chosen your processing location, select **Continue**.
+4. (**Optional**, select **Skip for now** to skip this step) **Move messages**: Refer to [Auto-moves](/cloudflare-one/email-security/settings/auto-moves/) to configure auto-moves. Then, select **Continue**.
+5. **Select your processing location**: Configure where you want Cloudflare to process your email. **Global** will be the default option. If you choose **Global**, `<account tag>@CF-emailsecurity.com` will be your regional service address. Once you have chosen your processing location, select **Continue**.
 6. **Review details**: Review your connected domains and service addresses. Then, select **Go to domains.**
 
 Your domains are now added successfully.
@@ -73,10 +73,13 @@ To view your connected domains:
 
 8. Verify the information is correct, and select **Submit** > **Done**.
 
-Once saved, the rule is automatically active. However, it may take a few minutes for the configuration to propagate and start pushing messages to Email Security. After it propagates, you can [monitor your inbox](/cloudflare-one/email-security/email-monitoring/) in the Cloudflare dashboard to check the number of messages processed. This number will grow as journaled messages are sent to Email Security from your Exchange server.
+Once saved, the rule is automatically active. However, it may take a few minutes for the configuration to propagate and start pushing messages to Email Security. After it propagates, you can [monitor your inbox](/cloudflare-one/email-security/monitoring/) in the Cloudflare dashboard to check the number of messages processed. This number will grow as journaled messages are sent to Email Security from your Exchange server.
 
-<Render file="email-security/post-verification-setup" product="cloudflare-one" />
+<Render
+	file="email-security/post-verification-setup"
+	product="cloudflare-one"
+/>
 
 ## Next steps
 
-<Render file="email-security/enable-logs" product="cloudflare-one" />
\ No newline at end of file
+<Render file="email-security/enable-logs" product="cloudflare-one" />
diff --git a/src/content/docs/cloudflare-one/email-security/setup/post-delivery-deployment/bcc-journaling/journaling-setup/manual-add.mdx b/src/content/docs/cloudflare-one/email-security/setup/post-delivery-deployment/bcc-journaling/journaling-setup/manual-add.mdx
index 14e44f116290dbf..5205ec41c9fc71d 100644
--- a/src/content/docs/cloudflare-one/email-security/setup/post-delivery-deployment/bcc-journaling/journaling-setup/manual-add.mdx
+++ b/src/content/docs/cloudflare-one/email-security/setup/post-delivery-deployment/bcc-journaling/journaling-setup/manual-add.mdx
@@ -17,7 +17,7 @@ To use Email Security, you will need to have:
 
 ## Manually add domains
 
-1. Log in to [Zero Trust](https://one.dash.cloudflare.com/) > **Email Security**.
+1. Log in to [Cloudflare One](https://one.dash.cloudflare.com/) > **Email Security**.
 2. Select **Overview**. If you have not purchased Email Security, select **Contact Sales**. Otherwise, select **Set up** > **BCC/Journaling**.
 3. Select **Manual add**.
 
@@ -58,10 +58,10 @@ To enable auto-move events, you will have to associate an integration.
 
 To associate an integration:
 
-1. Log in to [Zero Trust](https://one.dash.cloudflare.com/) > **Email Security**.
+1. Log in to [Cloudflare One](https://one.dash.cloudflare.com/) > **Email Security**.
 2. Go to **Settings** > **Domain management** > **Domains** > Select **View**.
 3. On the **Domain management** page, locate your domain, select the three dots, then select **Associate an integration**.
 4. Select **Connect an integration**. Follow the steps to [enable the Microsoft 365 integration](/cloudflare-one/email-security/setup/post-delivery-deployment/api/m365-api/#enable-microsoft-integration).
 5. Select the three dots, then select **Associate an integration**. Select the integration, then select **Associate**.
 
-Now that your domain has an associated integration, enable [auto-move events](/cloudflare-one/email-security/auto-moves/) on your domain.
+Now that your domain has an associated integration, enable [auto-move events](/cloudflare-one/email-security/settings/auto-moves/) on your domain.
diff --git a/src/content/docs/cloudflare-one/email-security/setup/pre-delivery-deployment/partner-domain-tls.mdx b/src/content/docs/cloudflare-one/email-security/setup/pre-delivery-deployment/partner-domain-tls.mdx
index d02d3a29c7e5147..980b77492c53e29 100644
--- a/src/content/docs/cloudflare-one/email-security/setup/pre-delivery-deployment/partner-domain-tls.mdx
+++ b/src/content/docs/cloudflare-one/email-security/setup/pre-delivery-deployment/partner-domain-tls.mdx
@@ -13,7 +13,7 @@ To enforce TLS across all emails, you will need to enforce TLS requirements when
 
 To set up a partner domain:
 
-1. Log in to [Zero Trust](https://one.dash.cloudflare.com/) and select **Email security**.
+1. Log in to [Cloudflare One](https://one.dash.cloudflare.com/) and select **Email security**.
 2. Select **Settings** > **Partner domain TLS** > **View**.
 3. Select **Add a domain**.
 4. Enter a valid domain name. You can also exclude subdomains by selecting **Add exclude**.
diff --git a/src/content/docs/cloudflare-one/email-security/setup/pre-delivery-deployment/prerequisites/gsuite-email-security-mx.mdx b/src/content/docs/cloudflare-one/email-security/setup/pre-delivery-deployment/prerequisites/gsuite-email-security-mx.mdx
index 8c717a6f26b6e00..7380a02e5c37552 100644
--- a/src/content/docs/cloudflare-one/email-security/setup/pre-delivery-deployment/prerequisites/gsuite-email-security-mx.mdx
+++ b/src/content/docs/cloudflare-one/email-security/setup/pre-delivery-deployment/prerequisites/gsuite-email-security-mx.mdx
@@ -93,4 +93,4 @@ After 72 hours, the MX record DNS update will have sufficiently propagated acros
 
 4. Enable **Reject all mail not from gateway IPs** and select **Save**.
 
-5. Select **Save** once more to commit and activate the configuration change in the Gmail advanced configuration console.
+5. Select **Save** once more to commit and activate the configuration change in the Gmail advanced configuration console.
\ No newline at end of file
diff --git a/src/content/docs/cloudflare-one/roles-permissions.mdx b/src/content/docs/cloudflare-one/roles-permissions.mdx
index 52120ca2e163cde..08dd536e6e6246f 100644
--- a/src/content/docs/cloudflare-one/roles-permissions.mdx
+++ b/src/content/docs/cloudflare-one/roles-permissions.mdx
@@ -52,4 +52,4 @@ For more information on Email Security roles, refer to [Account-scoped roles](/f
 - **Email Security Analyst**: Has analyst access. Can take action on emails and read emails.
 - **Email Security Reporting**: Can read metrics.
 - **Email Security Read Only**: Can read all information, but cannot take action on anything.
-- **Email Security Policy Admin**: Can read all settings, but only write [allow policies](/cloudflare-one/email-security/detection-settings/allow-policies/), [trusted domains](/cloudflare-one/email-security/detection-settings/trusted-domains/), and [blocked senders](/cloudflare-one/email-security/detection-settings/blocked-senders/).
+- **Email Security Policy Admin**: Can read all settings, but only write [allow policies](/cloudflare-one/email-security/settings/detection-settings/allow-policies/), [trusted domains](/cloudflare-one/email-security/settings/detection-settings/trusted-domains/), and [blocked senders](/cloudflare-one/email-security/settings/detection-settings/blocked-senders/).
diff --git a/src/content/docs/email-security/migrate-to-email-security.mdx b/src/content/docs/email-security/migrate-to-email-security.mdx
index 54a0ac61e0af98f..a822c6379cfa82c 100644
--- a/src/content/docs/email-security/migrate-to-email-security.mdx
+++ b/src/content/docs/email-security/migrate-to-email-security.mdx
@@ -23,11 +23,12 @@ In Area 1, you can reach out to support via the following email addresses:
 - phishguard@area1security.com (for PhishGuard customers only)
 
 In Email Security, you can raise a ticket by contacting [technical support](https://dash.cloudflare.com/?to=/:account/support) on the Cloudflare dashboard:
+
 1. Select your account and choose **Technical support**.
 2. In **Solve your issue**, answer the following questions:
-    - What type of question do you have? Select **Technical - Other Products**
-    - In what area can we help you? Select **Email Security**
-    - What feature, service or problem is this related to? Choose among **Configuration**, **Detections** or **PhishGuard**.
+   - What type of question do you have? Select **Technical - Other Products**
+   - In what area can we help you? Select **Email Security**
+   - What feature, service or problem is this related to? Choose among **Configuration**, **Detections** or **PhishGuard**.
 
 ## Invite users
 
@@ -41,15 +42,15 @@ To invite users in Zero Trust Email Security:
 
 Once you have added new account members, you will have to assign each member an [Email Security role](/cloudflare-one/roles-permissions/#email-security-roles).
 
-| Area 1              | Email Security                                                     | Description                                                  |
-|---------------------|--------------------------------------------------------------------|--------------------------------------------------------------|
-| N/A | Cloudflare Zero Trust | Can edit Cloudflare [Zero Trust](/cloudflare-one/). Has administrator access to all Zero Trust products including Access, Gateway, WARP, Tunnel, Browser Isolation, CASB, DLP, DEX, and Email Security. | 
-| Super Admin         | Email Security Analyst + Email Security Configuration Admin = Super Admin | Has full access to all admin features in Email Security |
-| Configuration Admin | Email Security Configuration Admin                                 | Has administrator access. Cannot take actions on emails, or read emails           |
-| SOC Analyst         | Email Security Analyst                                             | Has analyst access. Can take action on emails and read emails.            |
-| Viewer              | Email Security Reporting                                           | Can read metrics                                              |
-|N/A | Cloudflare Zero Trust PII | Can read PII in Zero Trust (this includes Email Security)
-|N/A | Email Security Policy Admin | Can read all settings, but only write allow policies, trusted domains, and blocked senders |
+| Area 1              | Email Security                                                            | Description                                                                                                                                                                                             |
+| ------------------- | ------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
+| N/A                 | Cloudflare Zero Trust                                                     | Can edit Cloudflare [Zero Trust](/cloudflare-one/). Has administrator access to all Zero Trust products including Access, Gateway, WARP, Tunnel, Browser Isolation, CASB, DLP, DEX, and Email Security. |
+| Super Admin         | Email Security Analyst + Email Security Configuration Admin = Super Admin | Has full access to all admin features in Email Security                                                                                                                                                 |
+| Configuration Admin | Email Security Configuration Admin                                        | Has administrator access. Cannot take actions on emails, or read emails                                                                                                                                 |
+| SOC Analyst         | Email Security Analyst                                                    | Has analyst access. Can take action on emails and read emails.                                                                                                                                          |
+| Viewer              | Email Security Reporting                                                  | Can read metrics                                                                                                                                                                                        |
+| N/A                 | Cloudflare Zero Trust PII                                                 | Can read PII in Zero Trust (this includes Email Security)                                                                                                                                               |
+| N/A                 | Email Security Policy Admin                                               | Can read all settings, but only write allow policies, trusted domains, and blocked senders                                                                                                              |
 
 ## Create webhooks
 
@@ -82,17 +83,17 @@ You can also check the status of APIs through the [Cloudflare Status API](https:
 ## Email reports
 
 :::note
-Starting from October 1, 2025, weekly and daily email reports will no longer be available. Go to [Monitoring](/cloudflare-one/email-security/email-monitoring/) in Email Security to monitor your inbox.
+Starting from October 1, 2025, weekly and daily email reports will no longer be available. Go to [Monitoring](/cloudflare-one/email-security/monitoring/) in Email Security to monitor your inbox.
 :::
 
 In Area 1, you receive daily or weekly updates of the number of emails dispositioned.
 
-In Email Security, you can view [email monitoring](/cloudflare-one/email-security/email-monitoring/) over the last 90, 30, 7, 3, 1 day(s).
+In Email Security, you can view [email monitoring](/cloudflare-one/email-security/monitoring/) over the last 90, 30, 7, 3, 1 day(s).
 
 ## Email alerts for detections
 
 :::note
-Starting from October 1, 2025, emails alerts for detections will no longer be available. As an alternative, use [Logpush](/cloudflare-one/insights/logs/enable-logs/#enable-detection-logs). 
+Starting from October 1, 2025, emails alerts for detections will no longer be available. As an alternative, use [Logpush](/cloudflare-one/insights/logs/enable-logs/#enable-detection-logs).
 :::
 
 In Area 1, you receive an email when an email is assigned a disposition.
@@ -103,53 +104,53 @@ In Email Security, you enable [Logpush](/cloudflare-one/insights/logs/enable-log
 
 In Area 1, you can perform two types of search: [Fielded Search](/email-security/reporting/search/#fielded-search) and [Freeform Search](/email-security/reporting/search/#freeform-search).
 
-In Email Security, the ability to search emails has been expanded. You can use three different [screen criteria](/cloudflare-one/email-security/email-monitoring/search-email/#screen-criteria) to search emails:
+In Email Security, the ability to search emails has been expanded. You can use three different [screen criteria](/cloudflare-one/email-security/monitoring/search-email/#screen-criteria) to search emails:
 
-- [Advanced screen](/cloudflare-one/email-security/email-monitoring/search-email/#advanced-screen)
-- [Regular screen](/cloudflare-one/email-security/email-monitoring/search-email/#regular-screen)
-- [Popular screen](/cloudflare-one/email-security/email-monitoring/search-email/#popular-screen)
+- [Advanced screen](/cloudflare-one/email-security/monitoring/search-email/#advanced-screen)
+- [Regular screen](/cloudflare-one/email-security/monitoring/search-email/#regular-screen)
+- [Popular screen](/cloudflare-one/email-security/monitoring/search-email/#popular-screen)
 
 ## Check metrics
 
 In Area 1, you can check [statistics](/email-security/reporting/statistics-overview/) in your Home section.
 
-In Email Security, you can check your metrics in the [Monitoring](/cloudflare-one/email-security/email-monitoring/) section in the dashboard.
+In Email Security, you can check your metrics in the [Monitoring](/cloudflare-one/email-security/monitoring/) section in the dashboard.
 
 ## Move messages to a specific folder
 
-Area 1 allows you to set up [message retraction](/email-security/email-configuration/retract-settings/) to move messages to specific folders. This is known as **retraction**. 
+Area 1 allows you to set up [message retraction](/email-security/email-configuration/retract-settings/) to move messages to specific folders. This is known as **retraction**.
 
-Moving messages to a specific folder is known as [auto-moves](/cloudflare-one/email-security/auto-moves/) in Zero Trust Email Security.
+Moving messages to a specific folder is known as [auto-moves](/cloudflare-one/email-security/settings/auto-moves/) in Zero Trust Email Security.
 
 ## Create policies
 
 This table displays the difference in terminology used when creating policies:
 
-| Area 1                                                                                        | Email Security                                                                                    |
-|-----------------------------------------------------------------------------------------------|---------------------------------------------------------------------------------------------------|
-| [Allowed patterns](/email-security/email-configuration/lists/allowed-patterns/)               | [Allow policies](/cloudflare-one/email-security/detection-settings/allow-policies/)               |
-| [Block lists](/email-security/email-configuration/lists/block-list/)                          | [Blocked senders](/cloudflare-one/email-security/detection-settings/blocked-senders/)             |
-| [Trusted domains](/email-security/email-configuration/lists/trusted-domains/)                 | [Trusted domains](/cloudflare-one/email-security/detection-settings/trusted-domains/)             |
-| [Text add-ons](/email-security/email-configuration/email-policies/text-addons/)               | [Text add-ons](/cloudflare-one/email-security/detection-settings/configure-text-add-ons/)         |
-| [Link actions](/email-security/email-configuration/email-policies/link-actions/)              | [Link actions](/cloudflare-one/email-security/detection-settings/configure-link-actions/)         |
-| [Added detections](/email-security/email-configuration/enhanced-detections/added-detections/) | [Additional detections](/cloudflare-one/email-security/detection-settings/additional-detections/) |
+| Area 1                                                                                        | Email Security                                                                                             |
+| --------------------------------------------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------- |
+| [Allowed patterns](/email-security/email-configuration/lists/allowed-patterns/)               | [Allow policies](/cloudflare-one/email-security/settings/detection-settings/allow-policies/)               |
+| [Block lists](/email-security/email-configuration/lists/block-list/)                          | [Blocked senders](/cloudflare-one/email-security/settings/detection-settings/blocked-senders/)             |
+| [Trusted domains](/email-security/email-configuration/lists/trusted-domains/)                 | [Trusted domains](/cloudflare-one/email-security/settings/detection-settings/trusted-domains/)             |
+| [Text add-ons](/email-security/email-configuration/email-policies/text-addons/)               | [Text add-ons](/cloudflare-one/email-security/settings/detection-settings/configure-text-add-ons/)         |
+| [Link actions](/email-security/email-configuration/email-policies/link-actions/)              | [Link actions](/cloudflare-one/email-security/settings/detection-settings/configure-link-actions/)         |
+| [Added detections](/email-security/email-configuration/enhanced-detections/added-detections/) | [Additional detections](/cloudflare-one/email-security/settings/detection-settings/additional-detections/) |
 
 ## Reclassifications
 
 This table displays the difference in terminology used when finding emails whose disposition is incorrect:
 
-| Area 1 | Email Security |
-|--|--|
-| Report [false negative](/email-security/email-configuration/phish-submissions/#false-negatives)/[false positive](/email-security/email-configuration/phish-submissions/#false-positives) | [ Reclassify messages ](/cloudflare-one/email-security/email-monitoring/search-email/#reclassify-messages) |
-| N/A | Escalate user submissions |
-| [Team submission](/email-security/email-configuration/phish-submissions/#how-to-submit-phish) | [Team submissions](/cloudflare-one/email-security/email-monitoring/search-email/#team-submissions) |
-| [User submission](/email-security/email-configuration/phish-submissions/#how-to-submit-phish) | [User submissions](/cloudflare-one/email-security/email-monitoring/search-email/#user-submissions) |
+| Area 1                                                                                                                                                                                   | Email Security                                                                                       |
+| ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------------------------------------------------------------------------------------------- |
+| Report [false negative](/email-security/email-configuration/phish-submissions/#false-negatives)/[false positive](/email-security/email-configuration/phish-submissions/#false-positives) | [ Reclassify messages ](/cloudflare-one/email-security/monitoring/search-email/#reclassify-messages) |
+| N/A                                                                                                                                                                                      | Escalate user submissions                                                                            |
+| [Team submission](/email-security/email-configuration/phish-submissions/#how-to-submit-phish)                                                                                            | [Team submissions](/cloudflare-one/email-security/monitoring/search-email/#team-submissions)         |
+| [User submission](/email-security/email-configuration/phish-submissions/#how-to-submit-phish)                                                                                            | [User submissions](/cloudflare-one/email-security/monitoring/search-email/#user-submissions)         |
 
 ## Business Email Compromise
 
 In Area 1, you can set up a [Business email compromise (BEC)](/email-security/email-configuration/enhanced-detections/business-email-compromise/) list to protect against attackers who try to impersonate executives.
 
-In Email Security, this feature is known as [impersonation registry](/cloudflare-one/email-security/detection-settings/impersonation-registry/).
+In Email Security, this feature is known as [impersonation registry](/cloudflare-one/email-security/settings/detection-settings/impersonation-registry/).
 
 ## Synchronize directories
 
@@ -165,4 +166,4 @@ Area 1 API endpoints will deprecate on December 18, 2025. Use the [Email Securit
 
 To access Area 1 API, go to the [API Documentation](https://developers.cloudflare.com/email-security/static/api_documentation_1.38.1.pdf). You can set up a [service account](https://developers.cloudflare.com/email-security/api/service-accounts/) to configure API tokens.
 
-To access Email Security API, go to [Email Security API](https://developers.cloudflare.com/api/resources/email_security/). You can set up an [API token](/fundamentals/api/get-started/create-token/) to use the Email Security API.
\ No newline at end of file
+To access Email Security API, go to [Email Security API](https://developers.cloudflare.com/api/resources/email_security/). You can set up an [API token](/fundamentals/api/get-started/create-token/) to use the Email Security API.
diff --git a/src/content/docs/fundamentals/manage-members/roles.mdx b/src/content/docs/fundamentals/manage-members/roles.mdx
index a6f8d970d9424cd..6bd738e207f8c90 100644
--- a/src/content/docs/fundamentals/manage-members/roles.mdx
+++ b/src/content/docs/fundamentals/manage-members/roles.mdx
@@ -44,7 +44,7 @@ Account-scoped roles apply across an entire Cloudflare account, and through all
 | Email Security Analyst                                       | Grants analyst access. Can take action on emails and read emails.                                                                                                                                                                                                                                                                                                                                                                 |
 | Email Security Read Only                                     | Grants read only access to all of Email Security.                                                                                                                                                                                                                                                                                                                                                                                 |
 | Email Security Reporting                                     | Grants read access to Email Security metrics.                                                                                                                                                                                                                                                                                                                                                                                     |
-| Email Security Policy Admin                                  | Grants read access to all settings, and write access to [allow policies](/cloudflare-one/email-security/detection-settings/allow-policies/), [trusted domains](/cloudflare-one/email-security/detection-settings/trusted-domains/), and [blocked senders](/cloudflare-one/email-security/detection-settings/blocked-senders/)                                                                                                     |
+| Email Security Policy Admin                                  | Grants read access to all settings, and write access to [allow policies](/cloudflare-one/email-security/settings/detection-settings/allow-policies/), [trusted domains](/cloudflare-one/email-security/settings/detection-settings/trusted-domains/), and [blocked senders](/cloudflare-one/email-security/settings/detection-settings/blocked-senders/)                                                                          |
 | Firewall                                                     | Can edit [WAF](/waf/), [IP Access rules](/waf/tools/ip-access-rules/), [Zone Lockdown](/waf/tools/zone-lockdown/) settings, and [Cache Rules](/cache/how-to/cache-rules/).                                                                                                                                                                                                                                                        |
 | Load Balancer                                                | Can edit [Load Balancers](/load-balancing/), Pools, Origins, and Health Checks.                                                                                                                                                                                                                                                                                                                                                   |
 | Log Share                                                    | Can edit [Log Share](/logs/) configuration.                                                                                                                                                                                                                                                                                                                                                                                       |
diff --git a/src/content/docs/learning-paths/cybersafe/email-security-onboarding/email-security-next-steps.mdx b/src/content/docs/learning-paths/cybersafe/email-security-onboarding/email-security-next-steps.mdx
index de5f128fc7b5b6b..2227f6a7c112a81 100644
--- a/src/content/docs/learning-paths/cybersafe/email-security-onboarding/email-security-next-steps.mdx
+++ b/src/content/docs/learning-paths/cybersafe/email-security-onboarding/email-security-next-steps.mdx
@@ -3,17 +3,16 @@ title: Next steps
 pcx_content_type: learning-unit
 sidebar:
   order: 4
-
 ---
 
 Now that you have learned how Email Security can protect your inbox from phishing attacks, refer to the following resources to onboard and enhance your email security posture:
 
-| Resource                                                                                                              | Description                                                                                                                                                                                                                                                 |
-| --------------------------------------------------------------------------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
-| [Phish submissions](/cloudflare-one/email-security/phish-submissions/)                                           | As part of your continuous email security posture, administrators and security analysts need to submit missed phish samples so Cloudflare can process them and take necessary action. |
-| [API integration](/cloudflare-one/email-security/setup/post-delivery-deployment/api/)                                                        | Onboard your domain via API deployment.                                                                                                                                                                          |
-| [Impersonation registry](/cloudflare-one/email-security/detection-settings/impersonation-registry/) | The impersonation registry contains combinations of emails of users who are likely to be impersonated.                                                                                                                                                                                |
-| [Trusted domains](/cloudflare-one/email-security/detection-settings/trusted-domains/)                                         | Trusted domains allows you to identify domains that should be exempted from Email Security detections.                                                                                                                                                              |
-| [Allow policies](/cloudflare-one/email-security/detection-settings/allow-policies/)                                 | Allow policies exempt messages that match certain patterns from normal detection scanning.                                                                                                                                                               |
-| [Blocked senders](/cloudflare-one/email-security/detection-settings/blocked-senders/)                                           | Blocked senders can mark all messages from specific senders with a `MALICIOUS` disposition.                                                                                                                                                                   |
-| [PhishGuard](/cloudflare-one/email-security/phish-guard/)                                             | PhishGuard is a managed email security service that provides resources for end-to-end phish and targeted attack management and response.                                                                                                     |
\ No newline at end of file
+| Resource                                                                                                     | Description                                                                                                                                                                           |
+| ------------------------------------------------------------------------------------------------------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
+| [Phish submissions](/cloudflare-one/email-security/settings/phish-submissions/)                              | As part of your continuous email security posture, administrators and security analysts need to submit missed phish samples so Cloudflare can process them and take necessary action. |
+| [API integration](/cloudflare-one/email-security/setup/post-delivery-deployment/api/)                        | Onboard your domain via API deployment.                                                                                                                                               |
+| [Impersonation registry](/cloudflare-one/email-security/settings/detection-settings/impersonation-registry/) | The impersonation registry contains combinations of emails of users who are likely to be impersonated.                                                                                |
+| [Trusted domains](/cloudflare-one/email-security/settings/detection-settings/trusted-domains/)               | Trusted domains allows you to identify domains that should be exempted from Email Security detections.                                                                                |
+| [Allow policies](/cloudflare-one/email-security/settings/detection-settings/allow-policies/)                 | Allow policies exempt messages that match certain patterns from normal detection scanning.                                                                                            |
+| [Blocked senders](/cloudflare-one/email-security/settings/detection-settings/blocked-senders/)               | Blocked senders can mark all messages from specific senders with a `MALICIOUS` disposition.                                                                                           |
+| [PhishGuard](/cloudflare-one/email-security/phishguard/)                                                     | PhishGuard is a managed email security service that provides resources for end-to-end phish and targeted attack management and response.                                              |
diff --git a/src/content/docs/learning-paths/secure-o365-email/configure-email-security/active-directory-sync.mdx b/src/content/docs/learning-paths/secure-o365-email/configure-email-security/active-directory-sync.mdx
index c3324c86957941f..dcdc5e415c8b461 100644
--- a/src/content/docs/learning-paths/secure-o365-email/configure-email-security/active-directory-sync.mdx
+++ b/src/content/docs/learning-paths/secure-o365-email/configure-email-security/active-directory-sync.mdx
@@ -15,7 +15,7 @@ To manage a Microsoft directory:
 4. Under **Directory name**, select **MS directory**.
 5. From here, you can manage **Groups** or **Users** directories.
 
-Email Security allows you to view and manage your groups directory and their [impersonation registry](/cloudflare-one/email-security/detection-settings/impersonation-registry/).
+Email Security allows you to view and manage your groups directory and their [impersonation registry](/cloudflare-one/email-security/settings/detection-settings/impersonation-registry/).
 When a group is added to the registry, all members are registered by default.
 
 To manage your group directory, on the **MS directory** page, select **Groups**.
@@ -35,4 +35,4 @@ In addition, Email Security allows you to:
 
 - [Remove groups from the registry](/cloudflare-one/email-security/directories/manage-integrated-directories/manage-groups-directory/#remove-groups-from-registry).
 - [Filter the impersonation registry](/cloudflare-one/email-security/directories/manage-integrated-directories/manage-groups-directory/#filter-impersonation-registry).
-- [Manage users in your directory](/cloudflare-one/email-security/directories/manage-integrated-directories/manage-users-directory/).
\ No newline at end of file
+- [Manage users in your directory](/cloudflare-one/email-security/directories/manage-integrated-directories/manage-users-directory/).
diff --git a/src/content/docs/learning-paths/secure-o365-email/configure-email-security/impersonation-registry.mdx b/src/content/docs/learning-paths/secure-o365-email/configure-email-security/impersonation-registry.mdx
index faea9903af79c00..d2eb18dbf8e6ae7 100644
--- a/src/content/docs/learning-paths/secure-o365-email/configure-email-security/impersonation-registry.mdx
+++ b/src/content/docs/learning-paths/secure-o365-email/configure-email-security/impersonation-registry.mdx
@@ -16,15 +16,15 @@ To add a user to the impersonation registry:
 3. Select **Settings** > **Impersonation registry**.
 4. Select **Add a user**.
 5. Select **Input method**: Choose between **Manual input**, **Upload manual list**, and **Select from existing directories**:
-    - **Manual input**: Enter the following information:
-        - **User info**: enter a valid **Display name**.
-        - **User email**: Enter one of the following:
-            - **Email address**: Enter all known email addresses, separated by a comma.
-            - **Regular expressions**: Must be valid Java expressions.
-    - **Upload manual list**: You can upload a file no larger than 150 KB containing all variables of potential emails. The file must contain `Display_Name` and `Email`, and the first row must be the header row.
-    - **Select from existing directories**:
-        - **Select directory**: Select your directory.
-        - **Add users or groups**: Choose the users or groups you want to register.
+   - **Manual input**: Enter the following information:
+     - **User info**: enter a valid **Display name**.
+     - **User email**: Enter one of the following:
+       - **Email address**: Enter all known email addresses, separated by a comma.
+       - **Regular expressions**: Must be valid Java expressions.
+   - **Upload manual list**: You can upload a file no larger than 150 KB containing all variables of potential emails. The file must contain `Display_Name` and `Email`, and the first row must be the header row.
+   - **Select from existing directories**:
+     - **Select directory**: Select your directory.
+     - **Add users or groups**: Choose the users or groups you want to register.
 6. Select **Save**.
 
-For more information on how to edit and remove users, refer to [Impersonation Registry](/cloudflare-one/email-security/detection-settings/impersonation-registry/#edit-users). 
\ No newline at end of file
+For more information on how to edit and remove users, refer to [Impersonation Registry](/cloudflare-one/email-security/settings/detection-settings/impersonation-registry/#edit-users).
diff --git a/src/content/docs/learning-paths/secure-o365-email/configure-email-security/set-additional-detections.mdx b/src/content/docs/learning-paths/secure-o365-email/configure-email-security/set-additional-detections.mdx
index 50491782c6a44d8..17ae4253e32168e 100644
--- a/src/content/docs/learning-paths/secure-o365-email/configure-email-security/set-additional-detections.mdx
+++ b/src/content/docs/learning-paths/secure-o365-email/configure-email-security/set-additional-detections.mdx
@@ -7,10 +7,10 @@ sidebar:
 
 Email Security allows you to configure the following additional detections:
 
-- [Domain age](/cloudflare-one/email-security/detection-settings/additional-detections/#configure-domain-age)
-- [Blank email detection](/cloudflare-one/email-security/detection-settings/additional-detections/#configure-blank-email-detection)
-- [Automated Clearing House (ACH)](/cloudflare-one/email-security/detection-settings/additional-detections/#configure-ach-change-from-free-email-detection) change from free email detection.
-- [HTML attachment email detection](/cloudflare-one/email-security/detection-settings/additional-detections/#configure-html-attachment-email-detection)
+- [Domain age](/cloudflare-one/email-security/settings/detection-settings/additional-detections/#configure-domain-age)
+- [Blank email detection](/cloudflare-one/email-security/settings/detection-settings/additional-detections/#configure-blank-email-detection)
+- [Automated Clearing House (ACH)](/cloudflare-one/email-security/settings/detection-settings/additional-detections/#configure-ach-change-from-free-email-detection) change from free email detection.
+- [HTML attachment email detection](/cloudflare-one/email-security/settings/detection-settings/additional-detections/#configure-html-attachment-email-detection)
 
 To configure additional detections:
 
@@ -26,8 +26,8 @@ The domain age is the time since the domain has been registered.
 To configure a domain age:
 
 1. On the **Edit additional detections** page:
-    - Select **Malicious domain age**: Controls the threshold for a malicious disposition. Maximum of 100 days.
-    - Select **Suspicious domain age**: Controls the threshold for a suspicious disposition. Maximum of 100 days.
+   - Select **Malicious domain age**: Controls the threshold for a malicious disposition. Maximum of 100 days.
+   - Select **Suspicious domain age**: Controls the threshold for a suspicious disposition. Maximum of 100 days.
 2. Select **Save**.
 
 ## Configure blank email detection
@@ -58,4 +58,4 @@ To enable HTML attachment email detection:
 
 1. On the **Edit additional detections** page, enable **HTML attachment email detection**.
 2. Choose between **Malicious** and **Suspicious**.
-3. Select **Save**.
\ No newline at end of file
+3. Select **Save**.
diff --git a/src/content/docs/learning-paths/secure-o365-email/monitor-your-inbox/index.mdx b/src/content/docs/learning-paths/secure-o365-email/monitor-your-inbox/index.mdx
index a5baade788048ff..aa9b07bc2ffc08d 100644
--- a/src/content/docs/learning-paths/secure-o365-email/monitor-your-inbox/index.mdx
+++ b/src/content/docs/learning-paths/secure-o365-email/monitor-your-inbox/index.mdx
@@ -17,11 +17,11 @@ The dashboard will display the following metrics:
 - Email activity
 - [Disposition evaluation](/cloudflare-one/email-security/reference/dispositions-and-attributes/)
 - Detection details
-- [Impersonations](/cloudflare-one/email-security/detection-settings/impersonation-registry/)
-- [Phish submissions](/cloudflare-one/email-security/phish-submissions/)
-- [Auto-move events](/cloudflare-one/email-security/auto-moves/)
-- [Detection settings metrics](/cloudflare-one/email-security/detection-settings/)
+- [Impersonations](/cloudflare-one/email-security/settings/detection-settings/impersonation-registry/)
+- [Phish submissions](/cloudflare-one/email-security/settings/phish-submissions/)
+- [Auto-move events](/cloudflare-one/email-security/settings/auto-moves/)
+- [Detection settings metrics](/cloudflare-one/email-security/settings/detection-settings/)
 
 Email activity aggregates statistics about emails scanned and dispositions assigned (the number of email flagged due to a detection) within a given timeframe.
 
-To view the live number of email scanned and dispositions scanned, enable **Live mode**.
\ No newline at end of file
+To view the live number of email scanned and dispositions scanned, enable **Live mode**.
diff --git a/src/content/docs/learning-paths/secure-o365-email/monitor-your-inbox/monitor-detections.mdx b/src/content/docs/learning-paths/secure-o365-email/monitor-your-inbox/monitor-detections.mdx
index 0da7248705d2a83..e901a8619484cc1 100644
--- a/src/content/docs/learning-paths/secure-o365-email/monitor-your-inbox/monitor-detections.mdx
+++ b/src/content/docs/learning-paths/secure-o365-email/monitor-your-inbox/monitor-detections.mdx
@@ -7,14 +7,14 @@ sidebar:
 
 Spam and Malicious emails are blocked outright by Email Security, but Suspicious and Spoof dispositions should be monitored. Suspicious messages should be investigated by a security analyst to determine the legitimacy of the message.
 
-[PhishGuard](/cloudflare-one/email-security/phish-guard/) (Cloudflare's managed email security service) can review these messages for you and move them from the end user inbox if they are deemed malicious.
+[PhishGuard](/cloudflare-one/email-security/phishguard/) (Cloudflare's managed email security service) can review these messages for you and move them from the end user inbox if they are deemed malicious.
 
 Messages that receive a Spoof disposition should be investigated because it signals that the traffic is either non-compliant with your email authentication process [SPF](https://www.cloudflare.com/en-gb/learning/dns/dns-records/dns-spf-record/), [DKIM](https://www.cloudflare.com/en-gb/learning/dns/dns-records/dns-dkim-record/), [DMARC](https://www.cloudflare.com/en-gb/learning/dns/dns-records/dns-dmarc-record/), or has a mismatching Envelope From and Header From value.
 
 In most cases, a Spoof disposition is triggered by a legitimate third-party mail service. If you determine that the Spoofed email is a legitimate business use case, you can either:
 
 - Update your email authentication records.
-- Add an acceptable sender [allow policy](/cloudflare-one/email-security/detection-settings/allow-policies/) to exempt messages from the Spam, Spoof, or Bulk disposition, but not Malicious or Suspicious, so the content of the message can still be monitored.
+- Add an acceptable sender [allow policy](/cloudflare-one/email-security/settings/detection-settings/allow-policies/) to exempt messages from the Spam, Spoof, or Bulk disposition, but not Malicious or Suspicious, so the content of the message can still be monitored.
 
 ## Search email messages
 
@@ -28,8 +28,8 @@ There are three ways for searching emails:
 - Regular screen: A regular screen allows you to investigate your inbox by inserting a term to screen across all criteria.
 - Advanced screen: The advanced screen criteria gives you the option to narrow message results based on specific criteria. The advanced screen has several options (such as keywords, subject keywords, sender domain, and more) to scan your inbox.
 
-Additional information on search can be found on the [Screen criteria](/cloudflare-one/email-security/email-monitoring/search-email/#screen-criteria) documentation.
+Additional information on search can be found on the [Screen criteria](/cloudflare-one/email-security/monitoring/search-email/#screen-criteria) documentation.
 
 ### Export messages
 
-With Email Security, you can export messages to a CSV file. Via the dashboard, you can export up to 1,000 rows. If you want to export all messages, you can use the [API](https://developers.cloudflare.com/api/resources/email_security/subresources/investigate/methods/get/). 
\ No newline at end of file
+With Email Security, you can export messages to a CSV file. Via the dashboard, you can export up to 1,000 rows. If you want to export all messages, you can use the [API](https://developers.cloudflare.com/api/resources/email_security/subresources/investigate/methods/get/).
diff --git a/src/content/docs/learning-paths/secure-o365-email/monitor-your-inbox/phish-submissions.mdx b/src/content/docs/learning-paths/secure-o365-email/monitor-your-inbox/phish-submissions.mdx
index 0167504dc67223e..9755a0a4f8f84a4 100644
--- a/src/content/docs/learning-paths/secure-o365-email/monitor-your-inbox/phish-submissions.mdx
+++ b/src/content/docs/learning-paths/secure-o365-email/monitor-your-inbox/phish-submissions.mdx
@@ -7,11 +7,11 @@ sidebar:
 
 While Email Security offers industry leading detection efficacy due to Cloudflare's Threat Intelligence, Preemptive Threat Hunting (actor and campaign infrastructure hunting with 8B, plus campaign threat signals assessed every day) and ML-Based Detection Models (Trust Graphs Computer Vision, Sentiment/Thread/Structural Analysis, Industry/Natural Language Understanding Modeling) false negatives and false positive can occur.
 
-There are two different ways to [submit a phish](/cloudflare-one/email-security/phish-submissions/) sample:
+There are two different ways to [submit a phish](/cloudflare-one/email-security/settings/phish-submissions/) sample:
 
 - User submission:
-    - Submitted directly by the end user, and used with phish submission buttons. To learn more about user-submitted phish, refer to [PhishNet for Microsoft O365](/cloudflare-one/email-security/phish-submissions/#phishnet-o365).
-    - User submissions can create another challenge for your organization. While it is important for end users to be vigilant and report what they believe may be a phishing email, they are often wrong. About 90% of the time, when an end user reports a missed phishing email, they are mistaken. This puts an extra burden on busy security teams as they sift through end user reports. The PhishGuard team at Cloudflare can solve this problem for your organization by reviewing end user submissions for you.
+  - Submitted directly by the end user, and used with phish submission buttons. To learn more about user-submitted phish, refer to [PhishNet for Microsoft O365](/cloudflare-one/email-security/settings/phish-submissions/#phishnet-o365).
+  - User submissions can create another challenge for your organization. While it is important for end users to be vigilant and report what they believe may be a phishing email, they are often wrong. About 90% of the time, when an end user reports a missed phishing email, they are mistaken. This puts an extra burden on busy security teams as they sift through end user reports. The PhishGuard team at Cloudflare can solve this problem for your organization by reviewing end user submissions for you.
 - Admin submission:
-    - To be used when IT administrators or security teams submit to Email Security. Submit original phish samples as an attachment in EML format to the appropriate team submission address.
-    - Within the Email Security dashboard, Phish submissions will allow you to have a full understanding of what reclassification has been made and what the outcomes of those submissions are.
\ No newline at end of file
+  - To be used when IT administrators or security teams submit to Email Security. Submit original phish samples as an attachment in EML format to the appropriate team submission address.
+  - Within the Email Security dashboard, Phish submissions will allow you to have a full understanding of what reclassification has been made and what the outcomes of those submissions are.
diff --git a/src/content/docs/learning-paths/secure-o365-email/monitor-your-inbox/phishguard.mdx b/src/content/docs/learning-paths/secure-o365-email/monitor-your-inbox/phishguard.mdx
index 28291a037dcaabf..9fdcbe8d5e05f5a 100644
--- a/src/content/docs/learning-paths/secure-o365-email/monitor-your-inbox/phishguard.mdx
+++ b/src/content/docs/learning-paths/secure-o365-email/monitor-your-inbox/phishguard.mdx
@@ -5,7 +5,7 @@ sidebar:
   order: 5
 ---
 
-[PhishGuard](/cloudflare-one/email-security/phish-guard/) serves as an extension of your Security Operations team with dedicated Email Security technical resources providing real-time monitoring of your email environment. The Active Defense Service provides:
+[PhishGuard](/cloudflare-one/email-security/phishguard/) serves as an extension of your Security Operations team with dedicated Email Security technical resources providing real-time monitoring of your email environment. The Active Defense Service provides:
 
 - Customized notification and responses for fraud and insider threats.
 - Reclassification of messages if the disposition is incorrect.
@@ -19,4 +19,4 @@ As a PhishGuard customer, the following service offerings should be enabled:
 - Escalation contacts must be configured in the Email Security dashboard: This allows for email reports to be delivered regarding high risk items identified and responded to by the team.
 - Auto-moves should be enabled and configured for quarantine of identified items: Malicious should be prioritized, but configuring Spam for a move to junk/trash or even soft delete may also be highly useful to the client.
 
-Refer to the [PhishGuard](/cloudflare-one/email-security/phish-guard/) documentation to learn more about this add-on service.
\ No newline at end of file
+Refer to the [PhishGuard](/cloudflare-one/email-security/phishguard/) documentation to learn more about this add-on service.