diff --git a/public/__redirects b/public/__redirects index 0c8913ba01dda37..abae4a80d42bd91 100644 --- a/public/__redirects +++ b/public/__redirects @@ -2314,6 +2314,8 @@ /cloudflare-one/email-security/reference/domain-information/ /cloudflare-one/email-security/settings/domain-management/domain/ 301 /cloudflare-one/email-security/settings/configure-text-add-ons/ /cloudflare-one/email-security/settings/detection-settings/configure-text-add-ons/ 301 /cloudflare-one/email-security/settings/trusted-domains/ /cloudflare-one/email-security/settings/detection-settings/trusted-domains/ 301 +/cloudflare-one/email-security/monitoring/search-email/ /cloudflare-one/email-security/investigation/search-email/ 301 +/cloudflare-one/email-security/settings/invalid-submissions/ /cloudflare-one/email-security/reclassifications/invalid-submissions/ 301 # ============================================================================ # DYNAMIC REDIRECTS diff --git a/src/content/changelog/email-security-cf1/2025-02-07-open-links-security-center.mdx b/src/content/changelog/email-security-cf1/2025-02-07-open-links-security-center.mdx index 5e4e5a9de9aa247..5a88e09b8c95b0c 100644 --- a/src/content/changelog/email-security-cf1/2025-02-07-open-links-security-center.mdx +++ b/src/content/changelog/email-security-cf1/2025-02-07-open-links-security-center.mdx @@ -10,7 +10,7 @@ You can now investigate links in emails with Cloudflare Security Center to gener From **Investigation**, go to **View details**, and look for the **Links identified** section. Select **Open in Security Center** next to each link. **Open in Security Center** allows your team to quickly generate a detailed report about the link with no risk to the analyst or your environment. -For more details, refer to [Open links](/cloudflare-one/email-security/monitoring/search-email/#open-links). +For more details, refer to [Open links](/cloudflare-one/email-security/investigation/search-email/#open-links). This feature is available across these Email security packages: diff --git a/src/content/changelog/email-security-cf1/2025-05-15-open-links-browser-isolation.mdx b/src/content/changelog/email-security-cf1/2025-05-15-open-links-browser-isolation.mdx index 7d8ed14aab541ab..c4352bb034a30ab 100644 --- a/src/content/changelog/email-security-cf1/2025-05-15-open-links-browser-isolation.mdx +++ b/src/content/changelog/email-security-cf1/2025-05-15-open-links-browser-isolation.mdx @@ -8,7 +8,7 @@ You can now safely open links in emails to view and investigate them. ![Open links with Browser Isolation](~/assets/images/changelog/email-security/investigate-links.jpg) -From **Investigation**, go to **View details**, and look for the **Links identified** section. Next to each link, the Cloudflare dashboard will display an **Open in Browser Isolation** icon which allows your team to safely open the link in a clientless, isolated browser with no risk to the analyst or your environment. Refer to [Open links](/cloudflare-one/email-security/monitoring/search-email/#open-links) to learn more about this feature. +From **Investigation**, go to **View details**, and look for the **Links identified** section. Next to each link, the Cloudflare dashboard will display an **Open in Browser Isolation** icon which allows your team to safely open the link in a clientless, isolated browser with no risk to the analyst or your environment. Refer to [Open links](/cloudflare-one/email-security/investigation/search-email/#open-links) to learn more about this feature. To use this feature, you must: diff --git a/src/content/changelog/email-security-cf1/2025-09-23-invalid-submissions.mdx b/src/content/changelog/email-security-cf1/2025-09-23-invalid-submissions.mdx index 7123055b159bb37..855454d31940dff 100644 --- a/src/content/changelog/email-security-cf1/2025-09-23-invalid-submissions.mdx +++ b/src/content/changelog/email-security-cf1/2025-09-23-invalid-submissions.mdx @@ -16,7 +16,7 @@ To ensure all customer feedback is actionable, we have launched two new features ![EmailSec-Invalid-Submissions-Dashboard](~/assets/images/changelog/email-security/EmailSec-Invalid-Submissions-Dashboard.png) -Learn more about this feature on [invalid submissions](https://developers.cloudflare.com/cloudflare-one/email-security/monitoring/search-email/#invalid-submissions). +Learn more about this feature on [invalid submissions](/cloudflare-one/email-security/reclassifications/invalid-submissions/). This feature is available across these Email security packages: diff --git a/src/content/docs/cloudflare-one/email-security/investigation/search-email.mdx b/src/content/docs/cloudflare-one/email-security/investigation/search-email.mdx index bf4bafb6b07e8b7..82454719887bfe3 100644 --- a/src/content/docs/cloudflare-one/email-security/investigation/search-email.mdx +++ b/src/content/docs/cloudflare-one/email-security/investigation/search-email.mdx @@ -72,47 +72,6 @@ To modify your screening criteria, under **Active screen criteria**, select **Mo To reset your screening criteria, select **Reset**. -## Reclassify messages - -Reclassifying messages allows you to choose the disposition of your messages if the disposition is incorrect. - -To reclassify a message: - -1. In [Cloudflare One](https://one.dash.cloudflare.com/), go to **Email security** and select **Investigation**. -2. On the Investigation page, under **Your matching messages**, select the message you want to reclassify. -3. Select the three dots, then select **Request reclassification**. -4. Under **New disposition**, select among the following: - - **Malicious**: Traffic invoked multiple phishing verdict triggers, met thresholds for bad behavior, and is associated with active campaigns. - - **Spoof**: Traffic associated with phishing campaigns that is either non-compliant with your email authentication policies (SPF, DKIM, DMARC) or has mismatching Envelope From and Header From values. - - **Spam**: Traffic associated with non-malicious, commercial campaigns. - - **Bulk**: Traffic associated with [Graymail](https://en.wikipedia.org/wiki/Graymail_%28email%29), that falls in between the definitions of SPAM and SUSPICIOUS. For example, a marketing email that intentionally obscures its unsubscribe link. - - **Clean**: Traffic not associated with any phishing campaigns. -5. Select **Save**. - -To reclassify messages in bulk, select **Select all messages** > **Action** > **Request reclassification**. - -To release messages in bulk, select **Select all messages** > **Action** > **Release**. - -### Upload EML files - -Email security classifies certain emails as "Clean". If you disagree with the disposition, you can upload an EML file and reclassify the email. - -On the **Investigation** page: - -1. Go to the email marked as Clean. -2. Select the three dots > **Request reclassification**. -3. Upload the EML file. -4. Select a new disposition. -5. Select **Save**. - -Once you have reclassified your messages, you can access those on Reclassifications. - -To view reclassifications: - -1. Log in to [Cloudflare One](https://one.dash.cloudflare.com/). -2. Select **Email security** > **Reclassifications**. -3. Choose **Team submissions** to view emails your security team submitted for reclassification, or **User submissions** to view emails your users submitted for reclassification. - ## Move messages Moving messages allows you to move messages to a specific folder. You can move up to 1,000 messages at a time. diff --git a/src/content/docs/cloudflare-one/email-security/monitoring/search-email.mdx b/src/content/docs/cloudflare-one/email-security/monitoring/search-email.mdx deleted file mode 100644 index 20dd85591317f39..000000000000000 --- a/src/content/docs/cloudflare-one/email-security/monitoring/search-email.mdx +++ /dev/null @@ -1,331 +0,0 @@ ---- -title: Search email -pcx_content_type: how-to -sidebar: - order: 2 ---- - -With Email security, you can use different screen criteria to search through your email, reclassify and move a certain volume of messages, find similar emails, and export messages. - -## Screen criteria - -Email security allows you to use popular, regular, and advanced screening criteria to search through your inbox. Advanced screening will give you the most in-depth investigation of your inbox. - -To screen through your email traffic: - -1. Log in to [Cloudflare One](https://one.dash.cloudflare.com/). -2. Select **Email security**. -3. Select **Investigation**, then **Run new screen**. -4. Choose between **Popular**, **Regular**, and **Advanced** screen methods. Refer to the explanation below to learn what each method does. - -The results will be displayed on a table. The table allows you to review and take action on the messages that match your chosen screening criteria. - -### Popular screen - -A popular screen allows you to view messages based on common pre-defined criteria. - -To use a popular screen criteria: - -1. Under **Method**, select **Popular screens**. -2. Select one of the following criteria: - - **Moved emails**: View emails automatically or manually moved within the last seven days. - - **Reclassified emails**: Emails that had their disposition reclassified within the last seven days. - - **Malicious emails**: Emails assigned the malicious disposition within the last seven days. - - **Spoof emails**: Emails assigned the spoof disposition within the last seven days. - - **Suspicious emails**: Emails assigned the suspicious disposition within the last seven days. - - **Spam emails**: Emails assigned to the spam disposition within the last seven days. -3. Select **Run screen**. - -To modify your screening criteria, under **Active screen criteria**, select **Modify**. - -### Regular screen - -A regular screen allows you to investigate your inbox by inserting a term to screen across all criteria. - -To use a regular screen criteria: - -1. Under **Method**, select **Regular screen**. -2. Select a **Date range**. -3. Enter a keyword. -4. Select **Run screen**. - -To include all emails as part of the search, enable **Include all mail**. - -To modify your screening criteria, under **Active screen criteria**, select **Modify**. - -To reset your screening criteria, select **Reset**. - -### Advanced screen - -The advanced screen criteria gives you the option to narrow message results based on specific criteria. The advanced screen has several options (such as keywords, subject keywords, sender domain, and more) to scan your inbox. - -To use advanced screen criteria: - -1. Under **Method**, select **Advanced screen**. -2. (Required) Select a date range. -3. (Optional) Fill in the other fields. All fields, except for **Subject**, must be filled with one value only. -4. Select **Run screen**. - -To include all emails as part of the search, enable **Include all mail**. - -To modify your screening criteria, under **Active screen criteria**, select **Modify**. - -To reset your screening criteria, select **Reset**. - -## Reclassify messages - -Reclassifying messages allows you to choose the disposition of your messages if the disposition is incorrect. - -To reclassify a message: - -1. In [Cloudflare One](https://one.dash.cloudflare.com/), go to **Email security** and select **Investigation**. -2. On the **Investigation** page, under **Your matching messages**, select the message you want to reclassify. -3. Select the three dots, then select **Request reclassification**. -4. Under **New disposition**, select among the following: - - **Malicious**: Traffic invoked multiple phishing verdict triggers, met thresholds for bad behavior, and is associated with active campaigns. - - **Spoof**: Traffic associated with phishing campaigns that is either non-compliant with your email authentication policies (SPF, DKIM, DMARC) or has mismatching Envelope From and `Header From` values. - - **Spam**: Traffic associated with non-malicious, commercial campaigns. - - **Bulk**: Traffic associated with [Graymail](https://en.wikipedia.org/wiki/Graymail_%28email%29), that falls in between the definitions of `SPAM` and `SUSPICIOUS`. For example, a marketing email that intentionally obscures its unsubscribe link. - - **Clean**: Traffic not associated with any phishing campaigns. -5. Select **Save**. - -To reclassify messages in bulk, select **Select all messages** > **Action** > **Request reclassification**. - -To release messages in bulk, select **Select all messages** > **Action** > **Release**. - -### Upload EML files - -Email security classifies certain emails as "Clean". If you disagree with the disposition, you can upload an EML file and reclassify the email. - -On the **Investigation** page: - -1. Go to the email marked as **Clean**. -2. Select the three dots > **Request reclassification**. -3. Upload the EML file. -4. Select a new disposition. -5. Select **Save**. - -Once you have reclassified your messages, you can access those on **Reclassifications**. - -To view reclassifications: - -1. Log in to [Cloudflare One](https://one.dash.cloudflare.com/). -2. Select **Email security** > **Reclassifications**. -3. Choose **Team submissions** to view emails your security team submitted for reclassification, or **User submissions** to view emails your users submitted for reclassification. - -### Team submissions - -Team submissions are the emails your security team submitted for reclassification. All team submissions receive a human review by Cloudflare. - -Select among the following filters: - -- **Date Range**: You can select a date range from the last 7, last 30, and last 90 days. -- **Original disposition**: Select among the [available values](/cloudflare-one/email-security/reference/dispositions-and-attributes/#available-values). -- **Submitted as**: Select among the [available values](/cloudflare-one/email-security/reference/dispositions-and-attributes/#available-values). -- **Final disposition**: Select among the [available values](/cloudflare-one/email-security/reference/dispositions-and-attributes/#available-values). -- **Escalation**: Filter by team submissions that have been escalated or not. Select among `Yes`, `No`, or `All`. - -Once you have selected all the filters, select **Apply filters**. - -The dashboard will populate the table with the list of emails your security team submitted for reclassification, including a **Submission ID**, and the **Email subject**. - -To gain more details on a specific reclassification: - -1. Go to the reclassification you want to have more details for. -2. Select the three dots > select among **View more**, **View email message** and **View similar details**. - -### User submissions - -User submissions are the emails your users submitted for reclassification. User submissions help enhance our detection model, but can be escalated for human review. - -Any email that is reported as [phish](/cloudflare-one/email-security/settings/phish-submissions/#reclassify-an-email) will be displayed under **User submissions**. - -:::note -[PhishGuard](/cloudflare-one/email-security/phishguard/) customers can have submissions analyzed when submitting at either user or team level. Any non-PhishGuard customer can still have submissions analyzed by submitting at team level. -::: - -Select among the following filters: - -- **Date Range**: Select a date range from the last 7, last 30, and last 90 days. -- **Original disposition**: Select among the [available values](/cloudflare-one/email-security/reference/dispositions-and-attributes/#available-values). -- **Submitted as**: Select among the [available values](/cloudflare-one/email-security/reference/dispositions-and-attributes/#available-values). - -Once you have selected all the filters, select **Apply filters**. - -The dashboard will populate the table with the list of emails your users submitted for reclassification, including a **Submission ID**, and the **Email subject**. - -To gain more details on a specific reclassification: - -1. Go to the reclassification you want to have more details for. -2. Select the three dots > select among **View more**, **View email message**, **View similar details**, and **Escalate**. - -To escalate a reclassification: - -1. Go to the reclassification you want to escalate. -2. Select the three dots > select **Escalate**. -3. The dashboard will display a message to authorize escalation. Select **Escalate**. - -## Move messages - -Moving messages allows you to move messages to a specific folder. You can move up to 1,000 messages at a time. - -To move messages: - -1. In [Cloudflare One](https://one.dash.cloudflare.com/), go to **Email security**, and select **Investigation**. -2. On the **Investigation** page, select all the messages you want to move. -3. Select the **Action** dropdown, then select **Move**. -4. Select among one of the following folders: - - **Inbox**: Move messages to the primary email folder. - - **Junk email**: Move messages to the junk or spam folder. - - **Trash**: Move messages to the trash or deleted items email folder. - - **Soft delete (user recoverable)**: Move messages to the user's Deleted Items folder. This option is for Microsoft 365 only. - - **Hard delete (admin recoverable)**: Delete messages from a user's inbox. -5. Select **Save**. - -To move messages in bulk, select **Select all messages** > **Action** > **Move**. - -## Find similar emails - -Each detection has an Email Detection Fingerprint (EDF) hash that Email security sends to the Search API to retrieve similar detections. - -To find similar detection results: - -1. In [Cloudflare One](https://one.dash.cloudflare.com/), go to **Email security**, and select **Investigation**. -2. On the **Investigation** page, under **Your matching messages**, search for the **Similar emails** column. -3. Select the number of similar emails. Selecting the number will show you a list of similar emails. - -## Export messages - -With Email security, you can export messages to a CSV file. - -To export messages: - -1. In [Cloudflare One](https://one.dash.cloudflare.com/), go to **Email security**, and select **Investigation**. -2. On the **Investigation** page, under **Your matching messages**, select **Export to CSV**. -3. Select **Export messages** on the pop-up message. You can export up to 500 messages from the dashboard. To export up to 1,000 matching messages, use the [API](/api/resources/email_security/subresources/investigate/methods/get/). - -To export messages in bulk, select **Select all messages** > **Export to CSV**. - -## Email status - -Email security allows you to review the status and actions of each email. - -To view status and actions for each email: - -1. In [Cloudflare One](https://one.dash.cloudflare.com/), go to **Email security**, and select **Investigation**. -2. On the **Investigation** page, select the three dots. -3. Selecting the three dots will show you the following options: - - If the email is quarantined: - - **View details**: Refer to [Email details](/cloudflare-one/email-security/monitoring/search-email/#email-details) to learn more. - - **View similar emails**: Find similar emails based on the `value_edf_hash` (Electronic Detection Fingerprint hash). - - **Release**: Email security will no longer quarantine your chosen messages. - - **Request reclassification**: Choose the dispositions of your messages if they are incorrect. Refer to [Reclassify messages](/cloudflare-one/email-security/monitoring/search-email/#reclassify-messages) to learn more. -4. If the email is not quarantined: - - **View details**. - - **View similar emails**. - - **View submission detail**. - - [Move](/cloudflare-one/email-security/settings/auto-moves/) (only available if you authorized moves). - - [Request reclassification](/cloudflare-one/email-security/investigation/search-email/#reclassify-messages). - -## Email details - -Email security shows you the following email detail information: - -- Details -- Action log -- Raw message -- Mail trace - -### Details - -Email security displays the following details: - -1. **Threat type**: Threat type of the email, for example, [credential harvester](/cloudflare-one/email-security/reference/how-es-detects-phish/#credential-harvesters), and [IP-based spam](/cloudflare-one/email-security/reference/how-es-detects-phish/#ip-based-spam). -2. **Validation**: Email validation methods [SPF](https://www.cloudflare.com/learning/dns/dns-records/dns-spf-record/), [DKIM](https://www.cloudflare.com/learning/dns/dns-records/dns-dkim-record/), [DMARC](https://www.cloudflare.com/learning/dns/dns-records/dns-dmarc-record/). The dashboard will display **Pass** if SPF, DKIM and DMARC checks have passed. -3. **Sender details**: Information include: - - IP address - - Registered domain - - Autonomous sys number: This number identifies your [autonomous system (AS)](https://www.cloudflare.com/en-gb/learning/network-layer/what-is-an-autonomous-system/). - - Autonomous sys name: This name identifies your autonomous system (AS). - - Country -4. **Links identified**: A list of malicious links identified by Email security. Refer to [Open links](/cloudflare-one/email-security/monitoring/search-email/#open-links) to open links in Security Center, Browser Isolation or an external tool of your choice. -5. **Attachments**: If an email has an attachment, the Cloudflare dashboard will display the filename, and the disposition assigned. You can open attachments in [Browser Isolation](/cloudflare-one/remote-browser-isolation/). Only PDF files are currently supported. -6. **Reasons for disposition**: Description of why the email was deemed as malicious, suspicious, or spam. - -#### Open links - -You can open links in [Security Center](/security-center/) or [Browser Isolation](/cloudflare-one/remote-browser-isolation/), or copy and paste the link so you can investigate content in external tools. - -To open links in Security Center: - -1. In [Cloudflare One](https://one.dash.cloudflare.com/), go to **Email security** > **Investigation**. -2. Locate the message you want to open links for, select the three dots, then select **View details**. -3. Under **Details**, go to **Links identified**. -4. Locate the link you want to open, and select **Open in Security Center**. -5. You will be redirected to **Investigate** in the Cloudflare dashboard. -6. Select **Scan now**. -7. The dashboard will generate a report for your link. - -To open links in Browser Isolation: - -1. In [Cloudflare One](https://one.dash.cloudflare.com/), go to **Email security** > **Investigation**. -2. Locate the message you want to open links for, select the three dots, then select **View details**. -3. Under **Details**, go to **Links identified**. -4. Locate the link you want to open, and select **Open in Browser Isolation**. -5. The link will open in a separate window where you will be able to browse the content securely. - -Alternatively, you can directly [open links in Browser Isolation](/cloudflare-one/remote-browser-isolation/setup/clientless-browser-isolation/#open-links-in-browser-isolation). - -:::note -If you purchased [Gateway](/cloudflare-one/traffic-policies/) and [Browser Isolation](/cloudflare-one/remote-browser-isolation/), you can perform more actions when opening links. - -When opening links, Email security will not allow you to: - -- [Copy (from remote to client)](/cloudflare-one/remote-browser-isolation/isolation-policies/#copy-from-remote-to-client) -- [Paste (from client to remote)](/cloudflare-one/remote-browser-isolation/isolation-policies/#paste-from-client-to-remote) -- Use [keyboard](/cloudflare-one/remote-browser-isolation/isolation-policies/#keyboard) -- [Print](/cloudflare-one/remote-browser-isolation/isolation-policies/#printing) -- [Download files](/cloudflare-one/remote-browser-isolation/isolation-policies/#file-downloads) -- [Uploads files](/cloudflare-one/remote-browser-isolation/isolation-policies/#file-uploads) - -::: - -To open and investigate a link in an external tool: - -1. In [Cloudflare One](https://one.dash.cloudflare.com/), go to **Email security** > **Investigation**. -2. Locate the message you want to open links for, select the three dots, then select **View details**. -3. Under **Details**, go to **Links identified**. -4. Locate the link you want to open, and select **Copy URL**. -5. Paste the link in your external tool. - -:::caution -You may encounter a `400 Bad Request` error after turning **Clientless Web Isolation** on. - -If you encounter this error: - -1. In [Cloudflare One](https://one.dash.cloudflare.com/), go to **Settings** > **Resources**. -2. Select **Generate certificate**. -3. Choose the **Expiration** (5 years is recommended), then select **Generate certificate**. Your certificate is now generated, and the dashboard will display its **Deployment Status** as **INACTIVE**. -4. Select the three dots, and then select **Activate** to activate your certificate. -5. Select the three dots, and then select **Mark as in-use**. -6. Your certificate deployment status should display **AVAILABLE IN-USE**. - ::: - -### Action log - -Action log allows you to review post-delivery actions performed on your selected message. The action log displays: - -- **Date**: Date when the post-delivery action was performed. -- **Activity**: The activity taken on an email. For example, moving the email to the trash folder, releasing a quarantined email, and more. - -### Raw message - -Raw message allows you to view the raw details of the message. You can also choose to download the email message. To download the message, select **Download .EML**. - -### Mail trace - -Mail trace allows you to track the path your selected message took from the sender to the recipient. Mail trace displays: - -- **Date**: The date and time when the mail was tracked. -- **Type**: An email can be inbound (email sent to you from another email), or outbound (emails sent from your email address). -- **Activity**: The activity taken on an email. For example, moving the email to the trash folder, releasing a quarantined email, and more. diff --git a/src/content/docs/cloudflare-one/email-security/phishguard.mdx b/src/content/docs/cloudflare-one/email-security/phishguard.mdx index f0ba28ec71202dd..d55dbc9f21dab74 100644 --- a/src/content/docs/cloudflare-one/email-security/phishguard.mdx +++ b/src/content/docs/cloudflare-one/email-security/phishguard.mdx @@ -9,7 +9,7 @@ PhishGuard is a team of analysts that routinely inspects your email environment While Email security uses advanced technologies to protect your email inbox, PhishGuard offers an additional human component to protect your email environment against impersonation events, suspicious items, false negatives/false positives, and any new event that automated intelligent systems may miss due to a lack of context (for example, a compromised account activity). -PhishGuard only works on a post-delivery environment (only emails that have already landed in your email inbox are reviewed). As a result, PhishGuard analysts may perform a [reclassification](/cloudflare-one/email-security/investigation/search-email/#reclassify-messages) or [auto-move](/cloudflare-one/email-security/settings/auto-moves/) based on their findings. +PhishGuard only works on a post-delivery environment (only emails that have already landed in your email inbox are reviewed). As a result, PhishGuard analysts may perform a [reclassification](/cloudflare-one/email-security/reclassifications/#reclassify-messages) or [auto-move](/cloudflare-one/email-security/settings/auto-moves/) based on their findings. PhishGuard coordinates with the email detections team, allowing you to directly request immediate detection for specific items and implement custom detections unique to your needs. An example of this is requesting to block all PayPal traffic if you do not use PayPal for invoicing. This capability allows you to take ownership over the rules governing your email environment through PhishGuard's human intervention. diff --git a/src/content/docs/cloudflare-one/email-security/reclassifications/invalid-submissions.mdx b/src/content/docs/cloudflare-one/email-security/reclassifications/invalid-submissions.mdx index cb92ab2e2bd8573..2c93305c655faa6 100644 --- a/src/content/docs/cloudflare-one/email-security/reclassifications/invalid-submissions.mdx +++ b/src/content/docs/cloudflare-one/email-security/reclassifications/invalid-submissions.mdx @@ -26,3 +26,11 @@ To view invalid submissions: You can search by submission ID or submitted email. You can filter based on **Date Range** and **Submitted by** (which will list emails that made the invalid submissions). Once you have configured your desired filters, select **Apply filters**. + +## Enable notifications + +To enable Invalid submission email notifications: + +1. Log in to [Cloudflare One](https://one.dash.cloudflare.com/). +2. Select **Email security** > **Settings**. +3. Go to **Invalid submission emails** and turn on **Invalid submission email notifications**. \ No newline at end of file diff --git a/src/content/docs/cloudflare-one/email-security/retro-scan.mdx b/src/content/docs/cloudflare-one/email-security/retro-scan.mdx index bebf20a24b5d975..233ac49c7ea66b9 100644 --- a/src/content/docs/cloudflare-one/email-security/retro-scan.mdx +++ b/src/content/docs/cloudflare-one/email-security/retro-scan.mdx @@ -39,4 +39,4 @@ Overview displays the total scanned domains. The overview shows you: Details allows you to review the first 1,000 emails assigned a disposition. -Select an email to review [details](/cloudflare-one/email-security/monitoring/search-email/#details) about the message. +Select an email to review [details](/cloudflare-one/email-security/investigation/search-email/#details) about the message. diff --git a/src/content/docs/cloudflare-one/email-security/settings/detection-settings/allow-policies.mdx b/src/content/docs/cloudflare-one/email-security/settings/detection-settings/allow-policies.mdx index 6ca800def019b81..2a9b96b5c55a6af 100644 --- a/src/content/docs/cloudflare-one/email-security/settings/detection-settings/allow-policies.mdx +++ b/src/content/docs/cloudflare-one/email-security/settings/detection-settings/allow-policies.mdx @@ -77,7 +77,7 @@ The following use cases show how you could configure allow policies for accept s To solve this: - 1. Create a [team submission](/cloudflare-one/email-security/monitoring/search-email/#team-submissions). + 1. Create a [team submission](/cloudflare-one/email-security/reclassifications/team-submissions/). 2. Inform your Cloudflare contact about the escalation. 3. Do not set up allow policies or blocked senders. In this use case, configuring allow policies will create a security gap. Setting up blocked senders will block legitimate emails from providers such as Shopify, PayPal, and Docusign. diff --git a/src/content/docs/cloudflare-one/email-security/settings/invalid-submissions.mdx b/src/content/docs/cloudflare-one/email-security/settings/invalid-submissions.mdx deleted file mode 100644 index f772ba6a96828f6..000000000000000 --- a/src/content/docs/cloudflare-one/email-security/settings/invalid-submissions.mdx +++ /dev/null @@ -1,18 +0,0 @@ ---- -pcx_content_type: navigation -title: Invalid submissions -sidebar: - order: 5 - group: - hideIndex: true ---- - -You can be notified by email when you provide an invalid submission. - -To turn on Invalid submission email notifications: - -1. Log in to [Cloudflare One](https://one.dash.cloudflare.com/). -2. Select **Email security** > **Settings**. -3. Go to **Invalid submission emails** and turn on **Invalid submission email notifications**. - -Refer to [Invalid submission](/cloudflare-one/email-security/reclassifications/invalid-submissions/) to learn more. \ No newline at end of file diff --git a/src/content/docs/cloudflare-one/email-security/settings/phish-submissions/index.mdx b/src/content/docs/cloudflare-one/email-security/settings/phish-submissions/index.mdx index 1339b67f306c26a..454bfba8b8b2bb3 100644 --- a/src/content/docs/cloudflare-one/email-security/settings/phish-submissions/index.mdx +++ b/src/content/docs/cloudflare-one/email-security/settings/phish-submissions/index.mdx @@ -24,4 +24,4 @@ There are three routes you can use to report an email as a phish: 3. On the **Investigation** page, under **Your matching messages**, select the message you want to reclassify. Select the three dots, then select **Request reclassification**. By selecting **Request reclassification**, you are requesting a new disposition for the message. 4. Select the new disposition, then select **Save**. -When you report an email as phish, this email will be displayed under [User submissions](/cloudflare-one/email-security/monitoring/search-email/#user-submissions). +When you report an email as phish, this email will be displayed under [User submissions](/cloudflare-one/email-security/reclassifications/user-submissions/). diff --git a/src/content/docs/cloudflare-one/email-security/setup/index.mdx b/src/content/docs/cloudflare-one/email-security/setup/index.mdx index cd138ae8e2eb747..5fb8fd1de747ed2 100644 --- a/src/content/docs/cloudflare-one/email-security/setup/index.mdx +++ b/src/content/docs/cloudflare-one/email-security/setup/index.mdx @@ -91,11 +91,11 @@ You should review your impersonation registry on a quarterly basis as roles chan ## 4. Reclassify messages -A reclassification is a change to an email's disposition **after** initial scanning. It is Cloudflare's built-in feedback loop for correcting false positives/negatives **and** training the detection models to get smarter over time. Refer to [Reclassify messages](/cloudflare-one/email-security/investigation/search-email/#reclassify-messages) to learn how to reclassify a message. +A reclassification is a change to an email's disposition **after** initial scanning. It is Cloudflare's built-in feedback loop for correcting false positives/negatives **and** training the detection models to get smarter over time. Refer to [Reclassify messages](/cloudflare-one/email-security/reclassifications/#reclassify-messages) to learn how to reclassify a message. ### Who can reclassify messages -[Security teams](/cloudflare-one/email-security/monitoring/search-email/#team-submissions) and [end users](/cloudflare-one/email-security/monitoring/search-email/#user-submissions) can submit a reclassification. +[Security teams](/cloudflare-one/email-security/reclassifications/team-submissions/) and [end users](/cloudflare-one/email-security/reclassifications/user-submissions/) can submit a reclassification. ### Why you should reclassify messages @@ -104,13 +104,13 @@ Reclassifications are critical because: - **They help improve model accuracy**: Every validated reclassification teaches Cloudflare's machine learning to recognise new lures, language, infrastructure, and benign patterns. - **They reduce alert fatigue**: Correcting Suspicious or Spam emails that users actually want tailors detections to your organization, cutting noise in the dashboard. - **They close the remediation loop**: When a disposition is upgraded to Malicious, Cloudflare auto-moves those emails out of every inbox (Graph API or Google Workspace API integrations). -- **They can help you log activity taken on any reclassification**: Each reclassification displays a submission ID, details about original, requested and final dispositions, and more. Refer to [Reclassify messages](/cloudflare-one/email-security/investigation/search-email/#reclassify-messages) to learn more about reclassifications. +- **They can help you log activity taken on any reclassification**: Each reclassification displays a submission ID, details about original, requested and final dispositions, and more. Refer to [Reclassify messages](/cloudflare-one/email-security/reclassifications/#reclassify-messages) to learn more about reclassifications. To make the most of reclassifications: 1. Review reclassifications on a weekly basis. 2. Ensure you have an integration associated with any MX/Inline deployment. When you associate an integration, you will not need to upload the EMLs every time; Cloudflare can use APIs to receive a copy of your email messages. -3. Investigate any increase in [user submissions](/cloudflare-one/email-security/monitoring/search-email/#user-submissions) (users may have found a phish that bypassed filters) and confirm that analyst-final dispositions align with your policies. +3. Investigate any increase in [user submissions](/cloudflare-one/email-security/investigation/search-email/#user-submissions) (users may have found a phish that bypassed filters) and confirm that analyst-final dispositions align with your policies. A correct use of reclassifications ensures that Email security delivers a stronger protection with less manual tuning. diff --git a/src/content/docs/email-security/migrate-to-email-security.mdx b/src/content/docs/email-security/migrate-to-email-security.mdx index 797e8cc0d80736b..1a91c83a473e56d 100644 --- a/src/content/docs/email-security/migrate-to-email-security.mdx +++ b/src/content/docs/email-security/migrate-to-email-security.mdx @@ -104,11 +104,11 @@ In Email security, you enable [Logpush](/cloudflare-one/insights/logs/enable-log In Area 1, you can perform two types of search: [Fielded Search](/email-security/reporting/search/#fielded-search) and [Freeform Search](/email-security/reporting/search/#freeform-search). -In Email security, the ability to search emails has been expanded. You can use three different [screen criteria](/cloudflare-one/email-security/monitoring/search-email/#screen-criteria) to search emails: +In Email security, the ability to search emails has been expanded. You can use three different [screen criteria](/cloudflare-one/email-security/investigation/search-email/#screen-criteria) to search emails: -- [Advanced screen](/cloudflare-one/email-security/monitoring/search-email/#advanced-screen) -- [Regular screen](/cloudflare-one/email-security/monitoring/search-email/#regular-screen) -- [Popular screen](/cloudflare-one/email-security/monitoring/search-email/#popular-screen) +- [Advanced screen](/cloudflare-one/email-security/investigation/search-email/#advanced-screen) +- [Regular screen](/cloudflare-one/email-security/investigation/search-email/#regular-screen) +- [Popular screen](/cloudflare-one/email-security/investigation/search-email/#popular-screen) ## Check metrics @@ -139,12 +139,12 @@ This table displays the difference in terminology used when creating policies: This table displays the difference in terminology used when finding emails whose disposition is incorrect: -| Area 1 | Email security | -| ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------------------------------------------------------------------------------------------- | -| Report [false negative](/email-security/email-configuration/phish-submissions/#false-negatives)/[false positive](/email-security/email-configuration/phish-submissions/#false-positives) | [ Reclassify messages ](/cloudflare-one/email-security/monitoring/search-email/#reclassify-messages) | -| N/A | Escalate user submissions | -| [Team submission](/email-security/email-configuration/phish-submissions/#how-to-submit-phish) | [Team submissions](/cloudflare-one/email-security/monitoring/search-email/#team-submissions) | -| [User submission](/email-security/email-configuration/phish-submissions/#how-to-submit-phish) | [User submissions](/cloudflare-one/email-security/monitoring/search-email/#user-submissions) | +| Area 1 | Email security | +| ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------------------------------------------------------------------------------------- | +| Report [false negative](/email-security/email-configuration/phish-submissions/#false-negatives)/[false positive](/email-security/email-configuration/phish-submissions/#false-positives) | [ Reclassify messages ](/cloudflare-one/email-security/reclassifications/#reclassify-messages) | +| N/A | Escalate user submissions | +| [Team submission](/email-security/email-configuration/phish-submissions/#how-to-submit-phish) | [Team submissions](/cloudflare-one/email-security/reclassifications/team-submissions/) | +| [User submission](/email-security/email-configuration/phish-submissions/#how-to-submit-phish) | [User submissions](/cloudflare-one/email-security/reclassifications/user-submissions/) | ## Business Email Compromise diff --git a/src/content/docs/learning-paths/secure-o365-email/monitor-your-inbox/monitor-detections.mdx b/src/content/docs/learning-paths/secure-o365-email/monitor-your-inbox/monitor-detections.mdx index 5a06c7e7c4d681e..3ba95a89619af2b 100644 --- a/src/content/docs/learning-paths/secure-o365-email/monitor-your-inbox/monitor-detections.mdx +++ b/src/content/docs/learning-paths/secure-o365-email/monitor-your-inbox/monitor-detections.mdx @@ -28,7 +28,7 @@ There are three ways for searching emails: - Regular screen: A regular screen allows you to investigate your inbox by inserting a term to screen across all criteria. - Advanced screen: The advanced screen criteria gives you the option to narrow message results based on specific criteria. The advanced screen has several options (such as keywords, subject keywords, sender domain, and more) to scan your inbox. -Additional information on search can be found on the [Screen criteria](/cloudflare-one/email-security/monitoring/search-email/#screen-criteria) documentation. +Additional information on search can be found on the [Screen criteria](/cloudflare-one/email-security/investigation/search-email/#screen-criteria) documentation. ### Export messages