Email Security
Open email links with Browser Isolation
You can now safely open links in emails to view and investigate them.
From Investigation, go to View details, and look for the Links identified section. Next to each link, the Cloudflare dashboard will display an Open in Browser Isolation icon which allows your team to safely open the link in a clientless, isolated browser with no risk to the analyst or your environment. Learn more about this feature on our docs.
To use this feature, you must:
- Enable Clientless Web Isolation in your Zero Trust settings.
- Have Browser Isolation (BISO) seats assigned.
For more details, refer to our setup guide.
This feature is available across all CES packages:
- Advantage
- Enterprise
- Enterprise + PhishGuard
Open email attachments with Browser Isolation
You can now safely open email attachments to view and investigate them.
What this means is that messages now have a Attachments section. Here, you can view processed attachments and their classifications (for example, Malicious, Suspicious, Encrypted). Next to each attachment, a Browser Isolation icon allows your team to safely open the file in a clientless, isolated browser with no risk to the analyst or your environment.
To use this feature, you must:
- Enable Clientless Web Isolation in your Zero Trust settings.
- Have Browser Isolation (BISO) seats assigned.
For more details, refer to our setup guide.
Some attachment types may not render in Browser Isolation. If there is a file type that you would like to be opened with Browser Isolation, reach out to your Cloudflare contact.
This feature is available across all CES packages:
- CES_ADVANTAGE
- CES_ENTERPRISE
- CES_ENTERPRISE_PHISHGUARD
CASB and Email Security
With Email Security, you get two free CASB integrations.
Use one SaaS integration for Email Security to sync with your directory of users, take actions on delivered emails, automatically provide EMLs for reclassification requests for clean emails, discover CASB findings and more.
With the other integration, you can have a separate SaaS integration for CASB findings for another SaaS provider.
Learn more about this feature on our docs.
This feature is available across these Email Security packages:
- Enterprise
- Enterprise + PhishGuard
Use Logpush for Email Security detections
You can now send detection logs to an endpoint of your choice with Cloudflare Logpush.
Filter logs matching specific criteria you have set and select from over 25 fields you want to send. When creating a new Logpush, remember to select Email security alerts as the dataset.
Learn more here on how to set this up on our docs.
This feature is available across these Email Security packages:
- Enterprise
- Enterprise + PhishGuard
Check Status of Email Security or Area 1
Concerns about performance for Email Security or Area 1? You can now check the operational status of both on the Cloudflare Status page ↗.
For Email Security, look under Cloudflare Sites and Services.
- Dashboard is the dashboard for Cloudflare, including Email Security
- Email Security (Zero Trust) is the processing of email
- API are the Cloudflare endpoints, including the ones for Email Security
For Area 1, under Cloudflare Sites and Services:
- Area 1 - Dash is the dashboard for Cloudflare, including Email Security
- Email Security (Area1) is the processing of email
- Area 1 - API are the Area 1 endpoints
This feature is available across these Email Security packages:
- Advantage
- Enterprise
- Enterprise + PhishGuard
Use DLP Assist for M365
Cloudflare Email Security customers who have Microsoft 365 environments can quickly deploy an Email DLP (Data Loss Prevention) solution for free.
Simply deploy our add-in, create a DLP policy in Cloudflare, and configure Outlook to trigger behaviors like displaying a banner, alerting end users before sending, or preventing delivery entirely.
Learn more about this feature from our docs.
In GUI alert
Alert before sending
Prevent delivery
This feature is available across these Email Security packages:
- Enterprise
- Enterprise + PhishGuard
Open email links with Security Center
You can now investigate links in emails with Cloudflare Security Center to generate a report containing a myriad of technical details: a phishing scan, SSL certificate data, HTTP request and response data, page performance data, DNS records, what technologies and libraries the page uses, and more.
From Investigation, go to View details, and look for the Links identified section. Select Open in Security Center next to each link. Open in Security Center allows your team to quickly generate a detailed report about the link with no risk to the analyst or your environment.
For more details, refer to our documentation.
This feature is available across these Email Security packages:
- Advantage
- Enterprise
- Enterprise + PhishGuard
Escalate user submissions
After triaging your users' submissions, you can now escalate them to our team for reclassification (which are human reviewed). User submissions from the submission alias, PhishNet, and our API can all be escalated.
From Reclassifications, go to User submissions. Select the three dots next to any of the user submissions, then select Escalate to create a team request for reclassification. The dashboard will then show you the submission on the Team Submissions tab.
Learn more about this feature on our docs.
This feature is available across these Email Security packages:
- Advantage
- Enterprise
- Enterprise + PhishGuard
Increased transparency for phishing email submissions
You now have more transparency about team and user submissions for phishing emails through a Reclassification tab in the Zero Trust dashboard.
Reclassifications happen when users or admins submit a phish to Email Security. Cloudflare reviews and - in some cases - reclassifies these emails based on improvements to our machine learning models.
This new tab increases your visibility into this process, allowing you to view what submissions you have made and what the outcomes of those submissions are.
Use Logpush for Email Security user actions
You can now send user action logs for Email Security to an endpoint of your choice with Cloudflare Logpush.
Filter logs matching specific criteria you have set or select from multiple fields you want to send. For all users, we will log the date and time, user ID, IP address, details about the message they accessed, and what actions they took.
When creating a new Logpush, remember to select Audit logs as the dataset and filter by Field: “ResourceType”, Operator: “starts with”, and Value: “email_security”.
Learn more here on how to set this up on our docs.
This feature is available across all Email Security packages:
- Enterprise
- Enterprise + PhishGuard
Email Security expanded folder scanning
Microsoft 365 customers can now choose to scan all folders or just the inbox when deploying via the Graph API.
Email Security is live
Email Security is now live under Zero Trust.
Microsoft Graph API deployment.
Customers using Microsoft Office 365 can set up Email Security via Microsoft Graph API.
Was this helpful?
- Resources
- API
- New to Cloudflare?
- Products
- Sponsorships
- Open Source
- Support
- Help Center
- System Status
- Compliance
- GDPR
- Company
- cloudflare.com
- Our team
- Careers
- 2025 Cloudflare, Inc.
- Privacy Policy
- Terms of Use
- Report Security Issues
- Trademark