Cloudflare changelogs | Email security

Email security - Improved Accessibility and Search for Monitoring

Mon, 02 Feb 2026 11:05:33 GMT

We have updated the Monitoring page to provide a more streamlined and insightful experience for administrators, improving both data visualization and dashboard accessibility.

Enhanced Visual Layout: Optimized contrast and the introduction of stacked bar charts for clearer data visualization and trend analysis.
Improved Accessibility & Usability:
- Widget Search: Added search functionality to multiple widgets, including Policies, Submitters, and Impersonation.
- Actionable UI: All available actions are now accessible via dedicated buttons.
- State Indicators: Improved UI states to clearly communicate loading, empty datasets, and error conditions.
Granular Data Breakdowns: New views for dispositions by month, malicious email details, link actions, and impersonations.

This applies to all Email Security packages:

Advantage
Enterprise
Enterprise + PhishGuard

Email security - Enhanced visibility for post-delivery actions

Mon, 12 Jan 2026 11:15:33 GMT

The Action Log now provides enriched data for post-delivery actions to improve troubleshooting. In addition to success confirmations, failed actions now display the targeted Destination folder and a specific failure reason within the Activity field.

This update allows you to see the full lifecycle of a failed action. For instance, if an administrator tries to move an email that has already been deleted or moved manually, the log will now show the multiple retry attempts and the specific destination error.

This applies to all Email Security packages:

Enterprise
Enterprise + PhishGuard

Email security - Reclassifications to Submissions

Wed, 03 Dec 2025 21:11:33 GMT

We have updated the terminology “Reclassify” and “Reclassifications” to “Submit” and “Submissions” respectively. This update more accurately reflects the outcome of providing these items to Cloudflare.

Submissions are leveraged to tune future variants of campaigns. To respect data sanctity, providing a submission does not change the original disposition of the emails submitted.

This applies to all Email Security packages:

Advantage
Enterprise
Enterprise + PhishGuard

Email security - Adjustment to Final Disposition Column

Tue, 18 Nov 2025 00:00:00 GMT

Adjustment to Final Disposition column

The Final Disposition column in Submissions > Team Submissions tab is changing for non-Phishguard customers.

What's Changing

Column will be called Status instead of Final Disposition
Column status values will now be: Submitted, Accepted or Rejected.

Next Steps

We will listen carefully to your feedback and continue to find comprehensive ways to communicate updates on your submissions. Your submissions will continue to be addressed at an even greater rate than before, fuelling faster and more accurate email security improvement.

Email security - On-Demand Security Report

Fri, 17 Oct 2025 22:14:43 GMT

You can now generate on-demand security reports directly from the Cloudflare dashboard. This new feature provides a comprehensive overview of your email security posture, making it easier than ever to demonstrate the value of Cloudflare’s Email security to executives and other decision makers.

These reports offer several key benefits:

Executive Summary: Quickly view the performance of Email security with a high-level executive summary.
Actionable Insights: Dive deep into trend data, breakdowns of threat types, and analysis of top targets to identify and address vulnerabilities.
Configuration Transparency: Gain a clear view of your policy, submission, and domain configurations to ensure optimal setup.
Account Takeover Risks: Get a snapshot of your M365 risky users (requires a Microsoft Entra ID P2 license and M365 SaaS integration).

This feature is available across the following Email security packages:

Advantage
Enterprise
Enterprise + PhishGuard

Email security - Invalid Submissions Feedback

Tue, 23 Sep 2025 23:11:49 GMT

Email security relies on your submissions to continuously improve our detection models. However, we often receive submissions in formats that cannot be ingested, such as incomplete EMLs, screenshots, or text files.

To ensure all customer feedback is actionable, we have launched two new features to manage invalid submissions sent to our team and user submission aliases:

Email Notifications: We now automatically notify users by email when they provide an invalid submission, educating them on the correct format. To disable notifications, go to Settings > Invalid submission emails and turn the feature off.

Invalid Submission dashboard: You can quickly identify which users need education to provide valid submissions so Cloudflare can provide continuous protection.

Learn more about this feature on invalid submissions.

This feature is available across these Email security packages:

Advantage
Enterprise
Enterprise + PhishGuard

Email security - Regional Email Processing for Germany, India, or Australia

Thu, 11 Sep 2025 23:15:00 GMT

We’re excited to announce that Email security customers can now choose their preferred mail processing location directly from the UI when onboarding a domain. This feature is available for the following onboarding methods: MX, BCC, and Journaling.

What’s new

Customers can now select where their email is processed. The following regions are supported:

Germany
India
Australia

Global processing remains the default option, providing flexibility to meet both compliance requirements or operational preferences.

How to use it

When onboarding a domain with MX, BCC, or Journaling:

Select the desired processing location (Germany, India, or Australia).
The UI will display updated processing addresses specific to that region.
For MX onboarding, if your domain is managed by Cloudflare, you can automatically update MX records directly from the UI.

Availability

This feature is available across these Email security packages:

Advantage
Enterprise
Enterprise + PhishGuard

What’s next

We’re expanding the list of processing locations to match our Data Localization Suite (DLS) footprint, giving customers the broadest set of regional options in the market without the complexity of self-hosting.

Email security - Updated Email security roles

Mon, 01 Sep 2025 23:25:49 GMT

To provide more granular controls, we refined the existing roles for Email security and launched a new Email security role as well.

All Email security roles no longer have read or write access to any of the other Zero Trust products:

Email Configuration Admin
Email Integration Admin
Email security Read Only
Email security Analyst
Email security Policy Admin
Email security Reporting

To configure Data Loss Prevention (DLP) or Remote Browser Isolation (RBI), you now need to be an admin for the Zero Trust dashboard with the Cloudflare Zero Trust role.

Also through customer feedback, we have created a new additive role to allow Email security Analyst to create, edit, and delete Email security policies, without needing to provide access via the Email Configuration Admin role. This role is called Email security Policy Admin, which can read all settings, but has write access to allow policies, trusted domains, and blocked senders.

This feature is available across these Email security packages:

Advantage
Enterprise
Enterprise + PhishGuard

Email security - Expanded Email Link Isolation

Thu, 07 Aug 2025 23:22:49 GMT

When you deploy MX or Inline, not only can you apply email link isolation to suspicious links in all emails (including benign), you can now also apply email link isolation to all links of a specified disposition. This provides more flexibility in controlling user actions within emails.

For example, you may want to deliver suspicious messages but isolate the links found within them so that users who choose to interact with the links will not accidentally expose your organization to threats. This means your end users are more secure than ever before.

To isolate all links within a message based on the disposition, select Settings > Link Actions > View and select Configure. As with other other links you isolate, an interstitial will be provided to warn users that this site has been isolated and the link will be recrawled live to evaluate if there are any changes in our threat intel. Learn more about this feature on Configure link actions.

This feature is available across these Email security packages:

Enterprise
Enterprise + PhishGuard

Email security - Open email attachments with Browser Isolation

Thu, 15 May 2025 23:22:49 GMT

You can now safely open email attachments to view and investigate them.

What this means is that messages now have a Attachments section. Here, you can view processed attachments and their classifications (for example, Malicious, Suspicious, Encrypted). Next to each attachment, a Browser Isolation icon allows your team to safely open the file in a clientless, isolated browser with no risk to the analyst or your environment.

To use this feature, you must:

Enable Clientless Web Isolation in your Zero Trust settings.
Have Browser Isolation (BISO) seats assigned.

For more details, refer to our setup guide.

Some attachment types may not render in Browser Isolation. If there is a file type that you would like to be opened with Browser Isolation, reach out to your Cloudflare contact.

This feature is available across these Email security packages:

Advantage
Enterprise
Enterprise + PhishGuard

Email security - Open email links with Browser Isolation

Thu, 08 May 2025 23:22:49 GMT

You can now safely open links in emails to view and investigate them.

From Investigation, go to View details, and look for the Links identified section. Next to each link, the Cloudflare dashboard will display an Open in Browser Isolation icon which allows your team to safely open the link in a clientless, isolated browser with no risk to the analyst or your environment. Refer to Open links to learn more about this feature.

To use this feature, you must:

Enable Clientless Web Isolation in your Zero Trust settings.
Have Browser Isolation (RBI) seats assigned.

For more details, refer to our setup guide.

This feature is available across these Email security packages:

Advantage
Enterprise
Enterprise + PhishGuard

Email security - CASB and Email security

Tue, 01 Apr 2025 23:22:49 GMT

With Email security, you get two free CASB integrations.

Use one SaaS integration for Email security to sync with your directory of users, take actions on delivered emails, automatically provide EMLs for reclassification requests for clean emails, discover CASB findings and more.

With the other integration, you can have a separate SaaS integration for CASB findings for another SaaS provider.

Refer to Add an integration to learn more about this feature.

This feature is available across these Email security packages:

Enterprise
Enterprise + PhishGuard

Email security - Use Logpush for Email security detections

Sat, 01 Mar 2025 23:22:49 GMT

You can now send detection logs to an endpoint of your choice with Cloudflare Logpush.

Filter logs matching specific criteria you have set and select from over 25 fields you want to send. When creating a new Logpush job, remember to select Email security alerts as the dataset.

For more information, refer to Enable detection logs.

This feature is available across these Email security packages:

Enterprise
Enterprise + PhishGuard

Email security - Check status of Email security or Area 1

Thu, 27 Feb 2025 23:22:49 GMT

Concerns about performance for Email security or Area 1? You can now check the operational status of both on the Cloudflare Status page.

For Email security, look under Cloudflare Sites and Services.

Dashboard is the dashboard for Cloudflare, including Email security
Email security (Zero Trust) is the processing of email
API are the Cloudflare endpoints, including the ones for Email security

For Area 1, under Cloudflare Sites and Services:

Area 1 - Dash is the dashboard for Cloudflare, including Email security
Email security (Area1) is the processing of email
Area 1 - API are the Area 1 endpoints

This feature is available across these Email security packages:

Advantage
Enterprise
Enterprise + PhishGuard

Email security - Use DLP Assist for M365

Tue, 25 Feb 2025 23:22:49 GMT

Cloudflare Email security customers who have Microsoft 365 environments can quickly deploy an Email DLP (Data Loss Prevention) solution for free.

Simply deploy our add-in, create a DLP policy in Cloudflare, and configure Outlook to trigger behaviors like displaying a banner, alerting end users before sending, or preventing delivery entirely.

Refer to Outbound Data Loss Prevention to learn more about this feature.

In GUI alert:

Alert before sending:

Prevent delivery:

This feature is available across these Email security packages:

Enterprise
Enterprise + PhishGuard

Email security - Open email links with Security Center

Fri, 07 Feb 2025 23:22:49 GMT

You can now investigate links in emails with Cloudflare Security Center to generate a report containing a myriad of technical details: a phishing scan, SSL certificate data, HTTP request and response data, page performance data, DNS records, what technologies and libraries the page uses, and more.

From Investigation, go to View details, and look for the Links identified section. Select Open in Security Center next to each link. Open in Security Center allows your team to quickly generate a detailed report about the link with no risk to the analyst or your environment.

For more details, refer to Open links.

This feature is available across these Email security packages:

Advantage
Enterprise
Enterprise + PhishGuard

Email security - Escalate user submissions

Thu, 19 Dec 2024 23:22:49 GMT

After you triage your users' submissions (that are machine reviewed), you can now escalate them to our team for reclassification (which are instead human reviewed). User submissions from the submission alias, PhishNet, and our API can all be escalated.

From Reclassifications, go to User submissions. Select the three dots next to any of the user submissions, then select Escalate to create a team request for reclassification. The Cloudflare dashboard will then show you the submissions on the Team Submissions tab.

Refer to User submissions to learn more about this feature.

This feature is available across these Email security packages:

Advantage
Enterprise
Enterprise + PhishGuard

Email security - Increased transparency for phishing email submissions

Thu, 19 Dec 2024 00:00:00 GMT

You now have more transparency about team and user submissions for phishing emails through a Reclassification tab in the Zero Trust dashboard.

Reclassifications happen when users or admins submit a phish to Email security. Cloudflare reviews and - in some cases - reclassifies these emails based on improvements to our machine learning models.

This new tab increases your visibility into this process, allowing you to view what submissions you have made and what the outcomes of those submissions are.

Email security - Use Logpush for Email security user actions

Thu, 07 Nov 2024 23:22:49 GMT

You can now send user action logs for Email security to an endpoint of your choice with Cloudflare Logpush.

Filter logs matching specific criteria you have set or select from multiple fields you want to send. For all users, we will log the date and time, user ID, IP address, details about the message they accessed, and what actions they took.

When creating a new Logpush job, remember to select Audit logs as the dataset and filter by:

Field: "ResourceType"
Operator: "starts with"
Value: "email_security".

For more information, refer to Enable user action logs.

This feature is available across all Email security packages:

Enterprise
Enterprise + PhishGuard

Access, Browser Isolation, CASB, Cloudflare Tunnel for SASE, Digital Experience Monitoring, Data Loss Prevention, Email security, Gateway, Multi-Cloud Networking, Cloudflare Network Firewall, Network Flow, Magic Transit, Cloudflare WAN, Network Interconnect, Risk Score, Cloudflare One Client - Explore product updates for Cloudflare One

Sun, 16 Jun 2024 00:00:00 GMT

Welcome to your new home for product updates on Cloudflare One.

Our new changelog lets you read about changes in much more depth, offering in-depth examples, images, code samples, and even gifs.

If you are looking for older product updates, refer to the following locations.

Older product updates