Trusted domains
Email Security allows you to exempt known partner and internal domains from typical detection scanning. Adding trusted domains helps to reduce false positives on malicious, suspicious, and spoof dispositions. Email Security only checks the date when the domain is created.
Trusted domains are not for the email message itself, but for entire domains.
By default, Email Security automatically detects lookalike domains. Lookalike domains can be something like this: thisisdomain.com and thisisadomain.com. Both domains almost look identical.
If an email is received from a domain that looks like a configured domain, this will trigger a detection. Trusted domain is configured to ignore this detection.
In Additional detections, you can configure malicious domain and suspicious domain age.
Malicious domain age means that someone may create a domain today, similar to a target, and start sending emails with that domain. This is usually how many phish campaigns start. In this case, the domain is usually marked as Malicious. Malicious domain age is usually set to 7 days.
Suspicious domain age means that after 7 days (this number corresponds to the Malicious domain age), a domain may not be malicious, but it can still be suspicious. Email Security will mark these domains as Suspicious. It is recommended to configure the Suspicious domain age between 30 and 45 days.
To view whether a domain is malicious or suspicious:
- In Zero Trust ↗, go to Investigation.
- Run a screen. For example, select Run screen for Malicious emails, then select Run screen.
- Under Your matching messages, if any message displays Domain Age under Threat types, that means that the domain age is too low, and therefore the disposition assigned is Malicious. If the domain is legitimate, you can add it as a trusted domain:
- Go to Settings > Trusted Domains.
- Under Domain Info, add the domain, and select New Domain. This will mark the domain whose age is low as a trusted domain.
To configure a trusted domain:
- Log in to Zero Trust ↗.
- Select Email Security.
- Select Settings, go to Detection settings > Trusted domains.
- On the Detection settings page, select Add a domain.
- Select the Input method: Choose between Manual input, and Upload trusted domain list:
- Manual input:
- Domain info: Enter a valid domain name.
- Domain type: Select one or both options:
- Proximity domain: Domains with similar spelling to your existing domain.
- Recent domain: Domains created recently.
- Notes: Provide additional information about the trusted domain list.
- Upload trusted domain list: You can upload a file no larger than 150 KB of multiple trusted domains. The file can only contain
Domain,Proximity,NewandNotesfields. The first row must be a header row. Refer to CSV uploads for an example file.
- Manual input:
- Select Save.
You can upload a file no larger than 150 KB of multiple trusted domains. The file can only contain Domain, Proximity, New and Notes fields. The first row must be a header row.
An example file would look like this:
Domain, Proximity, New, Notesmydomain.com, true, true, First Persontestdomain.com, false, true, New HireTo export all trusted domains:
- On the Detection settings page, select Domain. Selecting Domain will select all trusted domains.
- Select Export to CSV.
To export specific trusted domains:
- On the Detection settings page, select the trusted domains you want to export.
- Select Export to CSV.
To edit a trusted domain:
- On the Detection settings page, select the trusted domains you want to edit.
- Select the three dots > Edit.
- Edit the trusted domain.
- Select Save.
To delete trusted domains:
- On the Detection settings page, select the trusted domain you want to delete.
- Select the three dots > Delete.
- On the pop up message, select Delete.
To delete multiple trusted domains at once:
- On the Detection settings page, select the trusted domains you want to delete.
- Select Action.
- Select Delete.
Was this helpful?
- Resources
- API
- New to Cloudflare?
- Products
- Sponsorships
- Open Source
- Support
- Help Center
- System Status
- Compliance
- GDPR
- Company
- cloudflare.com
- Our team
- Careers
- © 2025 Cloudflare, Inc.
- Privacy Policy
- Terms of Use
- Report Security Issues
- Trademark