Cloudflare Docs
Cloud Email Security (formerly Area 1)
Edit this page
Report an issue with this page
Log into the Cloudflare dashboard
Set theme to dark (⇧+D)

Gmail BCC setup with Cloud Email Security (formerly Area 1)

For customers using Gmail, setting up Cloud Email Security via BCC is quick and easy. All you need to do is create a content compliance filter to send emails to Cloud Email Security through BCC. The following email flow shows how this works:

Email flow when setting up a phishing assessment risk for Gmail with Cloud Email Security.

To setup Cloud Email Security phishing risk assessment for Gmail:

  1. In the Admin console, go to Menu > Apps > Google Workspace > Gmail > Compliance.

    Select the compliance option
  2. Scroll to Content Compliance and select CONFIGURE.

    Select the configure option
  3. Add a Content Compliance filter and name it Area 1 - BCC.

  4. In Email messages to affect, select Inbound.

    Choose inbound as the messages to affect
  5. Select the recipients that you want to send emails to Area 1 via BCC:

    1. Select Add to configure the expression.
    2. Select Advanced content match.
      1. In Location, select Headers + Body from the dropdown.
      2. In Match type select Matches regex.
      3. In Regexp input .*. You can customize the regex as needed and test within the admin page or on sites like https://regexr.com/.
      4. Select SAVE.

    Configure expressions
  6. In If the above expressions match, do the following, make the following changes:

    1. In Also deliver to select Add more recipients.

      1. Under Recipients select Add.
      2. Change the setting to Advanced.
      3. In Envelope recipient select Change envelope recipient.
      4. In Replace recipient add the recipient BCC address. For example, <customer_name>@journaling.mxrecord.io. This address is specific to each customer tenant and can be found in your Portal.
      1. Make sure that in Spam and delivery options > Do not deliver spam to this recipient is not checked.
      2. Under Headers select Add X-Gm-Spam and X-Gm-Phishy headers.
      3. Select SAVE.

    Configure recipients

    Configure headers
  7. Scroll down and select Show options.

    1. Under Account types to affect select Groups.
    2. Select SAVE.

    Configure groups

​​ Geographic locations

Select from the following BCC addresses to process email in the correct geographic location.

Host
LocationNote
<customer_name>@journaling.mxrecord.ioUSBest option to ensure all email traffic processing happens US data centers.
<customer_name>@journaling.mailstream-eu-primary.mxrecord.ioEUBest option to ensure all email traffic processing happens in Germany, with fallback to US data centers.
<customer_name>@journaling.mailstream-eu1.mxrecord.ioEUBest option to ensure all email traffic processing happens within the EU without fallback to US data centers.
<customer_name>@journaling.mailstream-bom.mxrecord.mxIndiaBest option to ensure all email traffic processing happens within India.
<customer_name>@journaling.mailstream-india-primary.mxrecord.mxIndiaSame as mailstream-bom.mxrecord.mx, with fallback to US data centers.
<customer_name>@journaling.mailstream-asia.mxrecord.mxIndiaBest option for companies with a broader Asia presence.
<customer_name>@journaling.mailstream-syd.area1.cloudflare.netAustralia / New ZealandBest option to ensure all email traffic processing happens within Australia.
<customer_name>@journaling.mailstream-australia.area1.cloudflare.netAustralia / New ZealandBest option to ensure all email traffic processing happens in Australia, with India and US data centers as backup.