Skip to content
Cloudflare Docs

Phish submissions

As part of your continuous email security posture, administrators and security analysts need to submit missed phishing samples to Email Security, so Cloudflare can process them and take necessary action.

Submitting missed phish samples to Cloudflare is of paramount importance and necessary for continuous protection. Submitting missed phish samples helps Cloudflare improve our machine learning (ML) models, and alerts us of new attack vectors before they become prevalent.

How to submit phish

To submit a phish:

  1. Log in to Zero Trust.
  2. Select Email Security.
  3. Select Settings.
  4. Under Phish submission, select View.

PhishNet O365

PhishNet is an add-in button that helps users to submit directly to Email Security phish samples missed by Email Security's detection.

To set up PhishNet O365:

  1. Log in to the Microsoft admin panel. Go to Microsoft 365 admin center > Settings > Integrated Apps.
  2. Select Upload custom apps.
  3. Choose Provide link to manifest file and paste the the following URL: 
    https://phishnet-o365.area1cloudflare-webapps.workers.dev?clientId=ODcxNDA0MjMyNDM3NTA4NjQwNDk1Mzc3MDIxNzE0OTcxNTg0Njk5NDEyOTE2NDU5ODQyNjU5NzYzNjYyNDQ3NjEwMzIxODEyMDk1NQ
  4. Verify and complete the wizard.

PhishNet for Google Workspace

To set up PhishNet with Google Workspace you need admin access to your Google Workspace account.

Set up PhishNet for Google Workspace

  1. Log in to Google Workspace Marketplace apps using this direct link and an administrator account.
  2. Select Admin install to install Cloudflare PhishNet. Read the warning, and select Continue.
  3. You will be redirected to the Allow data access page, where you can choose to install Cloudflare PhishNet for Everyone at your organization, or Certain groups or organizational units. If you choose the latter option, you will have to select the users in the next step.
  4. After choosing the groups you want to install PhishNet for, agree with Google's terms of service, and select Finish.
  5. Cloudflare PhishNet has been installed. Select DONE.

You have now successfully installed Cloudflare PhishNet.

Submit phish with PhishNet

  1. In your Gmail web client, open the message you would like to flag as either spam or phish.
  2. Select the PhishNet logo on the side panel.
  3. Under Select Submission Type, select Spam or Phish.
  4. Select Submit Report.