What is Area 1 email security?

Phishing is the root cause of upwards of 90% of breaches that lead to financial loss and brand damage. Cloudflare Area 1 email security is a cloud-native service that stops phishing attacks across all threat vectors either at the edge External link icon Open external link or in the cloud.

With globally distributed sensors and comprehensive attack analytics, Area 1 proactively identifies phishing campaigns, attacker infrastructure, and attack delivery mechanisms during the earliest stages of a phishing attack cycle. Using flexible enforcement platforms, the Area 1 solution allows customers to take preemptive action against targeted phishing, including malware, spoofing attacks, payload-less Business Email Compromise attacks, supply chain phishing, and other advanced threats.

​​ How Area 1 detects phishing attacks

Area 1 uses a variety of factors to determine whether a given email message, a web domain or URL, or specific network traffic is part of a phishing campaign (marked with a Malicious disposition) or other common campaigns (for example, Spam ).

These small pattern assessments are dynamic in nature and — in many cases — no single one in and of itself will determine the final verdict. Instead, our automated systems use a combination of factors and non-factors to clearly distinguish between a valid phishing campaign and benign traffic.

​​ IP reputation

IP reputation is just one of many factors to consider but is not consistently accurate due to the dynamic nature of phishing campaigns.

For example, a particular sender IP in a Comcast range might have a mix of good and bad reputation. Flagging it purely on IP would subject a larger chunk of Comcast’s IP address range to detections which could lead to false positives.

​​ Sample attack types and detections