diff --git a/src/assets/images/changelog/email-security/Attachment-RBI.png b/src/assets/images/changelog/email-security/Attachment-RBI.png
new file mode 100644
index 000000000000000..70857b843f54dc8
Binary files /dev/null and b/src/assets/images/changelog/email-security/Attachment-RBI.png differ
diff --git a/src/assets/images/changelog/email-security/CASB-EmailSecurity.png b/src/assets/images/changelog/email-security/CASB-EmailSecurity.png
new file mode 100644
index 000000000000000..b1ed653a99b2781
Binary files /dev/null and b/src/assets/images/changelog/email-security/CASB-EmailSecurity.png differ
diff --git a/src/assets/images/changelog/email-security/DLP-Alert.png b/src/assets/images/changelog/email-security/DLP-Alert.png
new file mode 100644
index 000000000000000..6e5338cd3829a36
Binary files /dev/null and b/src/assets/images/changelog/email-security/DLP-Alert.png differ
diff --git a/src/assets/images/changelog/email-security/DLP-Blocked.png b/src/assets/images/changelog/email-security/DLP-Blocked.png
new file mode 100644
index 000000000000000..93a1739c67b3709
Binary files /dev/null and b/src/assets/images/changelog/email-security/DLP-Blocked.png differ
diff --git a/src/assets/images/changelog/email-security/DLP-Pop-up.png b/src/assets/images/changelog/email-security/DLP-Pop-up.png
new file mode 100644
index 000000000000000..47a2c5e4abd6c31
Binary files /dev/null and b/src/assets/images/changelog/email-security/DLP-Pop-up.png differ
diff --git a/src/assets/images/changelog/email-security/Escalate.png b/src/assets/images/changelog/email-security/Escalate.png
new file mode 100644
index 000000000000000..38c0f81ee028985
Binary files /dev/null and b/src/assets/images/changelog/email-security/Escalate.png differ
diff --git a/src/assets/images/changelog/email-security/Logpush-Detections.png b/src/assets/images/changelog/email-security/Logpush-Detections.png
new file mode 100644
index 000000000000000..db8463484ad07ab
Binary files /dev/null and b/src/assets/images/changelog/email-security/Logpush-Detections.png differ
diff --git a/src/assets/images/changelog/email-security/Logpush-User-Actions.png b/src/assets/images/changelog/email-security/Logpush-User-Actions.png
new file mode 100644
index 000000000000000..182291937fa06d4
Binary files /dev/null and b/src/assets/images/changelog/email-security/Logpush-User-Actions.png differ
diff --git a/src/assets/images/changelog/email-security/Open-Links-Security-Center.png b/src/assets/images/changelog/email-security/Open-Links-Security-Center.png
new file mode 100644
index 000000000000000..ccbb40b5f854eba
Binary files /dev/null and b/src/assets/images/changelog/email-security/Open-Links-Security-Center.png differ
diff --git a/src/assets/images/changelog/email-security/Status-Page.png b/src/assets/images/changelog/email-security/Status-Page.png
new file mode 100644
index 000000000000000..abb8cc9b58f67f6
Binary files /dev/null and b/src/assets/images/changelog/email-security/Status-Page.png differ
diff --git a/src/assets/images/changelog/email-security/investigate-links.jpg b/src/assets/images/changelog/email-security/investigate-links.jpg
new file mode 100644
index 000000000000000..deb91a56f22d07b
Binary files /dev/null and b/src/assets/images/changelog/email-security/investigate-links.jpg differ
diff --git a/src/content/changelog/email-security-cf1/2024-11-07-logpush-user-actions.mdx b/src/content/changelog/email-security-cf1/2024-11-07-logpush-user-actions.mdx
new file mode 100644
index 000000000000000..9f19f19fdf1cab9
--- /dev/null
+++ b/src/content/changelog/email-security-cf1/2024-11-07-logpush-user-actions.mdx
@@ -0,0 +1,24 @@
+---
+title: Use Logpush for Email Security user actions
+description: Send user action logs for Email Security to an endpoint of your choice with Cloudflare Logpush.
+date: 2024-11-07T23:22:49Z
+---
+
+You can now send user action logs for Email Security to an endpoint of your choice with Cloudflare Logpush.
+
+Filter logs matching specific criteria you have set or select from multiple fields you want to send. For all users, we will log the date and time, user ID, IP address, details about the message they accessed, and what actions they took. 
+
+When creating a new Logpush job, remember to select **Audit logs** as the dataset and filter by: 
+
+- **Field**: `"ResourceType"`
+- **Operator**: `"starts with"`
+- **Value**: `"email_security"`. 
+
+![Logpush-user-actions](~/assets/images/changelog/email-security/Logpush-User-Actions.png)
+
+For more information, refer to [Enable user action logs](/cloudflare-one/insights/logs/enable-logs/#enable-user-action-logs). 
+
+This feature is available across all Email Security packages: 
+
+-  **Enterprise** 
+-  **Enterprise + PhishGuard** 
\ No newline at end of file
diff --git a/src/content/changelog/email-security-cf1/2024-12-19-escalate-user-submissions.mdx b/src/content/changelog/email-security-cf1/2024-12-19-escalate-user-submissions.mdx
new file mode 100644
index 000000000000000..4b24ee068df2390
--- /dev/null
+++ b/src/content/changelog/email-security-cf1/2024-12-19-escalate-user-submissions.mdx
@@ -0,0 +1,19 @@
+---
+title: Escalate user submissions
+description: Escalate user-submitted messages for reclassification by the Cloudflare team.
+date: 2024-12-19T23:22:49Z
+---
+
+After you triage your users' submissions (that are machine reviewed), you can now escalate them to our team for reclassification (which are instead human reviewed). User submissions from the submission alias, PhishNet, and our API can all be escalated. 
+
+![Escalate](~/assets/images/changelog/email-security/Escalate.png)
+
+From **Reclassifications**, go to **User submissions**. Select the three dots next to any of the user submissions, then select **Escalate** to create a team request for reclassification. The Cloudflare dashboard will then show you the submissions on the **Team Submissions** tab. 
+
+Learn more about this feature on our [docs](/cloudflare-one/email-security/email-monitoring/search-email/#user-submissions). 
+
+This feature is available across these Email Security packages: 
+
+-  **Advantage** 
+-  **Enterprise** 
+-  **Enterprise + PhishGuard**
\ No newline at end of file
diff --git a/src/content/changelog/email-security-cf1/2024-12-19-reclassification-tab.mdx b/src/content/changelog/email-security-cf1/2024-12-19-reclassification-tab.mdx
index 9a8a977617f440b..46bee5632949273 100644
--- a/src/content/changelog/email-security-cf1/2024-12-19-reclassification-tab.mdx
+++ b/src/content/changelog/email-security-cf1/2024-12-19-reclassification-tab.mdx
@@ -12,4 +12,4 @@ Reclassifications happen when users or admins [submit a phish](/cloudflare-one/e
 
 This new tab increases your visibility into this process, allowing you to view what submissions you have made and what the outcomes of those submissions are.
 
-![Use the Reclassification area to review submitted phishing emails](~/assets/images/changelog/email-security/reclassifications-tab.png)
+![Use the Reclassification area to review submitted phishing emails](~/assets/images/changelog/email-security/reclassifications-tab.png)
\ No newline at end of file
diff --git a/src/content/changelog/email-security-cf1/2025-02-07-check-status.mdx b/src/content/changelog/email-security-cf1/2025-02-07-check-status.mdx
new file mode 100644
index 000000000000000..6f40d936b8188ee
--- /dev/null
+++ b/src/content/changelog/email-security-cf1/2025-02-07-check-status.mdx
@@ -0,0 +1,27 @@
+---
+title: Check status of Email Security or Area 1
+description: Check the operational status of Email Security and Area 1 on the Cloudflare Status page.
+date: 2025-02-27T23:22:49Z
+---
+
+Concerns about performance for Email Security or Area 1? You can now check the operational status of both on the [Cloudflare Status page](https://www.cloudflarestatus.com/). 
+
+For Email Security, look under **Cloudflare Sites and Services**. 
+
+-   **Dashboard** is the dashboard for Cloudflare, including Email Security
+-   **Email Security (Zero Trust)** is the processing of email 
+-   **API** are the Cloudflare endpoints, including the ones for Email Security
+
+For Area 1, under **Cloudflare Sites and Services**:
+
+-    **Area 1 - Dash** is the dashboard for Cloudflare, including Email Security
+-   **Email Security (Area1)** is the processing of email 
+-   **Area 1 - API** are the Area 1 endpoints
+
+![Status-page](~/assets/images/changelog/email-security/Status-Page.png)
+
+This feature is available across these Email Security packages:
+
+-  **Advantage**
+-  **Enterprise** 
+-  **Enterprise + PhishGuard** 
\ No newline at end of file
diff --git a/src/content/changelog/email-security-cf1/2025-02-07-open-links-security-center.mdx b/src/content/changelog/email-security-cf1/2025-02-07-open-links-security-center.mdx
new file mode 100644
index 000000000000000..693f745a98bd27d
--- /dev/null
+++ b/src/content/changelog/email-security-cf1/2025-02-07-open-links-security-center.mdx
@@ -0,0 +1,19 @@
+---
+title: Open email links with Security Center
+description: You can now investigate links in emails with Cloudflare Security Center to generate a detailed security report.
+date: 2025-02-07T23:22:49Z
+---
+
+You can now investigate links in emails with Cloudflare Security Center to generate a report containing a myriad of technical details: a phishing scan, SSL certificate data, HTTP request and response data, page performance data, DNS records, what technologies and libraries the page uses, and more. 
+
+![Open links in Security Center](~/assets/images/changelog/email-security/Open-Links-Security-Center.png)
+
+From **Investigation**, go to **View details**, and look for the **Links identified** section. Select **Open in Security Center** next to each link. **Open in Security Center** allows your team to quickly generate a detailed report about the link with no risk to the analyst or your environment. 
+
+For more details, refer to our [documentation](/cloudflare-one/email-security/email-monitoring/search-email/#open-links).
+
+This feature is available across these Email Security packages: 
+
+-  **Advantage**
+-  **Enterprise** 
+-  **Enterprise + PhishGuard** 
\ No newline at end of file
diff --git a/src/content/changelog/email-security-cf1/2025-02-25-dlp-assist-for-m365.mdx b/src/content/changelog/email-security-cf1/2025-02-25-dlp-assist-for-m365.mdx
new file mode 100644
index 000000000000000..6345d5cf205b306
--- /dev/null
+++ b/src/content/changelog/email-security-cf1/2025-02-25-dlp-assist-for-m365.mdx
@@ -0,0 +1,28 @@
+---
+title: Use DLP Assist for M365
+description: Quickly deploy a free Email DLP solution for Microsoft 365 environments.
+date: 2025-02-25T23:22:49Z
+---
+
+Cloudflare Email Security customers who have Microsoft 365 environments can quickly deploy an Email DLP (Data Loss Prevention) solution for free. 
+
+Simply deploy our add-in, create a DLP policy in Cloudflare, and configure Outlook to trigger behaviors like displaying a banner, alerting end users before sending, or preventing delivery entirely. 
+
+Learn more about this feature from our [docs](/cloudflare-one/email-security/outbound-dlp/). 
+
+In GUI alert:
+
+![DLP-Alert](~/assets/images/changelog/email-security/DLP-Alert.png)
+
+Alert before sending:
+
+![DLP-Pop-up](~/assets/images/changelog/email-security/DLP-Pop-up.png)
+
+Prevent delivery:
+
+![DLP-Blocked](~/assets/images/changelog/email-security/DLP-Blocked.png)
+
+This feature is available across these Email Security packages:
+
+-  **Enterprise** 
+-  **Enterprise + PhishGuard** 
\ No newline at end of file
diff --git a/src/content/changelog/email-security-cf1/2025-03-01-logpush-detections.mdx b/src/content/changelog/email-security-cf1/2025-03-01-logpush-detections.mdx
new file mode 100644
index 000000000000000..449682bcdfaa522
--- /dev/null
+++ b/src/content/changelog/email-security-cf1/2025-03-01-logpush-detections.mdx
@@ -0,0 +1,18 @@
+---
+title: Use Logpush for Email Security detections
+description: Send detection logs to an endpoint of your choice with Cloudflare Logpush.
+date: 2025-03-01T23:22:49Z
+---
+
+You can now send detection logs to an endpoint of your choice with Cloudflare Logpush. 
+
+Filter logs matching specific criteria you have set and select from over 25 fields you want to send. When creating a new Logpush job, remember to select **Email security alerts** as the dataset. 
+
+![logpush-detections](~/assets/images/changelog/email-security/Logpush-Detections.png)
+
+For more information, refer to [Enable detection logs](/cloudflare-one/insights/logs/enable-logs/#enable-detection-logs). 
+
+This feature is available across these Email Security packages: 
+
+-  **Enterprise** 
+-  **Enterprise + PhishGuard** 
\ No newline at end of file
diff --git a/src/content/changelog/email-security-cf1/2025-04-01-casb-email-security.mdx b/src/content/changelog/email-security-cf1/2025-04-01-casb-email-security.mdx
new file mode 100644
index 000000000000000..47ff5933947db95
--- /dev/null
+++ b/src/content/changelog/email-security-cf1/2025-04-01-casb-email-security.mdx
@@ -0,0 +1,20 @@
+---
+title: CASB and Email Security
+description: Get two free CASB integrations with your Email Security subscription.
+date: 2025-04-01T23:22:49Z
+---
+
+With Email Security, you get two free CASB integrations. 
+
+Use one SaaS integration for Email Security to sync with your directory of users, take actions on delivered emails, automatically provide EMLs for reclassification requests for clean emails, discover CASB findings and more. 
+
+With the other integration, you can have a separate SaaS integration for CASB findings for another SaaS provider. 
+
+Learn more about this feature on our [docs](/cloudflare-one/applications/casb/#add-an-integration). 
+
+![CASB-EmailSecurity](~/assets/images/changelog/email-security/CASB-EmailSecurity.png)
+
+This feature is available across these Email Security packages: 
+
+-  **Enterprise** 
+-  **Enterprise + PhishGuard**
\ No newline at end of file
diff --git a/src/content/changelog/email-security-cf1/2025-05-08-open-attachments-with-browser-isolation.mdx b/src/content/changelog/email-security-cf1/2025-05-08-open-attachments-with-browser-isolation.mdx
index 22c24304681b046..a059916b09f5884 100644
--- a/src/content/changelog/email-security-cf1/2025-05-08-open-attachments-with-browser-isolation.mdx
+++ b/src/content/changelog/email-security-cf1/2025-05-08-open-attachments-with-browser-isolation.mdx
@@ -1,13 +1,15 @@
 ---
 title: Open email attachments with Browser Isolation
 description: A new attachment section in Email Security allows you to safely open attachments to view and investigate.
-date: 2025-05-08
+date: 2025-05-15T23:22:49Z
 ---
 
 You can now safely open email attachments to view and investigate them.
 
 What this means is that messages now have a **Attachments** section. Here, you can view processed attachments and their classifications (for example, _Malicious_, _Suspicious_, _Encrypted_). Next to each attachment, a **Browser Isolation** icon allows your team to safely open the file in a **clientless, isolated browser** with no risk to the analyst or your environment.
 
+![Attachment-RBI](~/assets/images/changelog/email-security/Attachment-RBI.png)
+
 To use this feature, you must:
 
 - Enable **Clientless Web Isolation** in your Zero Trust settings.
@@ -17,8 +19,8 @@ For more details, refer to our [setup guide](/cloudflare-one/policies/browser-is
 
 Some attachment types may not render in Browser Isolation. If there is a file type that you would like to be opened with Browser Isolation, reach out to your Cloudflare contact.
 
-This feature is available across all CES packages:
+This feature is available across these Email Security packages:
 
-- **CES_ADVANTAGE**
-- **CES_ENTERPRISE**
-- **CES_ENTERPRISE_PHISHGUARD**
+- **Advantage**
+- **Enterprise**
+- **Enterprise + PhishGuard**
\ No newline at end of file
diff --git a/src/content/changelog/email-security-cf1/2025-05-15-open-links-browser-isolation.mdx b/src/content/changelog/email-security-cf1/2025-05-15-open-links-browser-isolation.mdx
index d7267a1ebd3d89b..6f119837ed3dd6b 100644
--- a/src/content/changelog/email-security-cf1/2025-05-15-open-links-browser-isolation.mdx
+++ b/src/content/changelog/email-security-cf1/2025-05-15-open-links-browser-isolation.mdx
@@ -1,23 +1,24 @@
 ---
 title: Open email links with Browser Isolation
 description: New investigation feature for links
-date: 2025-05-15
+date: 2025-05-08T23:22:49Z
 ---
 
 You can now safely open links in emails to view and investigate them.
 
-![Open links with Browser Isolation](~/assets/images/changelog/email-security/browser-rendering-links.jpg)
+![Open links with Browser Isolation](~/assets/images/changelog/email-security/investigate-links.jpg)
 
-From **Investigation** → **View details**, look for the **Links identified** section. Next to each link, an **Open in Browser Isolation** icon allows your team to safely open the link in a clientless, isolated browser with no risk to the analyst or your environment. Learn more about this feature on our [docs](/cloudflare-one/email-security/email-monitoring/search-email/#open-links).
+From **Investigation**, go to **View details**, and look for the **Links identified** section. Next to each link, the Cloudflare dashboard will display an **Open in Browser Isolation** icon which allows your team to safely open the link in a clientless, isolated browser with no risk to the analyst or your environment. Learn more about this feature on our [docs](/cloudflare-one/email-security/email-monitoring/search-email/#open-links).
 
 To use this feature, you must:
 
 - Enable **Clientless Web Isolation** in your Zero Trust settings.
 - Have **Browser Isolation (BISO)** seats assigned.
-  For more details, refer to our [setup guide](/cloudflare-one/policies/browser-isolation/setup/clientless-browser-isolation/).
 
-This feature is available across all CES packages:
+For more details, refer to our [setup guide](/cloudflare-one/policies/browser-isolation/setup/clientless-browser-isolation/).
 
-- Advantage
-- Enterprise
-- Enterprise + PhishGuard
+This feature is available across these Email Security packages:
+
+- **Advantage**
+- **Enterprise**
+- **Enterprise + PhishGuard**
\ No newline at end of file