Skip to content

EmailSecurityImpersonationRegistryEntry

Source: src/Cloudflare/EmailSecurity/ImpersonationRegistryEntry.ts

A Cloudflare Email Security (Area 1) impersonation registry entry — maps a protected display name (e.g. a VIP) to their legitimate email address for BEC/impersonation detection.

All fields are mutable in place. Directory-synced fields (directory_id, directory_node_id, provenance) are managed by Office365/Google integrations and are not exposed as inputs. Requires the Email Security enterprise add-on; accounts without the entitlement receive the typed EmailSecurityNotEntitled error.

Registering Protected Identities

Section titled “Registering Protected Identities”

Protect an executive’s display name

yield* Cloudflare.EmailSecurityImpersonationRegistryEntry("Ceo", {
  name: "Jane Smith",
  email: "jane.smith@example.com",
  comments: "CEO — high-value BEC target",
});

Match several legitimate addresses with a regex

yield* Cloudflare.EmailSecurityImpersonationRegistryEntry("Finance", {
  name: "Accounts Payable",
  email: "^ap(-[a-z]+)?@example\\.com$",
  isEmailRegex: true,
});