docs: audit and improve email service docs for accuracy

- Merge reference/limits into platform/limits, add sending limits section
- Fix DNS records to match dashboard: sending records on cf-bounce subdomain,
  correct SPF (_spf.mx.cloudflare.net), correct DKIM selectors, add sending MX
- Update dashboard nav paths: Compute & AI -> Compute, add Email Sending/Routing
- Remove global suppression list concept, keep account suppression list only
- Remove inaccurate sections (custom sending domains, sender restrictions,
  multi-domain setup, domain health monitoring)
- Add remote bindings (recommended) to local dev sending docs
- Fix routing local dev: remove wrong Content-Type header, note Message-ID required
- Add rejected status for suppressed emails in logs
- Add separate domains best practice to deliverability page
- Add redirect for reference/limits -> platform/limits

Author: thomasgauvin

public/__redirects

@@ -3,6 +3,9 @@
 # STATIC REDIRECTS
 # ============================================================================
 
+# Email Service
+/email-service/reference/limits/ /email-service/platform/limits/ 301
+
 # homepage
 /docs/ /directory/ 301
 /support/ai/ / 301

src/content/docs/email-routing/email-workers/index.mdx

@@ -9,7 +9,7 @@ With Email Workers you can leverage the power of Cloudflare Workers to implement
 
 Creating your own rules with Email Workers is as easy or complex as you want. You can begin using one of the starter templates that are pre-populated with code for popular use-cases. These templates allow you to create a blocklist, allowlist, or send notifications to Slack.
 
-If you prefer, you can skip the templates and use custom code. You can, for example, create logic that only accepts messages from a specific address, and then forwards them to one or more of your verified email addresses, while also alerting you on Slack.
+If you prefer, you can skip the templates and use custom code. You can, for example, create logic that only accepts messages from a specific address, and then forwards them to one or more of your [verified email addresses](/email-service/configuration/email-routing-addresses/#destination-addresses), while also alerting you on Slack.
 
 The following is an example of an allowlist Email Worker:
 

src/content/docs/email-service/concepts/deliverability.mdx

@@ -6,9 +6,11 @@ sidebar:
   order: 3
 ---
 
-import {DashButton, Render} from "~/components";
+import { DashButton, Render } from "~/components";
 
-Email deliverability ensures your emails reach recipients' inboxes. Cloudflare Email Service handles bounces automatically and manages sender reputation to maximize delivery success.
+When you send an email, there is no guarantee it reaches the recipient's inbox. Inbox providers like Gmail, Yahoo, Outlook, and iCloud invest heavily in filtering out unwanted email. If you send poorly targeted emails, have high bounce rates, or trigger spam complaints, these providers may flag your domain as untrustworthy. Once that happens, even your legitimate emails can end up in spam or be blocked outright.
+
+This concept is referred to as email deliverability: maintaining a healthy sending reputation so that inbox providers trust your emails. Cloudflare Email Service helps with this by automatically handling bounces, managing suppression lists, and authenticating your emails through SPF, DKIM, and DMARC.
 
 ## Bounces
 
@@ -47,10 +49,10 @@ Cloudflare automatically manages:
 - **Domain authentication**: DKIM signing, SPF alignment, DMARC compliance
 - **Feedback processing**: ISP complaint handling and suppression list management
 
-Monitor your reputation and delivery metrics in the Cloudflare dashboard.
-
 ### Best practices
 
+#### Content and list hygiene
+
 Avoid content that can trigger spam-detection or can be perceived as unwanted content:
 
 - Avoid spam trigger words (FREE, URGENT, GUARANTEED)
@@ -63,8 +65,18 @@ Ensure that your email lists are clean and contain intended recipients:
 - Implement double opt-in for subscriptions
 - Remove hard bounced addresses immediately
 
-Ensure that you deliverability stays above key metrics to avoid affecting your email sending reputation:
+Ensure that your deliverability stays above key metrics to avoid affecting your email sending reputation:
 
 - Delivery rate >95%
 - Hard bounce rate < 2%
 - Complaint rate < 0.1%
+
+#### Use separate domains for separate purposes
+
+Each domain builds its own deliverability reputation with inbox providers. Use separate domains or subdomains for different types of email so that one category does not affect the reputation of another. For example:
+
+- `notifications.yourdomain.com` for transactional emails (order confirmations, password resets)
+- `marketing.yourdomain.com` for marketing and promotional emails
+- `yourdomain.com` for important account-related communications
+
+This way, if marketing emails generate higher complaint rates, your transactional email deliverability is not impacted. Each domain can be onboarded separately through [domain configuration](/email-service/configuration/domains/).

src/content/docs/email-service/concepts/email-authentication.mdx

@@ -12,11 +12,19 @@ Email authentication verifies sender identity and improves deliverability. **Clo
 
 SPF ensures that no one else can send emails with your domain by authorizing which mail servers are allowed to send on your behalf.
 
-**Required SPF record:**
+Email Service configures separate SPF records for sending and routing:
 
-```dns
-TXT yourdomain.com "v=spf1 include:_spf.email.cloudflare.net ~all"
-```
+- **Email Sending** SPF record on `cf-bounce.yourdomain.com`:
+
+  ```dns
+  TXT cf-bounce.yourdomain.com "v=spf1 include:_spf.mx.cloudflare.net ~all"
+  ```
+
+- **Email Routing** SPF record on the root domain:
+
+  ```dns
+  TXT yourdomain.com "v=spf1 include:_spf.mx.cloudflare.net ~all"
+  ```
 
 SPF works by:
 
@@ -36,11 +44,10 @@ DKIM ensures that emails have not been tampered during transit by cryptographica
 3. Public key is published in DNS
 4. Recipients use the public key to verify the signature
 
-**DNS record example:**
+Email Service uses separate DKIM selectors for sending and routing:
 
-```dns
-TXT selector1._domainkey.yourdomain.com "v=DKIM1; k=rsa; p=MIGfMA0..."
-```
+- **Email Sending**: `cf-bounce._domainkey.yourdomain.com`
+- **Email Routing**: `cf2024-1._domainkey.yourdomain.com`
 
 Cloudflare automatically generates and manages DKIM keys. You add the provided DNS records from the dashboard.
 
@@ -74,4 +81,4 @@ Email authentication provides:
 - **Security**: Protects your domain from spoofing
 - **Reputation**: Maintains good sender reputation with ISPs
 
-Cloudflare Email Service handles authentication automatically, but you need to configure the DNS records for SPF, DKIM, and DMARC as provided in your dashboard.
+Cloudflare Email Service handles authentication automatically, but you need to configure the DNS records for SPF, DKIM, and DMARC as provided in your dashboard. Email Sending and Email Routing use separate DNS records -- refer to [Domain configuration](/email-service/configuration/domains/) for the full details.

src/content/docs/email-service/concepts/email-lifecycle.mdx

@@ -17,9 +17,9 @@ Every email sent through Cloudflare Email Service follows this processing pipeli
 
 ```mermaid
 flowchart LR
-    A[Request Received] --> B[Rate Limit Check] --> C[Authentication & Reputation] --> D[Suppression Check] --> E[Delivery Attempt]
+    A[Request Received] --> B["Rate Limit, Authentication & Suppression Check"] --> E[Delivery Attempt]
     E --> G{Success?}
-    G -->|Yes| F[Final Status & Metrics]
+    G -->|Yes, successfully delivered| F[Final Status & Metrics]
     G -->|No - Soft Bounce| H[Retry with Exponential Backoff]
     G -->|No - Hard Bounce| F
     H --> E
@@ -39,7 +39,7 @@ flowchart LR
 
    These authentication mechanisms work together to establish sender legitimacy and protect against email fraud. Senders with low reputation scores may experience throttling or delayed processing.
 
-4. **Suppression list check:** The system checks the recipient against global suppression lists that include bounces, complaints, and unsubscribes. Recipients found on these lists are blocked from receiving the email.
+4. **Suppression list check:** The system checks the recipient against your account's suppression list, which includes bounces, complaints, and unsubscribes. Recipients found on this list are blocked from receiving the email.
 
 5. **Delivery attempt:** The system connects to the recipient's mail server and attempts message delivery via SMTP. When delivery fails, the system applies different retry logic based on the failure type:
    - **Soft bounces (4xx responses)**: The system retries delivery using exponential backoff timing

src/content/docs/email-service/concepts/suppressions.mdx

@@ -11,44 +11,18 @@ import { Tabs, TabItem } from "~/components";
 
 Suppression lists prevent emails from being sent to addresses that should not receive them, protecting your sender reputation and ensuring compliance with anti-spam regulations.
 
-## Suppression lists
+## Account suppression list
 
-There are 2 types of suppression lists that can prevent emails from being sent to an email address in order to ensure high deliverability:
+Cloudflare automatically manages suppressions for your account to preserve your reputation as an email sender.
 
-- Cloudflare's global suppression list (maintained by Cloudflare)
-- Your account's specific suppression list
-
-### Global suppression list
-
-The global suppression list is a list of emails
-that have been flagged as problematic. Cloudflare Email Service will not send emails to email
-addresses on this global suppression list to preserve the reputation of the shared IP pool used for sending emails.
-
-Here are the factors that Cloudflare Email Service uses to determine emails to add to the global suppression list:
-
-- **Hard bounces**: Permanently invalid addresses
-- **Repeated soft bounces**: Addresses that consistently fail delivery
-- **Manual additions**: Addresses Cloudflare specifically blocks
-- **Compliance blocks**: Legal or regulatory requirements
-
-### Account suppression list
-
-Cloudflare also automatically manages suppressions for your account to preserve your reputation as an email sender.
-
-Cloudflare will automatically add email addresses to your account suppression list for the following reason:
+Cloudflare will automatically add email addresses to your account suppression list for the following reasons:
 
+- **Hard bounces**: Invalid or non-existent email addresses are immediately suppressed.
+- **Repeated soft bounces**: Addresses that repeatedly fail delivery are temporarily or permanently suppressed based on the frequency and pattern of failures.
 - **Spam complaints**: Recipients who marked emails as spam. Cloudflare integrates with Postmasters to receive spam complaints and automatically updates your account suppression list to prevent you from sending emails to this email address and preserve your email sending reputation.
 
 You may also manually add or remove email addresses from your suppression list as needed. The removal of email addresses that have been automatically added to your suppression list as a result of a spam complaint is limited to avoid abuse.
 
-## Automatic suppression logic
-
-Cloudflare automatically suppresses addresses that:
-
-- **Hard bounce**: Invalid or non-existent email addresses are immediately added to the Cloudflare global suppression list.
-- **Repeated soft bounces**: Addresses that repeatedly fail delivery are temporarily or permanently suppressed based on the frequency and pattern of failures.
-- **Spam complaints**: Recipients who mark emails as spam are added to your account suppression list.
-
 ## Best practices
 
 ### List hygiene