diff --git a/CHANGELOG.next.md b/CHANGELOG.next.md
index 34020744c..612daaacb 100644
--- a/CHANGELOG.next.md
+++ b/CHANGELOG.next.md
@@ -22,6 +22,13 @@ Thanks, you're awesome :-) -->
 #### Added
 * Add `origin_referrer_url` and `origin_url` fields, which indicate the origin information to the file, process and dll schemas #2441
 
+* Added `volume.*` as beta field set. #2269
+* Advanced `process.env_vars` to GA. #2315
+* Advanced `process.io` and `process.tty` fields to GA. #2317
+* Added `threat.indicator.id`. #2324
+* Added `process.group` to generated schemas. #2335
+* Added `*.domain` fields to ECS `email`. #2392
+
 #### Improvements
 
 * Promote beta fields to GA. #2411
diff --git a/schemas/email.yml b/schemas/email.yml
index 5b6b010b0..14821ecea 100644
--- a/schemas/email.yml
+++ b/schemas/email.yml
@@ -81,6 +81,16 @@
         - array
       synthetic_source_keep: "none"
 
+    - name: bcc.domain
+      level: extended
+      type: keyword
+      short: Email domain of BCC recipients.
+      description: >
+        The domain of the BCC recipients.
+      example: "example.com"
+      normalize:
+        - array
+
     - name: cc.address
       level: extended
       type: keyword
@@ -92,6 +102,16 @@
         - array
       synthetic_source_keep: "none"
 
+    - name: cc.domain
+      level: extended
+      type: keyword
+      short: Email domain of CC recipients.
+      description: >
+        The domain of the CC recipients.
+      example: "example.com"
+      normalize:
+        - array
+
     - name: content_type
       level: extended
       type: keyword
@@ -129,6 +149,16 @@
         - array
       synthetic_source_keep: "none"
 
+    - name: from.domain
+      level: extended
+      type: keyword
+      short: The sender's email domain.
+      description: >
+        The domain of the email sender.
+      example: "example.com"
+      normalize:
+        - array
+
     - name: local_id
       level: extended
       type: keyword
@@ -168,6 +198,16 @@
         - array
       synthetic_source_keep: "none"
 
+    - name: reply_to.domain
+      level: extended
+      type: keyword
+      short: Email domain of Reply To address.
+      description: >
+        The domain of the Reply To address.
+      example: "example.com"
+      normalize:
+        - array
+
     - name: sender.address
       level: extended
       type: keyword
@@ -177,6 +217,16 @@
         the message.
       synthetic_source_keep: "none"
 
+    - name: sender.domain
+      level: extended
+      type: keyword
+      short: Email domain of sender address.
+      description: >
+        The domain of the sender address.
+      example: "example.com"
+      normalize:
+        - array
+
     - name: subject
       level: extended
       type: keyword
@@ -199,6 +249,16 @@
         - array
       synthetic_source_keep: "none"
 
+    - name: to.domain
+      level: extended
+      type: keyword
+      short: The recipient's email domain.
+      description: >
+        The domain of the email recipient.
+      example: "example.com"
+      normalize:
+        - array
+
     - name: x_mailer
       level: extended
       type: keyword