diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
index d07de552..fab63981 100644
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@@ -118,7 +118,7 @@ jobs:
             echo "## 🔒 CodeQL Security Analysis Results"
             echo ""
             echo "**Language:** ${{ matrix.language }}"
-            echo "**Query Suite:** security-and-quality + security-experimental"
+            echo "**Query Suite:** security-and-quality"
             echo ""
           } >> "$GITHUB_STEP_SUMMARY"
 
diff --git a/backend/internal/api/handlers/certificate_handler.go b/backend/internal/api/handlers/certificate_handler.go
index 5494606b..658bd6a9 100644
--- a/backend/internal/api/handlers/certificate_handler.go
+++ b/backend/internal/api/handlers/certificate_handler.go
@@ -125,7 +125,7 @@ func (h *CertificateHandler) Upload(c *gin.Context) {
 		h.notificationService.SendExternal(c.Request.Context(),
 			"cert",
 			"Certificate Uploaded",
-			fmt.Sprintf("Certificate %s uploaded", util.SanitizeForLog(cert.Name)),
+			"A new custom certificate was successfully uploaded.",
 			map[string]any{
 				"Name":    util.SanitizeForLog(cert.Name),
 				"Domains": util.SanitizeForLog(cert.Domains),
diff --git a/backend/internal/api/handlers/domain_handler.go b/backend/internal/api/handlers/domain_handler.go
index 93cd4508..5c657623 100644
--- a/backend/internal/api/handlers/domain_handler.go
+++ b/backend/internal/api/handlers/domain_handler.go
@@ -1,7 +1,6 @@
 package handlers
 
 import (
-	"fmt"
 	"net/http"
 
 	"github.com/Wikid82/charon/backend/internal/models"
@@ -56,7 +55,7 @@ func (h *DomainHandler) Create(c *gin.Context) {
 		h.notificationService.SendExternal(c.Request.Context(),
 			"domain",
 			"Domain Added",
-			fmt.Sprintf("Domain %s added", util.SanitizeForLog(domain.Name)),
+			"A new domain was successfully added.",
 			map[string]any{
 				"Name":   util.SanitizeForLog(domain.Name),
 				"Action": "created",
@@ -76,7 +75,7 @@ func (h *DomainHandler) Delete(c *gin.Context) {
 			h.notificationService.SendExternal(c.Request.Context(),
 				"domain",
 				"Domain Deleted",
-				fmt.Sprintf("Domain %s deleted", util.SanitizeForLog(domain.Name)),
+				"A domain was successfully deleted.",
 				map[string]any{
 					"Name":   util.SanitizeForLog(domain.Name),
 					"Action": "deleted",
diff --git a/backend/internal/api/handlers/proxy_host_handler.go b/backend/internal/api/handlers/proxy_host_handler.go
index 5ab90db2..705f7a07 100644
--- a/backend/internal/api/handlers/proxy_host_handler.go
+++ b/backend/internal/api/handlers/proxy_host_handler.go
@@ -404,7 +404,7 @@ func (h *ProxyHostHandler) Create(c *gin.Context) {
 		h.notificationService.SendExternal(c.Request.Context(),
 			"proxy_host",
 			"Proxy Host Created",
-			fmt.Sprintf("Proxy Host %s (%s) created", util.SanitizeForLog(host.Name), util.SanitizeForLog(host.DomainNames)),
+			"A new proxy host was successfully created.",
 			map[string]any{
 				"Name":    util.SanitizeForLog(host.Name),
 				"Domains": util.SanitizeForLog(host.DomainNames),
@@ -679,7 +679,7 @@ func (h *ProxyHostHandler) Delete(c *gin.Context) {
 		h.notificationService.SendExternal(c.Request.Context(),
 			"proxy_host",
 			"Proxy Host Deleted",
-			fmt.Sprintf("Proxy Host %s deleted", host.Name),
+			"A proxy host was successfully deleted.",
 			map[string]any{
 				"Name":   host.Name,
 				"Action": "deleted",
diff --git a/backend/internal/api/handlers/remote_server_handler.go b/backend/internal/api/handlers/remote_server_handler.go
index d5b949b1..f08e0ee1 100644
--- a/backend/internal/api/handlers/remote_server_handler.go
+++ b/backend/internal/api/handlers/remote_server_handler.go
@@ -73,7 +73,7 @@ func (h *RemoteServerHandler) Create(c *gin.Context) {
 		h.notificationService.SendExternal(c.Request.Context(),
 			"remote_server",
 			"Remote Server Added",
-			fmt.Sprintf("Remote Server %s (%s:%d) added", util.SanitizeForLog(server.Name), util.SanitizeForLog(server.Host), server.Port),
+			"A new remote server was successfully added.",
 			map[string]any{
 				"Name":   util.SanitizeForLog(server.Name),
 				"Host":   util.SanitizeForLog(server.Host),
@@ -142,7 +142,7 @@ func (h *RemoteServerHandler) Delete(c *gin.Context) {
 		h.notificationService.SendExternal(c.Request.Context(),
 			"remote_server",
 			"Remote Server Deleted",
-			fmt.Sprintf("Remote Server %s deleted", util.SanitizeForLog(server.Name)),
+			"A remote server was successfully deleted.",
 			map[string]any{
 				"Name":   util.SanitizeForLog(server.Name),
 				"Action": "deleted",
diff --git a/backend/internal/services/mail_service.go b/backend/internal/services/mail_service.go
index 35999671..e0897a8a 100644
--- a/backend/internal/services/mail_service.go
+++ b/backend/internal/services/mail_service.go
@@ -337,8 +337,6 @@ func (s *MailService) SendEmail(ctx context.Context, to []string, subject, htmlB
 		auth = smtp.PlainAuth("", config.Username, config.Password, config.Host)
 	}
 
-	// Normalize and sanitize the email body so that any untrusted input is
-	// treated as plain text and cannot break out of the HTML context.
 	htmlBody = sanitizeAndNormalizeHTMLBody(htmlBody)
 	htmlBody = sanitizeEmailContent(htmlBody)