Cloudflare’s default configuration only allows proxying of HTTP traffic and will break mail traffic.
If you are following the best practices for MX records on Cloudflare mentioned below and still have issues sending or receiving mail, follow these troubleshooting steps:
Are DNS records missing?
Contact your mail administrator to confirm the DNS records for your domain are correct. Refer to our guide on managing DNS records in Cloudflare if you need assistance to add or edit DNS records.
Do you have CNAME Flattening enabled?
When set to Flatten all CNAMEs in your Cloudflare DNS settings, queries to all CNAME records will flatten to an A record; no CNAME records will be returned.
Also, if CNAME records are not returned by the queried nameserver (sometimes nameservers will return TXT records), this may result in nothing being returned when Flatten all CNAMEs is enabled.
Is Cloudflare Spectrum enabled on your account?
Cloudflare does not proxy traffic on port 25 (SMTP) unless Cloudflare Spectrum is enabled and configured to proxy email traffic across Cloudflare. If you do not have Spectrum enabled, then no email traffic (SMTP) will actually pass through Cloudflare, and we will simply resolve the DNS. This also means that any DNS record used to send email traffic must be grey-clouded to bypass the Cloudflare network. Check Identifying subdomains compatible with Cloudflare's proxy for more details.
Contact your mail provider for assistance.
If your email does not work shortly after editing DNS records, contact your mail administrator or mail provider for further assistance in troubleshooting so that data about the issue can be provided to Cloudflare support.
Best practices for MX records on Cloudflare
Follow these guidelines to ensure successful delivery of your mail traffic:
- Use separate IP addresses for mail traffic and HTTP/HTTPS traffic. Cloudflare recommends using non-contiguous IPs from different IP ranges.
- Since mail traffic cannot be proxied through Cloudflare by default, you will expose your origin web server’s IP address. Information on your origin IP address would allow attackers to bypass Cloudflare security features and attack your web server directly.