Cloudflare’s default configuration only allows proxying of HTTP traffic and will break mail traffic.
If you are following the best practices for MX records on Cloudflare mentioned below and still have issues sending or receiving mail, follow these troubleshooting steps:
Are DNS records missing?
Contact your mail administrator to confirm the DNS records for your domain are correct. Refer to our guide on managing DNS records in Cloudflare if you need assistance to add or edit DNS records.
Do you have CNAME Flattening enabled?
When set to Flatten all CNAMEs in your Cloudflare DNS settings, queries to all CNAME records will flatten to an A record; no CNAME records will be returned.
Also, if CNAME records are not returned by the queried nameserver (sometimes nameservers will return TXT records), this may result in nothing being returned when Flatten all CNAMEs is enabled.
Do not proxy mail-related DNS records to Cloudflare.
If you have an MX record of “mail.domain.com”, then the A record for “mail.domain.com” must have a “grey-cloud” icon next to the DNS A record as demonstrated in our support guide for managing DNS records in Cloudflare.
Is Cloudflare Spectrum enabled on your account?
Cloudflare does not proxy traffic on port 25 (SMTP) unless Cloudflare Spectrum is enabled and configured to proxy email traffic across Cloudflare. If you do not have Spectrum enabled, then no email traffic (SMTP) will actually pass through Cloudflare, and we will simply resolve the DNS. This also means that any DNS record used to send email traffic must be grey-clouded to bypass the Cloudflare network. Check Identifying subdomains compatible with Cloudflare's proxy for more details.
Contact your mail provider for assistance.
If your email does not work shortly after editing DNS records, contact your mail administrator or mail provider for further assistance in troubleshooting so that data about the issue can be provided to Cloudflare support.
Best practices for MX records on Cloudflare
Follow these guidelines to ensure successful delivery of your mail traffic:
- “Grey-cloud” your mail-related DNS records so mail traffic isn’t proxied through Cloudflare.
- Use separate IP addresses for mail traffic and HTTP/HTTPS traffic. Cloudflare recommends using non-contiguous IPs from different IP ranges.
- Since mail traffic cannot be proxied through Cloudflare by default, you will expose your origin web server’s IP address. Information on your origin IP address would allow attackers to bypass Cloudflare security features and attack your web server directly.
- Don’t configure MX records for a root domain that is proxied through Cloudflare.
- Many hosting companies specify the root domain name in the content of the MX record. When using Cloudflare’s DNS, specify a subdomain such as “mail.example.com” in the content of the MX record and create a separate A record in Cloudflare for “mail.example.com” to point to the IP address of your mail server.