Cloudflare’s default configuration only allows proxying of HTTP traffic and will break mail traffic.
If you are following the best practices for Cloudflare MX records and still have issues sending or receiving mail, follow these troubleshooting steps:
Are DNS records missing?
Contact your mail administrator to confirm the DNS records for your domain are correct. Refer to our guides on either configuring MX records or configuring TXT records if you need assistance to add or edit DNS records.
Do not proxy mail-related DNS records to Cloudflare.
If you have an MX record of “mail.domain.com”, then the A record for “mail.domain.com” must have a “grey-cloud” icon next to the DNS A record as demonstrated in our support guide for configuring MX records.
Contact your mail provider for assistance.
If your email does not work shortly after editing DNS records, contact your mail administrator or mail provider for further assistance in troubleshooting so that data about the issue can be provided to Cloudflare support.
Follow these guidelines to ensure successful delivery of your mail traffic:
- “Grey-cloud” your mail-related DNS records so mail traffic isn’t proxied through Cloudflare.
- Use separate IP addresses for mail traffic and HTTP/HTTPS traffic. Cloudflare recommends using non-contiguous IPs from different IP ranges.
- Since mail traffic cannot be proxied through Cloudflare by default, you will expose your origin web server’s IP address. Information on your origin IP address would allow attackers to bypass Cloudflare security features and attack your web server directly.
- Don’t configure MX records for a root domain that is proxied through Cloudflare.
- Many hosting companies specify the root domain name in the content of the MX record. When using Cloudflare’s DNS, specify a subdomain such as “mail.example.com” in the content of the MX record and create a separate A record in Cloudflare for “mail.example.com” to point to the IP address of your mail server.