Email undeliverable when using Cloudflare

Cloudflare’s default configuration only allows proxying of HTTP traffic and will break mail traffic.

DNS records used for mail must have a “grey-cloud” icon in the DNS app of the Cloudflare dashboard.

Troubleshooting tips

Consult with your mail administrator or mail provider to ensure you have valid DNS record content.

If you are following the best practices for Cloudflare MX records and still have issues sending or receiving mail, follow these troubleshooting steps:

Are DNS records missing?

Contact your mail administrator to confirm the DNS records for your domain are correct. Refer to our guides on either configuring MX records or configuring TXT records if you need assistance to add or edit DNS records.

Cloudflare support is unable to modify DNS records within your account.


Do not proxy mail-related DNS records to Cloudflare.

If you have an MX record of “mail.domain.com”, then the A record for “mail.domain.com” must have a “grey-cloud” icon next to the DNS A record as demonstrated in our support guide for configuring MX records.

Contact your mail provider for assistance.

If your email does not work shortly after editing DNS records, contact your mail administrator or mail provider for further assistance in troubleshooting so that data about the issue can be provided to Cloudflare support.


Best practices for MX records on Cloudflare

Follow these guidelines to ensure successful delivery of your mail traffic:

  • “Grey-cloud” your mail-related DNS records so mail traffic isn’t proxied through Cloudflare.
  • Use separate IP addresses for mail traffic and HTTP/HTTPS traffic. Cloudflare recommends using non-contiguous IPs from different IP ranges.
  • Since mail traffic cannot be proxied through Cloudflare by default, you will expose your origin web server’s IP address. Information on your origin IP address would allow attackers to bypass Cloudflare security features and attack your web server directly.
  • Don’t configure MX records for a root domain that is proxied through Cloudflare.
  • Many hosting companies specify the root domain name in the content of the MX record. When using Cloudflare’s DNS, specify a subdomain such as “mail.example.com” in the content of the MX record and create a separate A record in Cloudflare for “mail.example.com” to point to the IP address of your mail server.
Having an MX record for a root domain proxied through Cloudflare will reveal your origin web server’s IP address to potential attackers. See Why do I have a dc-######### subdomain? for further details.
Not finding what you need?

95% of questions can be answered using the search tool. This is the quickest way to get a response.

Powered by Zendesk