Cloudflare’s default configuration only allows proxying of HTTP traffic and will break mail traffic.
DNS records used for mail must have a “grey-cloud” icon in the DNS app of the Cloudflare dashboard.
Consult with your mail administrator or mail provider to ensure you have valid DNS record content.
If you are following the best practices for Cloudflare MX records and still have issues sending or receiving mail, follow these troubleshooting steps:
Are DNS records missing?
Contact your mail administrator to confirm the DNS records for your domain are correct. Refer to our guide on managing DNS records in Cloudflare if you need assistance to add or edit DNS records.
Cloudflare support is unable to modify DNS records within your account.
Do not proxy mail-related DNS records to Cloudflare.
If you have an MX record of “mail.domain.com”, then the A record for “mail.domain.com” must have a “grey-cloud” icon next to the DNS A record as demonstrated in our support guide for managing DNS records in Cloudflare.
Contact your mail provider for assistance.
If your email does not work shortly after editing DNS records, contact your mail administrator or mail provider for further assistance in troubleshooting so that data about the issue can be provided to Cloudflare support.
Best practices for MX records on Cloudflare
Follow these guidelines to ensure successful delivery of your mail traffic:
- “Grey-cloud” your mail-related DNS records so mail traffic isn’t proxied through Cloudflare.
- Use separate IP addresses for mail traffic and HTTP/HTTPS traffic. Cloudflare recommends using non-contiguous IPs from different IP ranges.
- Since mail traffic cannot be proxied through Cloudflare by default, you will expose your origin web server’s IP address. Information on your origin IP address would allow attackers to bypass Cloudflare security features and attack your web server directly.
- Don’t configure MX records for a root domain that is proxied through Cloudflare.
- Many hosting companies specify the root domain name in the content of the MX record. When using Cloudflare’s DNS, specify a subdomain such as “mail.example.com” in the content of the MX record and create a separate A record in Cloudflare for “mail.example.com” to point to the IP address of your mail server.
Having an MX record for a root domain proxied through Cloudflare will reveal your origin web server’s IP address to potential attackers.