And then remove the "`a mx include:_spf.google.com`" part from your SPF. `a`: Cloudflare HTTP Rever

And then remove the "

a mx include:_spf.google.com

a mx include:_spf.google.com

" part from your SPF.

: Cloudflare HTTP Reverse Proxies will never send on your domain's behalf.

mx

mx

: Is pointing to Cloudflare's INBOUND mail servers, they do NOT send OUTBOUND and should not be listed in your SPF.

include:_spf.google.com

include:_spf.google.com

: The "trick" will always authenticate as the

@gmail.com

@gmail.com

, and expose the real Gmail address. Since the SPF is done on

gmail.com

gmail.com

, you're overauthorizing by having

include:_spf.google.com

include:_spf.google.com

, which - depending on the eyes looking at it, is a security issue / risk.

DDarkDeviL And then remove the "`a mx include:_spf.google.com`" part from your SPF. `a`: C...

Adi•2/8/24, 2:07 AM

Oh dang, really good points! Will make those changes, thanks.

AAdi Yes you're right. It's not a perfect solution, and I definitely noticed the "sen...

DarkDeviLOP•2/8/24, 2:08 AM

That "send via gmail" is due to the authentication marks being done on

@gmail.com

@gmail.com

, getting it away would require a proper email service, that would authenticate using your own domain.

DarkDeviLOP•2/8/24, 2:09 AM

None of the free hacky workarounds such as this would do so (... 100%).

DDarkDeviL That "send via gmail" is due to the authentication marks being done on `@gmail.c...

Adi•2/8/24, 2:09 AM

Makes sense, so there's basically no alternative to actually purchasing or setting up an actual email service.

DarkDeviLOP•2/8/24, 2:09 AM

In fact, even some paid ones may not even allow you get such things completely away.

DarkDeviLOP•2/8/24, 2:10 AM

And nope, the stuff i mention in e.g. the Discord link above - about missing alignment

DarkDeviLOP•2/8/24, 2:11 AM

1&1/GMX/

Web.de

Web.de

and others announced three (or four?) years ago I believe, regarding "no-alignment = slow entry"

DarkDeviLOP•2/8/24, 2:11 AM

Google ramped up their requirements in Oct or Nov 2022

DarkDeviLOP•2/8/24, 2:11 AM

And lately, both Google and Yahoo ramped them up here per February 2024.

DarkDeviLOP•2/8/24, 2:12 AM

You aren't able to satisfy the latest February 2024 requirements with a hacky workaround set up like this.

DarkDeviLOP•2/8/24, 2:13 AM

Although it appears Google and Yahoo claims it is affecting senders with 5.000 or more messages, ... the mystery remains: What exactly are they counting the 5.000 messages on?

DarkDeviLOP•2/8/24, 2:14 AM

Google's mail servers itself send quite a bit more than 5.000 messages per day, so Google might only need 5.000 different users, sending one message per day, to hit you negatively...

DarkDeviLOP•2/8/24, 2:15 AM

-> Due to the lack of proper email authentication

Adi•2/8/24, 2:15 AM

Damn

I suppose, do you have a recommendation for cost efficient email?

Adi•2/8/24, 2:15 AM

Also, thanks for taking the time to explain in so much detail, it's very appreciated

DarkDeviLOP•2/8/24, 2:19 AM

Well, I have always been a happy self-hoster of email, and are still doing so in 2024, and doing so very well and problem free.

DarkDeviLOP•2/8/24, 2:20 AM

The vast majority (if not all) that I've seen complaining about self-hosting email not working properly, is literally always due to their own failures to make proper choices, - e.g. many of them are choosing bad providers that continuously house spammers, or otherwise lack proper "abuse handling".

DarkDeviLOP•2/8/24, 2:20 AM

Or otherwise fail to configure the stuff properly, - although it isn't harder than e.g. running your own web server or so.

DarkDeviLOP•2/8/24, 2:21 AM

Re. providers, you definitely want to avoid the cheapest cloud providers that are popping up on the first few pages of Google searches, - if you go a such way.

DarkDeviLOP•2/8/24, 2:21 AM

That said, I'm not always saying that self-hosting will be the way to go.

DarkDeviLOP•2/8/24, 2:23 AM

"Cost efficient" is very depending on your opinion of it though, $10/month could be cheap for one, but too expensive for another and so on.

DarkDeviLOP•2/8/24, 2:26 AM

https://mxroute.com/ offers yearly packages, depending on your storage requirements

DarkDeviLOP•2/8/24, 2:30 AM

(And even seem (from time to time) to offer a life time package for low volume users.)

DDarkDeviL "Cost efficient" is very depending on your opinion of it though, $10/month could...

Adi•2/8/24, 2:42 AM

Well let me put it this way, The top end would be google workspaces, which is eye wateringly expensive.
For our personal usecase, we don't need a high number of email addresses. But we do need a good way of sharing credentials / access among our team. And yeah, deliverability is a priority.
Honestly $10 - $20 a month is fine as long as we're not restricted on the number of domains / accounts we can use.
As far as storage goes, we would probably need around 20 - 50gb (looking into long term)

KNOX•2/8/24, 8:59 PM

How do i set up a worker so that when a specific email address receives an email it gets sent to my server via an http post request?

flux_ray•2/11/24, 11:27 AM

Hi, how can I get the email content with cloudflare workers owo?

aswinbenny•2/12/24, 1:26 AM

I am thinking of connecting my custom domain for forwarding email.

I will set catchall to fwd.mydomain.com in cloudflare routing.

Can I use the workers in such a way that certain mails coming to address that are added to KV like spam@fwd.mydomain.com are rejected?

Is there a better option other KV to stored these emails addresses that should be rejected?

Also is it possible to setup workers in such a way that I can send emails via the custom domain I setup?

fratell•2/17/24, 7:54 PM

@DarkDeviL what if i want get email for custom domain?

Ffratell @DarkDeviL what if i want get email for custom domain?

DarkDeviLOP•2/17/24, 8:02 PM

Does "get" mean just to receive emails, or also to send?

Receiving can be done at no cost through the #email-routing product, assuming you have another mailbox behind it.

However, if you're also looking for something to send, with the custom domain I will say that it would appea to cross a bit out of the scope for #email-routing, and would suggest we continue e.g. in #off-topic.

DarkDeviLOP•2/17/24, 10:28 PM

The only option to avoid that "huge waste" would be to disturb the sender, and have them stop trying to email you.

DarkDeviLOP•2/18/24, 12:27 AM

Have no issues trusting you on that, but it's the only way if you want to avoid processing / seeing it (including, e.g. from the Email Routing summary)

KNOX•2/18/24, 2:44 AM

How do i set up a worker so that when a specific email address receives an email it gets sent to my server via an http post request?

KKNOX How do i set up a worker so that when a specific email address receives an email...

DarkDeviLOP•2/18/24, 4:57 AM

You can send the data you're looking for to your HTTP server using fetch.

Here is one example, which is sending a POST with some data to a Discord Webhook: https://github.com/Tyler-OBrien/cloudflare-worker-emails-to-discord

Nick Reshatoff•2/19/24, 9:39 PM

hi all. hoping someone can help me. I just signed up to create custom domain on my iphone through settings > icloud and it let me setup the domain and transfered me to cloudflare for payment. That is all done now and i am in my cloudflare trying to set up the DNS records. i followed the instructions Apple sent me but the fields do not match to whay i see in the DNS section of cloudflare and i need some help. I tried reaching out to Appe for help and they said i need to contact Cloudflare. I am trying to set up the new domain with Apple icloud mail. Sorry and thank you for the help in advance

NNick Reshatoff hi all. hoping someone can help me. I just signed up to create custom domain on ...

Hello, I’m Allie!•2/19/24, 9:46 PM

What is it asking you to do, specifically?

Nick Reshatoff•2/19/24, 10:13 PM

i am trying to input the dsn records for my new domain on cloudflares website but the instructions that apple provides to input in the MX, TXT, CNAME, SPF, DKIM dont work correctly or i cant get it to verify. Its confusing to set up. Apple support was not able to help me.

Nick Reshatoff•2/19/24, 10:18 PM

It looks like i successfully inputted the MX and TXT but for the SPF apple instructions dont match cloudflare and DKIM keeps telling me the DNS name was incorrect

Rooshan Ahmed•2/20/24, 12:27 PM

hello

Rooshan Ahmed•2/20/24, 12:27 PM

can anyone help me with emails

Rooshan Ahmed•2/20/24, 12:28 PM

i transferred my DNS from goDaddy to Cloudflare now emails are not working of cpanel

Rooshan Ahmed•2/20/24, 1:00 PM

stio_studio•3/1/24, 7:25 PM

Why is cloudflare sending me emails about products when I have unsubscribed and set it to not send me emails in settings?

Sstio_studio Why is cloudflare sending me emails about products when I have unsubscribed and ...

Rotaroo•3/1/24, 8:21 PM

Hi @stio,

Thanks for reaching out. We have a distinction between marketing related emails and transactional emails. The former should be geared towards new product news, announcements, etc and should honor any opt-out settings. The latter provides communication to all active users (including opt outs), and should only be used to provide important information on changes to pricing, changes to how a user may be using a product, or changes to Terms of Service. If this is related to a recent pricing email update, the team wanted to ensure active users were made aware of the potential charges that they may incur in the future.

That being said, please let me know if you’re referring to another email entirely, and I’d be happy to help look into this for you.

RRotaroo Hi @stio, Thanks for reaching out. We have a distinction between marketing rela...

Cyb3r-Jak3•3/2/24, 1:58 PM

If you are an employee then please use /cfrole/cfrole to verify yourself.

Original message was deleted

DarkDeviLOP•3/3/24, 7:11 AM

I would say nothing less than a such kind of CAPTCHA (or at the bare minimum, manual action) when visiting the link for email routing verifications (and other kind of account verification) can do it.

Both some MUA's as well as spam / content filters or scanners have been seen to "activate" links in various different ways, so if a simple GET, to e.g. https://example.com/verify?email=test%40example.com&token=af68ed27 would be enough, you would sometimes either be verified without doing a single thing, or simply by end up with strange errors.

For example, if that link only works once, then you're eventually getting to the link in your browser, and you'll simply get a "Sorry, something went wrong.Sorry, something went wrong.", even though the verification internally succeeded due to the previous request triggering it, which will cause you confusion and try to re-verify, which quite often will be impossible because the system sees you as already being verified.

DarkDeviLOP•3/3/24, 7:25 AM

Undocumented behaviour working for years doesn't equal meant to be working that way, nor that it will continue to do so forever?

DarkDeviLOP•3/3/24, 7:28 AM

Anyway, I'm just making the point that it makes sense to make it tough, in order to avoid eventual "accidental" but automatic verifications, such as for example due to strange ways that some software may work.

! Harmon•3/8/24, 8:54 PM

how do i login to the new email panel?

Shubhadeep•3/10/24, 2:15 AM

I am facing an issue in email routing. Some email from a domain is not forwarded to my destination email which is gmail. And showing result Error. And SPF DMARK DKIM showing none. How to fix this issue. Because the domain sending this email is from bank. Please help

And then remove the "`a mx include:_spf.google.com`" part from your SPF. `a`: Cloudflare HTTP Rever

Similar Threads

Similar Threads

Similar Threads