Cloudflare Docs
DNS
DNS
Visit DNS on GitHub
Set theme to dark (⇧+D)

Troubleshooting email issues

If you have issues sending or receiving mail, follow these troubleshooting steps.

​​ Are your records correct?

Consult with your mail administrator or mail provider to ensure you have valid DNS record content.

​​ Are DNS records missing?

Contact your mail administrator to confirm the DNS records for your domain are correct. Refer to our guide on managing DNS records in Cloudflare if you need assistance to add or edit DNS records.

​​ Do you have CNAME Flattening enabled?

When set to Flatten all CNAMEs in your Cloudflare DNS settings, queries to all CNAME records will flatten to an A record; no CNAME records will be returned.

Also, if CNAME records are not returned by the queried nameserver (sometimes nameservers will return TXT records), this may result in nothing being returned when Flatten all CNAMEs is enabled. Changing to Flatten at the root should fix any issues with your CNAME records not being returned.

​​ Is Cloudflare Spectrum enabled on your account?

Cloudflare does not proxy traffic on port 25 (SMTP) unless Cloudflare Spectrum is enabled and configured to proxy email traffic across Cloudflare. If you do not have Spectrum enabled, then no email traffic (SMTP) will actually pass through Cloudflare, and we will simply resolve the DNS. This also means that any DNS record used to send email traffic must be DNS-only to bypass the Cloudflare network. Check Identifying subdomains compatible with Cloudflare’s proxy for more details.

​​ Contact your mail provider for assistance

If your email does not work shortly after editing DNS records, contact your mail administrator or mail provider for further assistance in troubleshooting so that data about the issue can be provided to Cloudflare support.

​​ dc-######### subdomain

The dc-##### subdomain is added to overcome a conflict created when your SRV or MX record resolves to a domain configured to proxy to Cloudflare.

Therefore, Cloudflare will create a dc-##### DNS record that resolves to the origin IP address. The dc-##### record ensures that traffic for your MX or SRV record is not proxied (it directly resolves to your origin IP) while the Cloudflare proxy works for all other traffic.

For example, before using Cloudflare, suppose your DNS records for mail are as follows:

example.com MX example.com example.com A 192.0.2.1

After using Cloudflare and proxying the A record, Cloudflare will provide DNS responses with a Cloudflare IP (203.0.113.1 in the example below):

example.com MX example.com example.com A 203.0.113.1

Since proxying mail traffic to Cloudflare would break your mail services, Cloudflare detects this situation and creates a dc-##### record:

example.com MX dc-1234abcd.example.com dc-1234abcd.example.com A 192.0.2.1 example.com A 203.0.113.1

Removing the dc-###### record is only possible via one of these methods:

  • If no mail is received for the domain, delete the MX record.
  • If mail is received for the domain, update the MX record to resolve to a separate A record for a mail subdomain that is not proxied by Cloudflare:

example.com MX mail.example.com mail.example.com A 192.0.2.1 example.com A 203.0.113.1


​​ Best practices for MX records on Cloudflare

If possible, do not host a mail service on the same server as the web resource you want to protect, since emails sent to non-existent addresses get bounced back to the attacker and reveal the mail server IP address.

Cloudflare recommends using non-contiguous IPs from different IP ranges.