I don’t really want to share the domain name in question, but I’m currently in the process of closing down a Google Workspaces account and using Cloudflare Email Forwarding to forward the email - and I am noticing an uptick in spam making it to the inbox instead of the spam folder. In part it seems because Cloudflare validates the sender when the from: header is spoofed as my address.

Eg.
SPF:|PASS with IP 104.30.1.163
DKIM:|‘PASS’ with domain email.cloudflare.net
DMARC:|‘PASS’

Presumably there’s nothing I can do about this? Is it just an unavoidable downside to having emails forwarded instead of using a dedicated account?

SPF and DKIM DNS entries:

v=DMARC1; p=quarantine; pct=100; rua=mailto:[email protected]
v=spf1 include:_spf.mx.Cloudflare.net include:sendgrid.net ~all

(I’m using sendgrid SMTP to send email.)

Prior to Cloudflare, we’re you using ~all In the SPF record? That could be hardened, as could the DMARC (once you have reviewed the reports)

Yes, but whichever flag I choose has no bearing here because certain emails spoofing the From address with my email address are passing all the tests anyway. I’m just wondering if there is a workaround for this problem. It seems unlikely but I figured I’d ask.

I’m sorry @michael, but I think you were right. It was a while before switching to Cloudflare that I setup the SPF, DKIM and DMARC headers and I appear to have become less clear upon how they work. Your reply makes more sense to me after reading up on the matter. I’m fairly sure based on some incoming spoofed messages that -all has done the trick so thank you for pointing me in the right direction.

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.