I don’t really want to share the domain name in question, but I’m currently in the process of closing down a Google Workspaces account and using Cloudflare Email Forwarding to forward the email - and I am noticing an uptick in spam making it to the inbox instead of the spam folder. In part it seems because Cloudflare validates the sender when the from: header is spoofed as my address.
Eg. SPF:|PASS with IP 104.30.1.163
DKIM:|‘PASS’ with domain email.cloudflare.net
DMARC:|‘PASS’
Presumably there’s nothing I can do about this? Is it just an unavoidable downside to having emails forwarded instead of using a dedicated account?
Yes, but whichever flag I choose has no bearing here because certain emails spoofing the From address with my email address are passing all the tests anyway. I’m just wondering if there is a workaround for this problem. It seems unlikely but I figured I’d ask.
I’m sorry @michael, but I think you were right. It was a while before switching to Cloudflare that I setup the SPF, DKIM and DMARC headers and I appear to have become less clear upon how they work. Your reply makes more sense to me after reading up on the matter. I’m fairly sure based on some incoming spoofed messages that -all has done the trick so thank you for pointing me in the right direction.
