Remote-MTA: dns; linda.mx.cloudflare.net. (172.65.14.34, the server for the domain xn--zone-kp63c.pp.ua.) Diagnostic-Code: smtp; 550 5.1.1 Domain does not exist
Cloudflare MX don’t understand what someone want from them when sending to IDN domain 
I’m seeing the same thing. At first I thought it was this issue, but even after half an hour it still doesn’t work.
Seems IDN related.
I don’t get this error anymore, but nor do I receive the forwarded email on my gmail address.
For me it’s started reporting no use even user correct, after I enabled catch-all it started to report upstream error.
550 5.1.1 Address does not exist (in reply to RCPT TO command)
521 550 Upstream error (in reply to end of DATA command
@valentin_gosu / @dragoangel could you please share the domain you are using so I can have a look? (here or privately at sven (at) cloudflare).
Hi @sven2, my domain already posted in my initial post 
1 Like
My domain is goșu.ro (xn–gou-2lb.ro)
I think this may be related to gmail’s ability to send/receive emails to IDN domains.
I sent one via yahoo, and that one went through.
This can not be related to sender in my case, as cloudflare throwing error. I using my own postfix for sending mail, also tried gmail, yahoo & zoho, this not something about sender.
Okay, upstream error mean that email server in destination address rejected email. I think this way no details and good to get upstream reject status in bounce.
Cloudflare team you will be disappointed - gmail drop forwarded messages via your email system.
Zoho.eu accept, but putting your forwarded mail and validation mail to junk 
.
Yahoo & Outlook (personal, not business) & mail.ru accept Cloudflare forwarded mail fine.
My personal mail server as well accept incoming mail and do not see anything bad in it with rspamd (dmarc, arc, spf are fine. IPs not in RBLS and there was no other bad symbols). I think you need contact Google and Zoho to resolve this.
With catch-all I can receive mail, but not with simple email, it still report not existing email by:
550 5.1.1 Address does not exist (in reply to RCPT TO command) and I still think this due to IDN domain which Cloudflare not fully understand
Issue still persists, @sven2 do you have time to check what is the reason? Happy new year and thank you in advance.
Same issue on my account, if catch-all is enabled gmail responds with
“550 5.1.1 Domain does not exist”
Catch-all disabled, all works fine again.
1 Like
My case directly opposite
http address for verification email doesn’t works!
@dragoangel i’m taking a look, sorry for the delay
Also a note about MX security of Cloudflare in general that could be enhanced:
amir.mx.cloudflare.net, isaac.mx.cloudflare.net, linda.mx.cloudflare.net:
- Servers that don’t enforce cipher suite preferences select the first cipher suite they support from the list provided by clients.
This approach doesn’t guarantee that best-possible cipher suite is negotiated.
With TLSv1.2-TLSv1.3 and strong cipher suite it’s ok, but with support of TLS v1.0-1.2 it’s not ok. - Support of TLSv1.0 on MX is not a problem, better this then fallback to plaintext from my opinion, but why TLSv1.3 not supported?
- Forward secrecy and authenticated encryption not configured.
- DHE suites not supported.
- RSA 2048 bits is quite a small for 2022 year
, specially for a system that works in background. - Cloudflare manage own DNS and DNSSEC for a while, maybe better enable DNSSEC on mx.cloudflare.net and configure TLSA which will provide DANE? DANE for most MTA mean that encryption is mandatory and downgrade to plaintext on 25 port is not allowed.This way works any mail server that support DNSSEC and TLSA.
2 Likes
Hi, sorry, no update on the case?
Sorry, I had a look but I have a hard time finding a way to test / buy a IDN domain.
I think it’s fair to say that Email Routing doesn’t support IDN domains at the moment.
If this will help I can share mine 
zone.pp.ua, it’s used just for testing and it’s free. Can you pm me?
Or in case idn domain not supported better update docs, or even add an info banner which will tell people on email tab for any domain that start with xn-- that temporary it will not going to work
You must be kidding …
I just added / configured email forwarding for an IDN in Cloudflare. This problem is known for at least 6 weeks and the Cloudflare support is unable to test / buy an IDN domain and do nothing about it? Cloudflare is a domain registrar!
Not supporting IDNs in beta is one thing, but letting people enable email forwarding for an IDN domain when it is not supported is a major bug. Is Cloudflare working on a fix or is it the problem completely ignored? Has @sven2 created in issue in Cloudflare’s internal bug tracker or did he do nothing about it? Nobody knows …