"DNS only" for CNAME mail - IP exposed

I use Gmail (POP3) to receive emails from my work email account (@mydomain). After connecting my domain to Cloudflare, I started having issues with my email: I stopped receiving emails and Gmail was informing me that there was some issue. So I went to my Cloudflare account and edited the CNAME email: I changed it to “DNS only”. That fixed the issue and now my email is working fine.

My understanding is that, by changing the “CNAME mail” to “DNS only”, my email is connected directly to my server provider, without being affected by Cloudflare (which is what I want for my email).

But now, when I visit my Cloudflare account I see the following notice: “This record exposes the IP address used in the A record on [mydomain]. Enable the proxy status to protect your origin server”.

What’s the solution to this issue? I would prefer not to have my email affected by Cloudflare, that’s why I changed it to DNS only, but now I am worried that the IP exposure may be a risk?

The only total solution is to not run your mailserver on your webserver. If moving your email to a dedicated platform, such as Google Workspace, is not something you are willing to implement, you will need to ignore the notice about the exposed IP, and continue on as you did before you added Cloudflare to your domain.

It’s not an uncommon configuration, and I wouldn’t spend much time concerned about it. There are ways to secure your webserver so that it will only respond to connections that are routed through Cloudflare. You can use a firewall to limit HTTP
& HTTPS access to only Cloudflare IPs. Authenticated origin pulls are an additional step that you can implement.

1 Like

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.