At the bottom of Email Record Creator page in dash.cloudflare.com, it says “Your domain is not used to send email:” That should be changed to “If your domain is not used to send email:”
As it is, it implies that Cloudflare (who knows everything) has detected that my domain is not used to send email or that it has detected that my Cloudflare settings don’t allow me to send email.
What that section of the page actually does is to help you set up settings to prevent spammers from successfully using your domain name.
The whole page should be improved, however. The top part lets me set up records for SPF, Dmarc, and DKIM, but it assumes I already know the values. It doesn’t tell me how to get them. It should say do this if you use Gmail, do this if you use Cpanel, etc.
“If your domain is not used to send email:”
I agree the “If” would make it clearer. Also, inside the Email Record Creator, “Reporting email addresses” would better be “DMARC Reporting email addresses.”
prevent spammers from successfully using your domain name.
There’s room for improvement. For example, the Email Routing automatically configures the required MX and SPF records…nice, but I manually add the records below to lock things down more completely. Some of these records are less important than others, but most are needed to properly lock down a domain using Email Routing to prevent abuse, but they’re not suggested during Email Routing configuration:
Domain has a revoked DKIM key:
TXT *._domainkey v=DKIM1; p=
“Reject” DMARC record with reporting:
TXT _dmarc v=DMARC1; p=reject; rua=mailto:[email protected]
SPF record for any non-existent subdomains:
TXT * v=spf1 -all
SPF record for all existing subdomains that do not send email (e.g., images.example.com):
TXT images v=spf1 -all
BIMI: Declination to Publish record:
TXT *._bimi v=BIMI1; l=; a=;