We have a standard GoDaddy domain name + associated email address + Cloudflare set up as DNS. Email works fine with non-SSL settings.
- issue: SSL does not work
- issue: email sender cannot be verified by i.e. gmail
Both issues are pretty severe, and I’m out of ideas how to solve them.
Cloudflare DNS settings:
A: mail, 111.222.333.444
MX: domain.com, mail.domain.com
TXT: mg, v=spf1 include:mailgun.org ~all
TXT: mx._domainkey.mg, k=rsa; p=ABCDEFxxxx
TXT: mx._domainkey.yt, k=rsa; p=ABCDEFxxxx
TXT: yt, v=spf1 include:mailgun.org ~all
For all records: TTL: auto, proxy: DNS only
Could someone please advise or help with a possible solution?
Thanks in advance
Cloudflare doesn’t handle email, all email records need to be DNS Only. Both these issues need to be addressed with your mail host.
I’m not sure if I can agree with you on the second part. Cloudflare handles the domain address and therefore DNS settings must be modified in Cloudflare. This is also mentioned in gmail’s official records related to unverified sender.
The reason of the unverified sender issues might be missing SPF records. My problem is that we have one in place that includes mailgun. I could not test with them but when I send emails directly from the address with an email client (i.e. Thunderbird), the sender cannot be verified. I can only send with non-SSL (port: 587).
I’m fairly new to this topic so I must be missing something…
It may well be a problem with your email authentication, SPF etc. but that still isn’t really related to Cloudflare. Yes, they provide DNS for your domain, but they don’t proxy mail and it’s no different to any other DNS provider.
Your SPF should include any services that send email for your domain, so if you send emails outside of Mailgun, you would need to add it to your SPF.
Perhaps I misunderstand the issue, are you having trouble modifying your DNS records at Cloudflare?
I’m not sure if I need to include anything else in the SPF record in case emails are sent through thunderbird (or any other client). Currently, the client is connected directly to mail.domain.com with non-ssl settings.
Could you please advise?
Whoever is hosting those emails should be able to help with the SPF you need. That will be wherever your mail hostname is pointing to.
This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.