I’m not sure if I can agree with you on the second part. Cloudflare handles the domain address and therefore DNS settings must be modified in Cloudflare. This is also mentioned in gmail’s official records related to unverified sender.
The reason of the unverified sender issues might be missing SPF records. My problem is that we have one in place that includes mailgun. I could not test with them but when I send emails directly from the address with an email client (i.e. Thunderbird), the sender cannot be verified. I can only send with non-SSL (port: 587).
I’m fairly new to this topic so I must be missing something…
It may well be a problem with your email authentication, SPF etc. but that still isn’t really related to Cloudflare. Yes, they provide DNS for your domain, but they don’t proxy mail and it’s no different to any other DNS provider.
Your SPF should include any services that send email for your domain, so if you send emails outside of Mailgun, you would need to add it to your SPF.
Perhaps I misunderstand the issue, are you having trouble modifying your DNS records at Cloudflare?
I’m not sure if I need to include anything else in the SPF record in case emails are sent through thunderbird (or any other client). Currently, the client is connected directly to mail.domain.com with non-ssl settings.