I can’t seem to find information about this. There are Cloudflare resolvers out there, which are quite effective. Isn’t Cloudflare supposed to protect against this?
If I’m paying monthly for protection, my IP/server should remain private, you would think.
The resolvers out there search for subdomains that are grey-clouded by comparing it to a list of common subdomains and some try to use historical DNS data and some may even dig MX record to see if they could find your server IP.
Cloudflare couldn’t do anything in this cases. So, if you have orange-cloud all your subdomain and did not host your emails at the same server as your webhosting, you should be safe.
Also, check whether going to
example.com/webmail redirects you to your server’s cPanel, which may also reveal your IP address.
Good point. That’s why, we should never use cPanel based email.