Your MX record points to a proxied hostname. That will cause problems. Any hostnames used in your MX record need to be DNS Only. See the following report for details.
You also have room to improve your SPF record. It currently ends with ?all which is the functional equivalent of having no SPF record. It should end with either -all or ~all to have any effect. There is no point in using the a mechanism if your apex name (naked domain) is proxied, as you will never be sending email from the Cloudflare proxy IPs.