Issues with MX record exposing origin IP

I have multiple domains from Namecheap and, I added two of them to Cloudflare.
Let’s say they are (IP: 10.10.10.x) and (IP: 10.10.10.y)

the mail server of points to 10.10.10.x and,
the mail server of points to 10.10.10.y

Now when I added both these domains to Cloudflare,
Everything seems okay with but,
but there’s a Flag beside the MX record of saying that it is exposing the origin IP.

Note: I understand that the Cloudflare does not proxy email and that the Mail server should be on a different IP. BUT My question is when both the mail server points to their respective Primary Domain IP (that is the Primary Domain and the Mail Server uses the same IP), why should one domain in Cloudflare raise a Flag and the other Doesn’t???

If they are identically configured, there shouldnt be a difference. Most likely they arent.

What are the two domains in question?

One is and the other was, I removed both of them from Cloudflare and then added to cloudflare only. If you want I will try adding the rest of the domains and see if the same situation happens again. *Currently facing the Flag situation with currently doesnt have any MX record and the naked domain as well as the www record are proxied, so right now you shouldnt get a warning for these records.

I know but when I add an MX record like:


I start to have the flag immediately!

as advised by some sources if I disable the Proxy for the A record mail …
the flag moves from the MX record to the A record!

what should I do so that I do not expose my origin IP and also not get this Flag!

An MX record will typically always expose your address, either explicitly or implicitly.

So for some of the domains with the same nature (both mail server and the domain pointing to the same IP), the address if being exposed implicitly and may be that’s why the Flag did not show? is this the case? implicit exposure?

As I said, an MX record should always expose it one way or another.

Can you post screenshots of both domains where it is different, with IP addresses redacted?

The issue is, I got confused and removed all the domains from Cloudflare. I think it’s better If I try to recreate the situation and then continue with this…
So at this point, do I just ignore the Flag?

The flag alerts you that the address is exposed. In the context of an MX record you cannot avoid that, unless you point to another address which still will be exposed.

So what is your final suggestion, is there are better way of doing things? Security wise speaking…

A final suggestion to what? If you are concerned about your address being exposed you need to get an additional one which can handle emails.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.