Locked out my account for 3 days now

I’m not receiving any of the authentication codes that I’ve requested and as such I can’t setup 2FA. Below is a transcript with our eMail provider (Zoho) that explains why I’m not receiving the codes:

Thank you, Let me check
I checked with the logs completely, I see a rejection log from [email protected]

What does that mean?

Mail From Address that is used to send email and the From Email Address are not same.

They then had me add the following to my Trusted Domains list:


After making those changes and trying again with still no codes being delivered this is what I’m told (basically the confirmation codes are coming from a spoofed eMail address and are being rejected):

Okay, But the emails send from email account is still getting under
spoofed emails. So, The tool Provider must make sure the Mail From and
the From Address must be same.

I posted this here because my support ticket has not been responded to and I’m at wits end with frustration :frowning:

Have you tried contacting Cloudflare support via [email protected]?
Could you please reply here what your ticket number is?

Maybe this could be an issue with your MX record and A record setup at your DNS domain in the Cloudflare dashboard?

What is the domain name?

At Cloudflare DNS dashboard for your domain, an MX record for your domain should point to a hostname (usually A mail record pointed to the IPv4 address) that is set to :grey: cloud.
See an example below:

@jim20 Do also you have a TXT records added for SPF, DKIM and/or DMARC for your domain?

Ticket Number #2088095

I’m receiving correspondence from Cloudlare supports autoresponder and even this forum’s confirmation message.

DNS is through Goddady. Not Cloudflare for my company. My Zoho Control Panel shows that the
MX, SPF, and DKM are all verified.

It appears the address ([email protected]) sending the confirmation codes is the only one that I’m not receiving. Again Zoho is saying that this is the reason: Mail From Address that is used to send email and the From Email Address are not same


To quick on the reply. DNS is through Google Domains. Not GoDaddy or Cloudflare my my company. DoppelPrintDOTcom

I am sorry, but I do not understand how is this issue related to Cloudflare then if the domain is not being added to the Cloudflare and you do not manage DNS records for it on the Cloudflare dashboard?

  • your domain apperas to be on Google domains (as you stated in the above reply)

Also your email provider is Zoho (as you stated in the above reply).

Moreover, can you receive and/or sent an e-mail?

The topic says you are locked out of your account - which one? From where?

Do you mean you have used your email address on Cloudflare and cannot access your Cloudflare account anymore? - but suddenly you even cannot send and/or receive emails?

Have you recently transfered your domain out from Cloudflare or changed nameservers?

I am locked out of my Cloudflare account.

When I try to login the system wants to send me a Confirmation Code but I never receive it. Zoho states that Cloudflare is spoofing the “[email protected]” and that is why it is not being delivered to my eMail address.

I would love to see the full headers of one of these authentication code emails that actually got through. I’ve never had to deal with this, as I use U2F (or TOTP in the past).

Maybe @cloonan can take a look at your ticket #2088095


I can ask Zoho for it.

But for now how do I get into my Cloudflare account? I have a customer that has been patiently waiting on me to update an A record for a domain that I manage.

Hi @jim20, if you think you have 2fa enabled, it is not for the account you used to contact Cloudflare. In the reply from Support they mentioned We have not detected Two-Factor Authentication is currently enabled for the user associated with email.

For Support to assist, you need to contact them from the email associated with the domain you are inquiring about. If it’s a new inquiry, make sure to mention 2fa. You’ll receive a reply that instructs you to add certain files in certain locations on your site. Once verified, 2fa will be disabled. If you contact them from a different email, as I see on your ticket, the reply will mention If you are writing about disabling two factor authentication for another account please bare in mind that due to security reasons, we can only work with the account owner directly. If this is the this case, the account owner needs to send us an email from the email address associated with the account in question.

You may want to check your email accounts for emails from Cloudflare about adding the domain in order to identify the account that holds the zone. Then, reply to the email you received and indicate you need more assistance. I’ve added myself to that ticket and will see any messages received or sent.

1 Like