Absolutely, that error message is there simply to tell you that a record that you are proxying is exposed somewhere else, so it can be discovered even if it’s behind Cloudflare.
It can happen, people can find out the direct IP and attack that directly.
The reason people don’t host mail themselves, but use services like Office 365 or G Suite is for this exact reason. It’s hard to handle mail security well. You would still have an IP exposed directly to the outside that can be attacked and, depending on the actual interest attacking you can spike in someone, they can most definitely bring that down. It’s way harder to attack Google or Microsoft.
Your origin server IP address is exposed, and may be used by hackers to attack your website directly via IP address, if your hosting provider allows such access. Cloudflare protections won’t apply to requests aimed directly at your server via IP address.
I use Siteground, and the default mail provider is on a different domain and different IP address, than the one assigned to my websites.
that sounds interesting. I would have preferred Siteground as well. Unfortunately, I come from Germany and our data protection regulations have changed drastically since May. That’s why I decided to go for “all-inkl” So I’m on the safe side to avoid warnings
If the domain is @gmail.com is the free version that everyone can have. If you want @example.com you should use their G Suite service, which isn’t run on your server, but uses your domain, which costs a bit (not that much) per user and offers various services in addition to e-mail.