My Cloudflare IP is shared with a phishing site and I have huge problems in sending my mails

My mails are blocked by some antispam services

I wrote to a postmaster of a service that blocks my mails and he answered that my Cloudflare IP is shared with a phishing website, so my IP is blacklisted. And that is true, I saw it on Spamhouse org.

He suggested me to contact Cloudflare, which it seems impossible, so I write here

How can I solve the issue?

Greetings,

Thank you for asking.

I am sorry to hear you are experiencing an issue with receiving and/or sending e-mails while using Coudflare for your domain name.

Kindly, see below suggestions and tips for troubleshooting.

Usually, the MX record should point to a hostname such as mail , and the A (or CNAME ) type record for that hostname should be set to :grey: (DNS Only).

Furthermore, if you recently moved your domain to your Cloudflare account, I could try to troubleshoot at first sight without knowing anything other as it could be related to either:

  1. Wrongly setup e-mail related DNS records at the DNS tab of Cloudflare dashboard for your domain name
  2. Possibly missing some TXT /CNAME records (for SPF , DKIM, DMARC if so?)
  3. You are using a hostname like yourdomain.com which is :orange: (proxied) rather than the unproxied :grey: (DNS-only) like mail.yourdomain.com (possible this one not existing or is :orange: instead of being :grey:) at the DNS tab of Cloudflare dashboard, in your e-mail client for sending/receiving server (MS Outlook, Mozilla Thunderbird, etc.)

May I suggest checking below article if your e-mail records (usually the A mail and the MX record) are configured properly while you are using Cloudflare for your domain name:

Thank you for your help, I will try to check what you suggested
Have a nice day!

Everything is ok with my settings.
That Cloudflare IP is blacklisted

Is there someone here working in Cloudflare company who can fix this issue?

Some other mails of mine were rejected today. This is affecting my work very very badly.

Ref: SBL583233
188.xxx.xx.x is listed on the Spamhaus Block List - [
Phishing hosting @188.xxx.xx.x


The Spamhaus lists are used by mail services to filter incoming mail.

As you are not using Cloudflare for e-mail (SMTP) traffic, the warning is not relevant, and you can safely ignore it.

Furthermore, as this comes up frequently, give it time and it’ll roll off their system. If you want more backstory, I’d suggest you to use the :search: search icon from the top navbar of these forums.

Otherwise, as you’re saying:

Share your domain name here so we could double-check and troubleshoot if you’ve correctly configured e-mail related DNS records at the DNS tab of Cloudflare dashboard for your domain name.

Nevertheless, I’ve already posted the step-by-step what to re-check and how to configure your e-mail for your domain while using Cloudflare in my first post.
Please, take a look there.

Thank you.
My provider has checked everything and assured me that my DNS configuration is ok…

I wrote to a server that rejected my emails last week and they wrote me that the fault is Cloudflare’s and not mine
They told me to write here and ask for a fix, as my IP is shared with a phishing site
They whitelisted me temporarily.

Same thing with Proofpoint Cloudmark, I had to wrote asking to whitelist me
but today I had other mails rejected

This is driving me crazy

Can you please check this, blacklisted, which apparently is sharing the IP with me?

Phishing hosting located here:
https post-ch-return . com/
→ https track.em-trkcd . com/?a=X&c=X&co=X&mt=X
→ https t.findbestonly . site/aff_c?offer_id=X&aff_id=X&aff_sub=X&aff_sub2=X&aff_sub5=&#rafl
—> https sitebes t .store/c/THHFvF9?s1=X&s2=X&s3=X&offer_id=X&first=&last=&country=&zip=&city=&address=&email=&phone=

$ dig +short t.findbestonly . site

last but not least: since 2018 I have this settings and never had any problem
The issue began to appear since a couple of weeks…

Thank you for feedback information.

Kindly, make sure this A mail hostname at the DNS tab of Cloudflare dashboard it set to unproxied :grey: (DNS-only).

That’s why you’re experiencing issues.

Nevertheless, if you’re sending e-mails via contact form or some other web app, make sure you’re using correct SMTP outgoing server (mail?) with assigned credentials.

Nevertheless, you might want to modify your TXT record related to the SPF, as far as your MX records are using “One” service provider alongside your hosting/server (which is using mail hostname and not MX hostname).

Should be like:

"v=spf1 ip4:89.40.174.244 include:_custspf.one.com ~all"

Thank you, I will check and try.

But why all the other mails arrive correctly if settings are not ok??
I send hundreds every day and “only” some are blocked

And why until a couple of weeks everything went ok?

I really do not understand

Are you sure domain dogwelcome.it is hosted on 89.xx.xxx.xxx? I can only see dogwelcome.eu domain name.

Furthermore, the hosting IP isn’t being blacklisted at all for now.

Maybe something you changed or what else could be inspected using the Audit Log at Cloudflare dashboard when you take a look back a while what happened if your A mail hostname or any other changed due to some reason.

My issues happen with mails coming from a form in my website. When I receive the error message (mail rejected) I try to forward them via Thunderbird and same, rejected.

They contain text + images (my logos)

  1. Make sure you configure your SPF firstly.
  2. Secondly, decide and configure your “web form” either to send out e-mails from your “web form” via:
    a) using unproxied :grey: (DNS-only) hostname mail.dogwelcome.it
    b) or rather using the MX of “One” provider’s steps as for example for MS Outlook as described at the link from below:

Double-check which of your incoming/outgoing hostname (server) at Thunderbird you’re using.

I changed nothing at all - for this reason I don’t understand why all went ok for years and now I have this issue.
My provider told me that everything is ok as always and sent me the configuration I sent you…

Weird :slight_smile:

Inspect the mentioned Audit Logs for any event.

Hi! Sorry, I couldn’t write for a day because I wrote too much.

I checked all the settings, they are ok, they are as you wrote me to do. They were already ok

A mail is not proxied (DNS only), as you suggested to check.

Today I had no errors, all may mails arrived correctly. Hope the issue is gone for good (but I did nothing!! Settings were ok… Weird.)

Audit Logs inspected, no changes, nothing
In the meantime, it seems that the problem has self-fixed.
Thank you!! Bye!!

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.