OTP is not sent to an email address if it is tied to a Cloudflare account and all incoming emails are disabled in their communication preference?

The title pretty much says all, but let me leave this as a report.

When I enabled Access Policy on my Cloudflare Pages Preview Deployments, an Access Policy for self-hosted application (i.e. my Cloudflare Page) is created in Cloudflare Zero Trust platform (as of 2022/05.)
It automatically defines OTP authentication and member(owner)-only allow list in the policy.

This is all good so far, but when I actually visited preview environment and triggered OTP for my email address (which is the same and “allowed” address of my Cloudflare account,) OTP email never arrived. Not found in spam box either.
Then I tried a different address that is NOT tied to any Cloudflare account, then OTP email arrived!

I googled for the issue but could not found exact answer.
This one was kinda close but conclusion was not obvious. However it refers to “unsubscribe service” so I suspected email unsubscription setting might be interefaring OTP email to be sent.

Visited “My Profile” page in my Cloudflare account and indeed my preference was “Cloudflare may not send me emails” like so:

Usually such preferences are meant to be applicable only to marketing or news emails and NOT for OTP/password reset and other important ones, at least that was my understanding. Anyway, after enabling Cloudflare emails for All Categories in the preference, OTP email did arrived.

Hope this helps someone.
Of course, the true problem could have been different (such as internal system delay, etc.) but only CF team can tell. It would be cool if they look into the issue.

1 Like

Something like this has come up before, it seems to be a case of a suppression list being applied (in my opinion, too widely).

We having the same issues here. Both I and my clients are not receiving OTP. How do we escalate this to Cloudflare?