OTP pin via email works with one tld but not another

retroman · January 16, 2025, 1:56am

Related to

Access

What is the issue you’re encountering

What steps have you taken to resolve the issue?

let’s call our company, example.

we have a mail server that receives emails for both @example.com and @example.email.

one is the alias of another, so emails sent to [email protected] and [email protected] are sent to the same inbox.

the @example.email alias is newer but it has been active for over a year and receives emails just fine.

i have configured both domains in zero trust, per attached. users logging in with their @example.com address receive their pin via email.

others using @exmaple.email receive no emails from cloudflare.

again, it’s the same mail server. i have scoured all logs, quarantines, activities and see so email arriving addressed to @example.email.

could it be that zero trust doesn’t like the .email tld for emailing?

Screenshot of the error

syda · January 23, 2025, 1:50am

Hi there,

There should be no issue with the TLD. Have you added example.email to your Cloudflare account and the same MX records as example.com?

retroman · January 25, 2025, 5:25pm

thanks, figured it shouldn’t be a problem but still is.

yes, 1 mx record for both .email and .com domains, exact same mail server and priority.

all external and internal emails sent to users at either domain arrive just fine.

here’s something that might explain this, though improbable. at one time example.email was using cloudflare’s email routing. then we pulled the associated mx records from the dns config screen and replaced them with our 1 mx record. the entry is still in email routing, though disabled, per attached image.

wonder if internally cloudflare sees this crippled email routing entry and fails to deliver any emails to the associated domain.

strangely there’s no facility for us to remove this from email routing and reset it to a fresh state to see if that fixes this issue.

any ideas?

retroman · January 29, 2025, 9:45pm

finally got this resolved. it was caused by an overlooked legacy access policy.

link to my other post regarding this:

system · January 31, 2025, 9:46pm

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
One-Time Pin Email not working for all users Access CloudflareAccess	35	6818	April 4, 2022
Cloudflare Access not sending OTP to whitelisted emails Access	9	4711	March 30, 2022
Zero trust email login Zero Trust	4	1024	August 3, 2023
Custom Email Address Not Receiving OTP Zero Trust	0	1054	March 25, 2023
Can't receive email from one time email for my zero trust application Email Routing	1	28	November 3, 2024

OTP pin via email works with one tld but not another

Related to

What is the issue you’re encountering

What steps have you taken to resolve the issue?

Screenshot of the error

Related topics