Record exposes the IP behind autconfig.[mysite].com

I have a SRV record that shows the following tooltip warning:
This record exposes the IP behind autoconfig.[mysite].com which you have proxied through Cloudflare.

Service: _autodiscover
Target: my email server

Is it possible to edit this record so that the IP is not exposed?

If it’s not edited, how much does this vulnerability increase my threat level? I am using hosted email. For what it’s worth, all the records related to my mail server are listed as Proxy Status: DNS Only.


Exposing the IP address of a mail server is unavoidable.

You say you have hosted email, but the warning says your SRV record exposes the autoconfig host IP address. So is your hosted email on the same server as your website?

No, they aren’t on the same server. The site and email are hosted with two separate platforms (I read a reply you had given to an older thread warning against this specifically!).

So is there no solution to this if exposing a mail server IP is unavoidable?

Ah…if is your mail server, then you might as well leave that one unproxied. I’m not even sure which port it uses for the Autoconfig connection, and can’t yet find an answer to that. It’s possible autoconfig won’t work if proxied.

I even feel old-fashioned in that I’ve never even used autodiscover or autoconfig. I think that’s more of a Microsoft thing and I’m not even sure anybody would notice if it wasn’t there. I may be wrong on this one.

1 Like

okk thank you! I’m reading as well that _autodiscover is used for Microsoft Exchange. If I’m not using and never will use Exchange, does that SRV record even need to exist?

This topic was automatically closed 5 days after the last reply. New replies are no longer allowed.