Alright, thank you so much! That works. Btw, I’ve removed AAAA records since we are not using IPv6 and proxy is off for the A record - mail. Is that ok? It warns that IP might be exposed but for email that’s right, right?
Yes, that’s all ok. If the web and mail server are on the same IP address then that’s expected since the mail server IP needs to be public as it can’t be proxied through Cloudflare (without using Cloudflare Spectrum).
Sounds like your site might be triggering a false positive in Cloudflare’s security settings — this can happen depending on your WAF rules, browser integrity checks, or IP reputation settings.
If you’ve already tried switching to DNS-only and the block still happens, I’d suggest:
Temporarily disabling security features like Bot Fight Mode or specific firewall rules to test.
Check Cloudflare > Security > Events for any blocks related to your IP or country.
Make sure your origin server isn’t blocking Cloudflare IPs, especially if you’re using a CMS or plugin with its own IP filtering.
I ran into a similar issue when setting up an estate agency Ilford website — turned out a firewall rule was misfiring due to how certain parameters were passed in the URL.
Also double-check if any browser extensions are interfering or if your IP is mistakenly flagged.
