I have a domain (let’s call it mydomain.com) for which CF is both the registrar and DNS provider. I also use a third-party email provider similar to GSuite/Google Workspace for this domain. Would it be safe to use [email protected] as the email address for my CF account? Could this cause any issues and if so, under what circumstances could that happen?
I use 2FA, but I want to further secure my CF account, and using an external email address introduces an entirely new attack vector, which could be avoided altogether.
It depends exactly on the risks you are concerned about. The main issue with this is if there’s a problem with the domain that stops you from receiving emails, if you lose your 2FA or can’t login for another reason then Cloudflare Support can only talk to the account holder on that email address.
I know plenty of people who use their domain email as their account email address but I’ve also seen plenty of situations here that could have been avoided if the user did not do this. As long as you keep your 2FA Backup Codes and make sure you receive and read any notices from Cloudflare in relation to your domains then technically it should be OK. To be on the safe side and make sure you are able to resolve any unexpected issues that may occur then maybe it’s not the best idea.