Skip to content

Set up email records

There are three reasons to set up email records for your domain:


Receive email

If you only need to receive emails, Cloudflare offers Email Routing for free email forwarding to custom email addresses.

Send and receive email

To send and receive emails from your domain, you need:

  • An SMTP provider.
  • To create two DNS records within Cloudflare.

To route emails through Cloudflare and to your mail server:

  1. Get the IP address and MX record details from your SMTP provider (vendor-specific guidelines).

  2. Add an A or AAAA record for your mail subdomain that points to the IP address of your mail server.

    TypeNameIPv4 addressProxy status
    Amail192.0.2.1DNS only
    API example
    Request
    curl "https://api.cloudflare.com/client/v4/zones/<ZONE_ID>/dns_records" \
    --header "x-auth-email: <EMAIL>" \
    --header "x-auth-key: <API_KEY>" \
    --header "Content-Type: application/json" \
    --data '{
    "type":"A",
    "name":"www.example.com",
    "content":"192.0.2.1",
    "ttl":3600,
    "proxied":false
    }'
    Response
    {
    "result": {
    "id": "<ID>",
    "zone_id": "<ZONE_ID>",
    "zone_name": "example.com",
    "name": "www.example.com",
    "type": "A",
    "content": "192.0.2.1",
    "proxiable": true,
    "proxied": false,
    "ttl": 1,
    "locked": false,
    "meta": {
    "auto_added": false,
    "managed_by_apps": false,
    "managed_by_argo_tunnel": false,
    "source": "primary"
    },
    "comment": null,
    "tags": [],
    "created_on": "2023-01-17T20:37:05.368097Z",
    "modified_on": "2023-01-17T20:37:05.368097Z"
    },
    "success": true,
    "errors": [],
    "messages": []
    }
  3. Add an MX record that points to that subdomain.

    TypeNameMail serverTTL
    MX@mail.example.comAuto
    API example
    Request
    curl "https://api.cloudflare.com/client/v4/zones/<ZONE_ID>/dns_records" \
    --header "x-auth-email: <EMAIL>" \
    --header "x-auth-key: <API_KEY>" \
    --header "Content-Type: application/json" \
    --data '{
    "type":"MX",
    "name":"example.com",
    "content":"mail.example.com",
    "ttl":3600
    }'
    Response
    {
    "result": {
    "id": "<ID>",
    "zone_id": "<ZONE_ID>",
    "zone_name": "example.com",
    "name": "example.com",
    "type": "MX",
    "content": "mail.example.com",
    "priority": 10,
    "proxiable": false,
    "proxied": false,
    "ttl": 3600,
    "locked": false,
    "meta": {
    "auto_added": false,
    "managed_by_apps": false,
    "managed_by_argo_tunnel": false,
    "source": "primary"
    },
    "comment": null,
    "tags": [],
    "created_on": "2023-01-17T20:54:23.660869Z",
    "modified_on": "2023-01-17T20:54:23.660869Z"
    },
    "success": true,
    "errors": [],
    "messages": []
    }

Prevent domain spoofing

There are several DNS mechanisms to prevent others from sending emails on behalf of your domain. These all work as TXT records that need to be added on your domain:

Configure email security records

Refer to Security records to learn how to set up your email security records.

Proxy SMTP traffic

By default, Cloudflare does not proxy email traffic on port 25 (SMTP). You can only proxy outgoing email if you have Spectrum configured for SMTP.