Introduction

In this post, I will show you how to set up your DNS within Cloudflare so that you can utilise Cloudflare’s CDN for your website whilst hosting your emails. This post assumes you already have your emails set up and hosted so that they can work when Cloudflare isn’t in use or the DNS isn’t proxied through Cloudflare.

If you don’t currently have emails set up and hosted, there are a few options. I won’t go into detail on how to set any up, but if you’re using software such as cPanel or Plesk on your server, email hosting is built-in and supported by default. There are a multitude of tutorials and guides online for getting these set up and ready. Once your emails are working, test them without Cloudflare then come back to follow the advice of this post.

The problem Cloudflare creates for email hosting

The simplest way to configure your DNS for email hosting is to have your main domain be used as the mail server alongside being the route for your website. This makes it easy to remember and simple to configure and is the standard for software such as Plesk when creating new emails. When using Cloudflare your DNS is handled by their nameservers. To then utilise Cloudflare’s CDN service, you need to ‘proxy’ your DNS records. This means that, while the content is ultimately fetched from your given IP address, all traffic to that DNS record goes via Cloudflare’s servers, meaning your IP address is entirely hidden and protected.

Hiding your IP is a good idea as it stops hackers and spam bots from finding any other websites sharing your server, among other things. However, while your website can work great with proxying enabled, mail servers will struggle. If you then disable proxying, you should find that the mail server then connects and works fine (assuming it’s configured correctly), but the website will no longer benefit from Cloudflare’s free service.

How to configure your Cloudflare DNS for emails

Here is a table of example data I’ve compiled to show you how I’d recommend orchestrating your DNS:

TypeNameContentProxy Status
Amydomain.comYOUR IPProxied
AmailYOUR IPDNS only
CNAMEwwwmydomain.comProxied
MXmydomain.commail.mydomain.comDNS only
SRV_imaps.tcp0 0 993 mail.mydomain.comDNS only
SRV_pop3s.tcp0 0 995 mail.mydomain.comDNS only
SRV_smtps.tcp0 0 465 mail.mydomain.comDNS only
TXTdefault._domainkey[UNIQUELY GENERATED]DNS only
TXT_dmarc[UNIQUELY GENERATED]DNS only
TXT_domainkeyo=-DNS only
A table showing an example DNS configuration

Let’s break this down a bit:

As usual, the ‘main’ A record points from the root domain to the IP of your server. Alongside this, the ‘www.’ subdomain points to the root domain using a CNAME record.

We then have an additional subdomain of ‘mail.’ created and pointed to the same server. Unlike the main A record, however, this is set to ‘DNS only’ which means that Cloudflare does not mask the IP and does not interfere with the traffic.

Then, all set to DNS only, we have 3 SRV records. Once for IMAP, one for POP3, and one for SMTP. These reference the ‘mail.’ subdomain, and their required ports for the email hosting. This allows email clients to automatically identify what server to connect to, should you not want to manually set your emails up each time.

Finally, we then have 3 TXT records, all of which are fairly standard email DNS settings. You should already have these set up, assuming your emails are working without Cloudflare.

Depending on your host, you may need to do some additional configuration on your server to listen for mail on the ‘mail.’ subdomain. However, this might not be required.

Summary

That’s it. If you’re new to setting up and hosting your emails, it can be a bit daunting. If you’re not sure how to troubleshoot email hosting issues, then switching to Cloudflare and finding inconsistencies in your emails can be an extra layer of confusion.

This approach allows you to utilise all the perks of Cloudflare for your website and other subdomains as usual while exposing your mail server correctly for reliable email hosting.

If you have any questions or notes on the content of this guide, please let me know either via my contact form or by leaving a comment below. While you’re here, why not check out some of my other content, such as this post where I explain how to block spam contact forms from WordPress using Cloudflare’s WAF rules?

Leave a Reply

Your email address will not be published. Required fields are marked *