Set up email records
There are three reasons to set up email records for your domain:
- To make sure your domain can receive email.
- To make sure your domain can send and receive email.
- To prevent other email senders from spoofing your domain.
Receive email
If you only need to receive emails, Cloudflare offers Email Routing for free email forwarding to custom email addresses.
Send and receive email
To send and receive emails from your domain, you need:
- An SMTP provider.
- To create two DNS records within Cloudflare.
To route emails through Cloudflare and to your mail server:
Get the IP address and MX record details from your SMTP provider (vendor-specific guidelines).
Add an
A
orAAAA
record for your mail subdomain that points to the IP address of your mail server.Type Name IPv4 address Proxy status A mail
192.0.2.1
DNS only API example
Request
curl "https://api.cloudflare.com/client/v4/zones/<ZONE_ID>/dns_records" \--header "x-auth-email: <EMAIL>" \--header "x-auth-key: <API_KEY>" \--header "Content-Type: application/json" \--data '{"type":"A","name":"www.example.com","content":"192.0.2.1","ttl":3600,"proxied":false}'Response
{"result": {"id": "<ID>","zone_id": "<ZONE_ID>","zone_name": "example.com","name": "www.example.com","type": "A","content": "192.0.2.1","proxiable": true,"proxied": false,"ttl": 1,"locked": false,"meta": {"auto_added": false,"managed_by_apps": false,"managed_by_argo_tunnel": false,"source": "primary"},"comment": null,"tags": [],"created_on": "2023-01-17T20:37:05.368097Z","modified_on": "2023-01-17T20:37:05.368097Z"},"success": true,"errors": [],"messages": []}Add an
MX
record that points to that subdomain.Type Name Mail server TTL MX @
mail.example.com
Auto API example
Request
curl "https://api.cloudflare.com/client/v4/zones/<ZONE_ID>/dns_records" \--header "x-auth-email: <EMAIL>" \--header "x-auth-key: <API_KEY>" \--header "Content-Type: application/json" \--data '{"type":"MX","name":"example.com","content":"mail.example.com","ttl":3600}'Response
{"result": {"id": "<ID>","zone_id": "<ZONE_ID>","zone_name": "example.com","name": "example.com","type": "MX","content": "mail.example.com","priority": 10,"proxiable": false,"proxied": false,"ttl": 3600,"locked": false,"meta": {"auto_added": false,"managed_by_apps": false,"managed_by_argo_tunnel": false,"source": "primary"},"comment": null,"tags": [],"created_on": "2023-01-17T20:54:23.660869Z","modified_on": "2023-01-17T20:54:23.660869Z"},"success": true,"errors": [],"messages": []}
Prevent domain spoofing
There are several DNS mechanisms to prevent others from sending emails on behalf of your domain. These all work as TXT records that need to be added on your domain:
- Sender Policy Framework (SPF): List authorized IP addresses and domains that can send email on behalf of your domain.
- DomainKeys Identified Mail (DKIM): Ensure email authenticity by cryptographically signing emails.
- Domain-based Message Authentication Reporting and Conformance (DMARC): Receive aggregate reports about your email traffic and provide clear instructions for how email receivers should treat non-conforming emails.
Configure email security records
Refer to Security records to learn how to set up your email security records.