Set up email records
There are three reasons to set up email records for your domain:
- To make sure your domain can receive email.
- To make sure your domain can send and receive email.
- To prevent other email senders from spoofing your domain.
The exact values for your DNS mail records depend on your email provider. If you have issues, review the Troubleshooting and contact your email service provider to confirm your DNS records are correct.
If you only need to receive emails, Cloudflare offers Email Routing for free email forwarding to custom email addresses.
To send and receive emails from your domain, you need an SMTP provider. Then, create two DNS records within Cloudflare, following the steps below:
- 
Get the IP address and MX record details from your SMTP provider (vendor-specific guidelines). 
- 
Add an AorAAAArecord for your mail subdomain that points to the IP address of your mail server.Type Name IPv4 address Proxy status A mail192.0.2.1DNS only API exampleRequest curl "https://api.cloudflare.com/client/v4/zones/<ZONE_ID>/dns_records" \--header "x-auth-email: <EMAIL>" \--header "x-auth-key: <API_KEY>" \--header "Content-Type: application/json" \--data '{"type":"A","name":"www.example.com","content":"192.0.2.1","ttl":3600,"proxied":false}'Response {"result": {"id": "<ID>","zone_id": "<ZONE_ID>","zone_name": "example.com","name": "www.example.com","type": "A","content": "192.0.2.1","proxiable": true,"proxied": false,"ttl": 1,"locked": false,"meta": {"source": "primary"},"comment": null,"tags": [],"created_on": "2023-01-17T20:37:05.368097Z","modified_on": "2023-01-17T20:37:05.368097Z"},"success": true,"errors": [],"messages": []}
- 
Add an MXrecord that points to that subdomain.Type Name Mail server TTL MX @mail.example.comAuto API exampleRequest curl "https://api.cloudflare.com/client/v4/zones/<ZONE_ID>/dns_records" \--header "x-auth-email: <EMAIL>" \--header "x-auth-key: <API_KEY>" \--header "Content-Type: application/json" \--data '{"type":"MX","name":"example.com","content":"mail.example.com","ttl":3600}'Response {"result": {"id": "<ID>","zone_id": "<ZONE_ID>","zone_name": "example.com","name": "example.com","type": "MX","content": "mail.example.com","priority": 10,"proxiable": false,"proxied": false,"ttl": 3600,"locked": false,"meta": {"source": "primary"},"comment": null,"tags": [],"created_on": "2023-01-17T20:54:23.660869Z","modified_on": "2023-01-17T20:54:23.660869Z"},"success": true,"errors": [],"messages": []}
There are several DNS mechanisms to prevent others from sending emails on behalf of your domain. These all work as TXT records that need to be added on your domain:
- Sender Policy Framework (SPF) ↗: List authorized IP addresses and domains that can send email on behalf of your domain.
- DomainKeys Identified Mail (DKIM) ↗: Ensure email authenticity by cryptographically signing emails.
- Domain-based Message Authentication Reporting and Conformance (DMARC) ↗: Receive aggregate reports about your email traffic and provide clear instructions for how email receivers should treat non-conforming emails.
Refer to Security records to learn how to set up your email security records.
By default, Cloudflare does not proxy email traffic on port 25 (SMTP). You can only proxy outgoing email if you have Spectrum configured for SMTP.
Was this helpful?
- Resources
- API
- New to Cloudflare?
- Products
- Sponsorships
- Open Source
- Support
- Help Center
- System Status
- Compliance
- GDPR
- Company
- cloudflare.com
- Our team
- Careers
- 2025 Cloudflare, Inc.
- Privacy Policy
- Terms of Use
- Report Security Issues
- Trademark