How to Add an Mx Record in Cloudflare

Lee Stanton August 18, 2023

Cloudflare makes anything to do with your business, like APIs, websites, and networks, faster and safer regardless of location. More specifically, an MX record in Cloudflare will direct your mail to a mail server. It will indicate how your emails are to be routed, and will always point to a different domain.

If you’re new to Cloudflare, you may need to know how to add your MX records. This article will explain everything you need to know.

Set up Your MX Records in Cloudflare

You may want to set up your MX records in Cloudflare for your domain to ensure that your emails get to your email server, and that your domain isn’t spoofed by any other email senders. It’s important to note that you can’t modify your MX records in Cloudflare if email routing is in use. You’d have to disable email routing.

In order to route your emails to your server on Cloudflare, two DNS records will have to be created:

You’d need to create an AAAA/A record for the email subdomain which will point to your mail server’s IP address.

Type Name IPv4 address Proxy status

A mail 192.0.2.1 Proxied

Here’s an example of an API:

Request
curl -sX POST "https://api.cloudflare.com/client/v4/zones/<ZONE_ID>/dns_records" \
-H "x-auth-email: <EMAIL>" \
-H "x-auth-key: <API_KEY>" \
-H "Content-Type: application/json" \
--data '{
 	 "type":"A",
 	 "name":"www.example.com",
 	 "content":"192.0.2.1",
 	 "ttl":3600,
 	 "proxied":false
Response
{
 "result": {
  	"id": "<ID>",
  	 "zone_id": "<ZONE_ID>",
  	"zone_name": "example.com",
  	"name": "www.example.com",
  	"type": "A",
  	"content": "192.0.2.1",
  	"proxiable": true,
  	"proxied": false,
  	"ttl": 1,
  	"locked": false,
  	"meta": {
   	 "auto_added": false,
   	"managed_by_apps": false,
   		 "managed_by_argo_tunnel": false,
   	"source": "primary"
 	  },
  	"comment": null,
  	"tags": [],
  	 "created_on": "2023-01-17T20:37:05.368097Z",
  	 "modified_on": "2023-01-17T20:37:05.368097Z"
 	},
 	 "success": true,
 	 "errors": [],
 "messages": []
}

You’d need to set up the MX record which will point to the subdomain.

Type Name Main server TTL

MX @ mail.example.com Auto

Here’s an example of an API:

Request
curl -sX POST "https://api.cloudflare.com/client/v4/zones/<ZONE_ID>/dns_records" \
-H 'x-auth-email: <EMAIL>' \
-H 'x-auth-key: <API_KEY>' \
-H "Content-Type: application/json" \
--data '{
 	"type":"MX",
 	"name":"example.com",
 	"content":"mail.example.com",
 	"ttl":3600,
 	 "proxied":false
}'
Response
{
 	"result": {
  	"id": "<ID>",
  	"zone_id": "<ZONE_ID>",
  	"zone_name": "example.com",
  	"name": "example.com",
  	"type": "MX",
  	"content": "mail.example.com",
  	"priority": 10,
  	"proxiable": false,
  	"proxied": false,
  	"ttl": 3600,
  	"locked": false,
  	"meta": {
   	"auto_added": false,
   	"managed_by_apps": false,
   	"managed_by_argo_tunnel": false,
   	"source": "primary"
  	},
  	"comment": null,
  	"tags": [],
  	"created_on": "2023-01-17T20:54:23.660869Z",
  	"modified_on": "2023-01-17T20:54:23.660869Z"
 	},
 	"success": true,
 	"errors": [],
 	"messages": []
}

MX Record Example

Here’s an what an MX record looks like:

Example.com	Record type:	Priority:	Value:	TTL
@	MX	20	mailhostA.example.com	45000
@	MX	30	mailhostB.example.com	45000

Preference is indicated for the MX records by the priority numbers before the domains. The preferred priority value is the lower value. Because 20 is lower than 30, the server will first try mailhostA. If there’s a failure to send the message, the server defaults to mailhostB.

If you’d like both of the servers to get the same amount of mail and to use equal priority, you can configure the MX record like below:

Example.com	Record type:	Priority:	Value:	TTL
@	MX	20	mailhostA.example.com	45000
@	MX	20	mailhostB.example.com	45000

Once configured like the above, the email provider will balance the email load equally between both servers.

Which Would Be the MX Record Backup

An MX record backup would be the MX record for the mail server that has a higher priority value (meaning it’s a lower priority). This ensures that if everything is working as it should, the mail is directed to prioritized servers. In the first table, mailhostB will be your backup server due to mailhostA handling the email traffic when up and running.

How to Configure Your MX Records

If your domain is processed through Cloudflare but you’re having trouble with your email, either you haven’t configured your mail records properly, or you could be missing MX and mail records in the zone file.

Follow these steps in Cloudflare to edit the DNS zone file:

Make sure you’re logged into your account on Cloudflare.
Select a “domain” that you want to add an MX record to.
On the top of your page, open the “DNS app.”

Check that the “A” record for your “mail” sub-domain has a “Grey Cloud” which indicates that Cloudflare isn’t processing it. This is due to the domain name being used by several hosting companies for MX records, which internally resolves the mail server. The domain alone can’t be the MX record when you use Cloudflare. The MX record would be the sub-domain and will have a grey cloud.

Take note that your server Shared IP Address has to be IP 1.2.3.4.

Configuring the “A” Record for the Sub-Domain for “Mail”

Follow these steps in order to get the correct IP for configuration of your mail sub-domain:

When logged into the C panel, select from the “General Information” tab, “Server Information.”
You’ll see your “Shared IP Address” under the window for “Server Information,” and you’ll be able to use this as your IP in the Cloudflare DNS zone.

How to Prevent Spoofing of Your Domain

To ensure that no one can send emails using your domain, you can choose from several DNS mechanisms. These are like TXT records which you have to add to your domain.

(SPF) Sender Policy Framework: An authorized list of IP domains and addresses which send emails on your domains behalf.
(DKIM) DomainKeys Identified Mail: This cryptographically signs emails to authenticate your emails.
(DMARC) Domain-based Message Authentication Reporting and Conformance: You’ll receive reports on your email traffic as well as suggestions on how email recipients are to treat any emails that do not conform.

Why Use SPF Records

There are several benefits to using SPF records:

Ensures emails are delivered: Most bounced or spammed emails are usually from domains that don’t have published SPF records. Spammed or bounced emails will eventually prevent the domain from sending to people’s inboxes.
Assists in attack prevention: SPF records make it difficult for hackers to mimic the domain, and thus prevents phishing attacks, spoofing, and spam emails, which is what happens when the emails haven’t been authenticated.
Complies with DMARC: DMARC serves as a validation system for emails which ensure that only users that have been authorized send emails. DMARC policies tell servers how to redirect mail that fails DKIM and SPF checks. Using these DMARC policy instructions, the emails will either be delivered normally, rejected, or spammed. Adjustments to a policy can be made by the domain administrators after they’ve received the reports on the email activity.

Ensure You Mail Is Directed to Your Server by Adding MX Records in Cloudflare

If you’re starting your Cloudflare journey, you’ll need to add MX records to direct your mail to your mail server. MX records indicate how your emails will be routed, and they ensure that your domain won’t be spoofed by other email senders. Note that you won’t be able to modify MX records in Cloudflare when you’re using email routing. This would have to be disabled.

Did you find the process for adding your MX records to your Cloudflare account an easy process? If so, did you use any of the pointers featured in this article? Let us know in the comments section below.