One can in fact send emails from Workers with their Cloudflare-registered domain name through MailChannels [0]. We use it to send MagicLinks [1]. And intend to impl DKIM signing, soon [2].
I’m using the MailChannels integration for contact forms on Cloudflare Pages (including Cloudflare’s Turnstile CAPTCHA alternative [1]). It works really well.
This is neat. I've been using Oracle's Email Delivery service because it's dirt cheap -- I didn't know I could do it for free using Workers. I'm going to try this.
I've tried this. Most of my emails land in either "Promotions" or "Updates", or worse – Spam.
If you really want your emails to be delivered to most recipients Inbox – I would not recommend this.
To validate – please go to https://www.mail-tester.com – in 15 seconds it will evaluate and print your email score (you send it a dummy email). The main thing I see with using free gmail as a custom domain proxy SMTP is: It does not do DKIM (email signatures) except for @gmail.com or google workspace accounts. This reduces the sender score by a LOT.
Edit: The same is also true with forwardemail.net or any "incoming" email routing (free or paid). Because incoming email is just one step of using a custom domain. The main thing is the "Outgoing" email server. Unless outgoing email has full DKIM support for your custom domain, your emails are going to struggle reaching the recipient.
Post author here - I sent an email to mail-tester.com from an email alias I've set up as described in my post; it's gets a "Good stuff. Your email is almost perfect" and a score of 7.5/10
-0.5 from SpamAssassin (FREEMAIL_FORGED_FROMDOMAIN & HEADER_FROM_DIFFERENT_DOMAINS)
-1 for not being DKIM signed
-1 Because Google is in some blacklists
I went the opposite direction and am now paying for Proton and have set up my domains there. For me personally, a better approach than increasing my reliance on a second cloud service (Cloudflare) while continuing to benefit the original (Google) and experience its extreme degree of privacy invasion. This might not be the perfect solution, but for me it's definitely a step in the right direction, even if I move onto something else later.
Further, considering I am regularly inexplicably blocked from accessing websites because they use Cloudflare "protection" (which doesn't like OpenBSD + Firefox strict privacy setting), and considering their recent conduct, there's zero way I'd ever consider using Cloudflare's services regardless of potential usefulness. Not to mention giving up even more control of the internet to these "superpowers" seems like a terrible idea for everyone's sake, IMO.
As someone privacy minded, how do you manage domain ownership? I've recently jumped into this world myself and I feel as though most registrars are unsavory in some way.
Oh, what aspect of domain ownership? I mean, yeah it's true, the whole market around domains is super sketchy and basically unethical IMO, domains should be like $5-10/year at most, for any TLD. I'm using NameCheap, which I fortunately haven't heard any horror stories about, but yeah, I don't have any more faith in them than anyone else, I just got an awesome deal to move my domains over years ago and they seemed to have a good reputation at the time.
I use NameCheap as well for similar reasons -- their pricing seems as fair as it gets in the domain business, and they haven't tried anything scummy enough to make me switch providers.
One thing I don't understand: why can't I pay $100 today and get some kind of proof of ownership for life? Is that just impossible with the domain system as it is?
> why can't I pay $100 today and get some kind of proof of ownership for life?
Because Annual Recurring Revenue (ARR) is everything in this business, and the registries (Verisign etc) are monopolies for a given TLD.
The registrar's minimum cost to hold annual registration on a .com domain is a bit higher than $9.15 ($8.97 to Verisign registry, $0.18 plus accreditation and variable fees to ICANN).
The rest of your registration fee is revenue to the registrar (minus payment processing fees, and plus any upsells).
Registrar pricing is all over the place. GoDaddy used to be low-cost, high upsell. Now they are on the high end of normal pricing (and still high upsell! Don't use GoDaddy!).
NOTE: Cloudflare apparently absorbs the accreditation and variable ICANN fees without passing them on to the customer. These fees total ~$20-45K/yr depending on domain volume -- assume the maximum for Cloudflare. So they are losing a very small amount of money with every domain they register. Loss leader, etc, I'm sure it's a smart marketing write off for them.
Oddly enough, Google Domains is the least bad in this regard. They have an interest in not compromising their control of .dev and it's enough of a small potatoes activity that it can escape subversion into a profit center.
All these articles really need to clearly layout the downside. You can't send emails as the custom domain. At best, your emails will say "sent by x@gmail.com on behalf of officialdomain.org"
My personal email for years has shown "abc@mysite.com via forwardmail.net". I've never had any problems with deliverability.
The "via forwardmail" part is subtle enough that it's not a big deal for me and if you start looking out for it, you'll see it a lot.
EDIT: I was trying out Cloudflare email routing yesterday so I checked one of the test emails I sent. There's no "via Cloudflare" visible, and actually it's sent from smtp.gmail.com so that's probably reputable enough to get high deliverability. All I see in the from field is "abc@mysite.com".
Can someone with more knowledge on this subject explain if there's a technical reason Cloudflare can't 'properly' MITM the inbound email.
That is you have your MX records pointing to `mx.example.com` in your example.com zone config, and enable the Cloudflare proxying of it (usual orange cloud in the UI).
Now, once it's proxied, Cloudflare returns the IP of their mailserver instead of yours on public lookup, just as they do when returing the IP of a proxied webserver.
So this Cloudflare MX server gets your mail, and then as it knows your 'real' MX server it connects to that server and delivers it to you, maybe adding some header or other on the way.
I don't like the fact they use bog-standard forwarding as it necessitates messing with your SPF records, getting crazy forwarding headers and having to navigate ARC etc.
There just seems to be a cleverer way to do this than just do what everyone else does, and they're generally ahead of the curve technically. Must be something I'm missing.
> Cloudflare can't 'properly' MITM the inbound email.
Define 'properly'.
It's a bog-standard forwarding specifically because this is the only way to have to separate systems to operate.
Gmail doesn't know what `yourdomain.tld`[0] is yours and what if it receives anyhting to *@yourdomain.tld it should route it to yourmailboxname@gmail.com.
If you don't point yourdomain.tld MX records to Cloudflare then Cloudflare would never receive anything to @yourdomain.tld, because MX doesn't point at them.
[0] the only way to for it know that is to run some Google Business or whatever it called now, where you actually ... point yourdomain.tld MX records to Gmail and it would process them... but it would not deliver them to yourmailboxname@gmail.com!
BTW it would be absolutely the same idea if instead of Cloudflare you would use Google Business (again, whatsitsname). You would setup 'Send As' in yourmailboxname@gmail.com as a usual SMTP identity which would allow you to use Gmail interface to send from somename@yourdomain.tld, and similar you need some way to explain to Google/Gmail what all mails at *@yourdomain.tld should be forwarded to yourmailboxname@gmail.com.
Yeah, sorry I meant as a soln for when your backend MX actually is *your* backend MX. That is, it knows it hosts the mailbox for localpart@example.com and the mail recipient address matches on the envelope.
I understand the vagaries wrt forwarding to an acount of a different name and you're spot on there.
> That is you have your MX records pointing to `mx.example.com` in your example.com zone config, and enable the Cloudflare proxying of it (usual orange cloud in the UI).
Interesting. I have a few bits and pieces on my Workspace domains to automate mail processing using Google Apps Script so will have to see if I can move that over to Cloudflare. Be nice to extend the functionality to non-GMail inboxes. Thanks for the heads up.
For that to work the destination server, in this case Gmail, would have to know to deliver mail addressed to me@domain.com into your Gmail mailbox. In this example it's a limitation on the Gmail side.
Domains and subdomains are handled by DNS which is why Cloudflare can E2E proxy them. Email mailboxes are handled by an application running on a server.
Sorry - just had to clarify elsewhere too so I obviously wasn't clear... I meant in situations where the backend MX has a mailbox which matches to mail recipient as in the case where you're running your own mail server and would like Cloudflare sat in fonrt of it just like they sit in front of your own webserver.
Obviously if there's any recipient address trranslation in play forwarding becomes necessary.
I see the use case as being for all my side project domains.
After doing stuff like this for years, I’ve ended up going to Migadu, unlimited domains for under $100 year (cheapest plan is $19/yr for almost unlimited domains)
By deliverability issues, I believe you mean outbound mails? I have the same concern but I don’t think that’s related to the cloudflare though. Its only about using gmail SMTP server to send custom domain emails without correct signing
I do this with MailGun across a multitude of professional / company domains.
Never has a problem with deliverability.
MailGun has a very nice option where you can use RegEx in your routing rules, even across domains (and subjects, recipient, etc)
I'm in the process of switching from forwardmail to mxroute. It's $45/yr for unlimited domains and email accounts, 10gb storage.
Have not tested it yet, but it looks good. Their customer service is salty though. Definitely a service geared towards people who already know what they are doing, so ah... wish me luck!
Along the way I did evaluate Cloudflare email routing and it's great, for what it does (no opinion on whether your emails will end up in spam though, I guess we'll find out as more people use it). For personal email on a custom domain through a gmail account, I set everything up in 15 minutes. You end up using the gmail smtp server. Presumably you can use any provider with smtp if you don't like gmail. However... No pop/imap which was a deal breaker for me and why I'm moving on from forwardmail in the first place, hence moving to Mxroute.
I also tested Zoho mail. Not great, not awful. Very confusing UI.
It works great. I don't use Cloudflare email routing service but use something else. But I did a manual test with Cloudflare and it worked really well (thinking of changing it actually).
This seems far more complicated than it had to be? My email (saagar@saagarjha.com) is backed by a personal Gmail account. When I receive mail my domain registrar has some aliases set up to catch it and forward it to my Gmail inbox. When I send mail it goes through an alias: https://support.google.com/domains/answer/9437157. No need to set up a mailserver at all.
I think you completely misread the post, or maybe you didn't read it at all
They aren't setting up a mailserver
They are just using Cloudflare's email routing to do what your registrar is doing
It seems like everything else is mostly the same except your alias approach has some downsides that the OP's maybe doesn't:
"Important: While these directions let you send emails from a custom email alias at your domain, email recipients can still find your personal Gmail address if they inspect the email headers. Emails from your alias are not digitally signed and are more likely to be flagged as spam."
I know they aren't, they're trying to avoid doing that. I suggested another way they could. Based on what other people are saying, about how Cloudflare messes up the sender field for you, I feel like having a Gmail address in the headers might be better.
> about how Cloudflare messes up the sender field for you
... What? Cloudflare has nothing to do with the email sending so it doesn't mess up any sender fields. If you mean for receiving emails, the sender field has always been totally fine for me. I don't see anybody complaining about it, I think you are misunderstanding other comments
[0] https://blog.cloudflare.com/sending-email-from-workers-with-...
[1] https://github.com/celzero/otp/blob/f6bb5593c5173a2844178638...
[2] https://mailchannels.zendesk.com/hc/en-us/articles/712284923...