Cloudflare is a prominent internet security and performance company that offers a range of services aimed at optimizing and protecting websites, applications, and online infrastructure. It operates a global network designed to enhance the security, reliability, and speed of websites and internet services.
One of Cloudflare’s many features is DDoS protection. Cloudflare offers robust protection against Distributed Denial of Service (DDoS) attacks, which aim to disrupt the normal functioning of websites and online services by overwhelming them with malicious traffic. When you configure your domain name and update your nameservers to point to Cloudflare, your website is now protected. Howevever, if your mail record, or also know as MX Record, is pointing to your web hosting server, you might see this message:
This record exposes the IP address used in the A record on YourDomain.com, which you have proxied through Cloudflare.
What does this message mean and how can you fix it?
To keep things simple, let’s use us, BoxFly, as an example. Let’s say we have a customer that is using Cloudflare with one of our web hosting plans and that customer is also creating free mailbox accounts within their control panel. In order for email to properly be delivered the the mailbox, Cloudflare cannot proxy the MX Record. It does not matter where your email is hosted, the MX Record can’t be proxied period. If your MX Record is pointing to the same server as your A Record, then Cloudflare will display the message “This record exposes the IP address used in the A record on YourDomain.com, which you have proxied through Cloudflare.” Basically, anyone that wants to attack your server can perform a lookup of your MX Record using a tool such as MXToolBox.com. The attacker could enter your domain name and find the IP address of your server.
Should you worry? It depends. If you’re a small to medium website, you most likely do not have to worry. It’s larger companies and corporations that should worry about their IP addresses being exposed.
How to resolve? The easiest solution is to signup for an external email provider such as a Microsoft Exchange plan or Google Workspace account. If you’re looking to have just one or two mailboxes, the price is relatively cheap. Microsoft charges $4/month per mailbox and Google charges $6/month per mailbox. Personally, we use Microsoft at BoxFly. It’s all personal preference and if you like Microsoft or Google better. After you signup for an email plan for your domain name, you would then configure your MX Record within Cloudflare to point to Microsoft or Google. Once that happens, the warning message “This record exposes the IP address used in the A record” will dissappear.
Bottom Line
If your email is being hosted on the same IP as your A Record, Cloudflare will display the warning “This record exposes the IP address used in the A record on YourDomain.com, which you have proxied through Cloudflare.” This should not be a big deal for most customers that run small to medium websites. However, should you want to be 100% proxied behind Cloudflare, then you can signup for an external email provider to host your email. You would update your MX Record to point to your new email provider and the warning message from Cloudflare will dissappear.
If you would like assistance in properly configuring your email with us or a 3rd party provider, you can signup for BoxFly web hosting and we provide 100% free support to all our customer.