Cloudflare DNS Setup
Use this guide when Cloudflare hosts your DNS.
Important Cloudflare rule
Mail records must be DNS only. Do not proxy mail host records through Cloudflare.
For mail.yourdomain.com, the cloud icon should be gray, not orange.
Add the A record
| Field | Value |
|---|---|
| Type | A |
| Name | mail |
| IPv4 address | 203.0.113.10 |
| Proxy status | DNS only |
Add the MX record
| Field | Value |
|---|---|
| Type | MX |
| Name | @ |
| Mail server | mail.yourdomain.com |
| Priority | 10 |
Add TXT records
Add SPF, DKIM, and DMARC exactly as shown in PING8.
Cloudflare may display TXT values with quotes, but you should paste the record value exactly once.
If the DKIM value is long, Cloudflare can store it as one logical TXT record. Do not split it into multiple separate TXT records.
DMARC starting point
Start with:
v=DMARC1; p=none; rua=mailto:dmarc@yourdomain.comAfter delivery is stable, move to stricter policies if your organization requires it.
Verify
Cloudflare DNS changes are usually quick, but verification can still lag. If PING8 does not verify immediately, wait a few minutes and try again.
Cloudflare checklist
- A records used for mail hostnames are DNS only.
- MX records point to an unproxied hostname.
- SPF exists once at the host shown by PING8.
- DMARC exists once at
_dmarc. - CAA or firewall rules do not block certificate issuance if you use managed TLS.
- PTR/rDNS is still configured with the IP provider, not Cloudflare DNS.