Create Infinite Email aliases using Cloudflare Email Routing
I did it… I finally passed the big 30…. 30000 unread emails!
I would like to thank my pre-school teacher Jacky, Martha our cat lady neighbour who said I wouldn’t make it and Jacob, my imaginary friend with one eye. Many years of signing up to random garbage and being too lenient has led me to this. But today this changes…
While I’ve created and use many different email addresses to try and limit the garbage, I’ve wanted to move to an easier to manage solution that has the following features:
- allows me to create unlimited aliases easily so I can filter spam messages or addresses that I no longer want to receive and have the ability to identify leaks if any were to happen (ie.
garbage.com@mydomain.comis breached, hackers use the email to send spam/phishing to it which I can pinpoint easily togarbage.com). - be relatively cheap
- allows me to create or use multiple domains so I can filter additionally based on trash levels. (ie. level 1 trash goes to domain1, level 2 trash goes to domain2 and super trash goes to thisdomainwillberotatedsoon)
Notice I haven’t mentioned email privacy in the above. While I value privacy and believe long term I will incorporate it into the above solution, I’m currently looking for a solution that provides improved security and peace of mind. I also have plans to improve my self-hosted setup in the future and will include email aliasing or an equivalent solution. However, for the time being, I believe this might be the easiest and cheapest solution to setup and play around with.
The solution I’m talking about is Cloudflare email routing which allows you to forward emails sent to a domain you own to any email address of your choosing.
This feature is free meaning you only have to own a domain to be able to set this. Cloudflare provides an easy to use solution with just a few clicks.
Setting up the redirection
Important
Before you start looking into this, remember that the ability to send email via Cloudflare email aliasing no longer works. You’d have to find another solution if you need to send email addresses or use your email directly.
What you’ll need:
- an email provider (eg. gmail, protonmail, microsoft, etc..) - Anything will be supported as it’s only used to receive email addresses. Choose whichever solution fits your needs.
- a Cloudflare hosted domain you own and on which you can setup MX records to point to Cloudflare mail servers
- 5 minutes of your time
Start by selecting the Cloudflare domain you want to setup for email routing from your Cloudflare dashboard. You’ll then need to select Email > Email Routing from the left navbar, which should bring you to a page similar to this:
From here, you’ll need to verify your destination address and setup the MX records which should only be a few clicks from the dashboard. Just follow the instructions. Once done, you can setup your routing rules and you can set a catch-all email address from here:
You can also create custom addresses and redirect those to another destination if you wish. (or play around with Cloudflare workers for additional functionality):
If done correctly, you can start using your email address to register accounts from any spammy website. For example, I needed access to Alltrails some time ago so I created an account on Alltrails with the email address alltrails@domain2.com which I now receive all Alltrails spam emails to:
Looking at the email source, we can see it routed via Cloudflare properly:
Note
Email providers may consider these routed emails as spam emails so you may need to play around with filters a little and what not.
Sending emails
Sending emails used to be possible, however Cloudflare discontinued their mailchannels partnership (I’m assuming it was abused a ton..) which means you can no longer send emails. They only allow you to send emails to address you own / have access to (second step phishing maybe? 🤔) and require you to verify you own the address (ie. email verification via email link).
See the following references for more details:
- https://developers.cloudflare.com/email-routing/email-workers/send-email-workers/
- https://www.mailchannels.com/email-api/
- https://github.com/Sh4yy/cloudflare-email
- https://github.com/Sh4yy/cloudflare-email/issues/16
- https://github.com/Sh4yy/cloudflare-email/issues/19
OPSEC, Privacy and notes of caution
- Cloudflare is a one stop shop which centralises a lot of internet traffic. The email are routed through their servers which could technically log all of them for whatever reason… You should make your own decision whether to trust them with your emails.
- For important accounts, I would recommend using your email address directly instead of an alias, unless you need it as part of your OPSEC/Threat Model.
- While I check and I don’t think it’s possible to use the MX DNS records to identify if two Cloudflare domains are connected (ie. like for NS records on Cloudflare domains), there may be various attacks I am unaware off. Do your own research.
- If you plan on using an email client like Thunderbird, you’ll need to have access to SMTP ports which depending on the email provider might be a paid feature (eg. protonmail) or protected by account verification. This is done by providers to reduce spam and phishing emails being sent from their services.