• Is Cloudflare Silently Dropping Emails?
• Is This a Known Issue?
• Time to Find an Alternative
• Switching Provider
• But What About My Old Emails and Data?
• Bonus: Activate GCP
• Conclusions

Hey there!

I know this year I haven’t had much time to dedicate to blogging, since I’m giving priority to my book (The CloudSec Engineer), but I carved out some time to talk about something that recently made my digital life a bit… complicated.

In the past couple of weeks, I had to replace my old email setup and embrace Google Workspace.

But why the switch? Well, let me tell you a story.

Is Cloudflare Silently Dropping Emails?

I have been using Cloudflare’s Email Routing feature for a while, and I have been very happy with it. I even wrote about my positive experiences in a previous blog post titled “Serverless Emails with Cloudflare Email Routing  ”.

However, a few weeks ago, a partner of mine encountered an issue. When they tried to send an email to an address managed by Email Routing, they occasionally received a bounce-back message claiming the recipient’s inbox was full, even though it was way below quota. And apparently this has been happening for a few months.

Alarm bells started to ring, and I started to investigate.

I initially suspected the issue might be on the sender’s end, so I requested more details. The screenshot I received confirmed my fear: the email was being rejected on my side.

So I went checking on Cloudflare, but the additional challenge is that you don’t get much visibility at all on the emails that are being routed (and the errors that might be happening). On top of this, with my current plan I could only access the Activity Log for the last 24 hours, making error tracking quite challenging.

Nevertheless, I managed to pinpoint a couple of generic errors which confirmed emails were silently dropped:

Is This a Known Issue?

My first instinct was to open a support ticket with Cloudflare to address this behaviour and ask for help, but I hit a roadblock. Only paid plans allow users to raise support tickets, even for genuine service issues.

Instead, they redirect you to the Cloudflare Community Forum.

Now, the previous two times I had to use the Cloudflare Community Forum, I had a very negative experience. The website seems unmonitored, and if you get a reply, it is often on the passive-aggressive side and unhelpful.

Anyway, after digging a bit into the old issues, I found a related post opened one year ago: Inbox Full Error.

I’ve left a comment and asked if anyone wanted to help me troubleshoot this potential bug, but given the initial response the user got, I didn’t have much hope of getting a reply (and in fact still no one hasn’t replied to my comment).

Time to Find an Alternative

I had a task sitting in my Notion backlog for 1-2 years now, which was to explore moving to Google Workspace. This time, I had no choice, so I started to look into it.

We are talking about moving a dozen domains, plus my personal email address with ~17 years’ worth of history and emails in them.

My main requirements were:

• Multiple secondary domains: I needed the flexibility to link all my domains to a single Google Workspace account.
• Unified management: I aimed to manage everything from one account to avoid the hassle of toggling between Chrome profiles.
• Catch-all functionality: Receiving emails for any domain/user combination, even without specific inboxes, was crucial.
• Email history retention: Migrating all my old emails from my personal Gmail account to Google Workspace was a must.
• Cost efficiency: I already subscribed to Google One for my personal account and wanted to consolidate billing post-migration.

Switching Provider

To keep this blog post short, I decided to put the step-by-step instructions (with screenshots) on CloudSecDocs:

However, here’s a summarized version of the steps I followed:

1. Create a Google Workspace Account
   1. Create an account on Google Workspace, providing a domain you own as Primary domain
   2. Pick a subscription plan and a payment plan
      • Notice that Google will try to put you in a more expensive Business Plus plan by default.
   3. Verify your Primary Domain (via TXT records)
   4. Harden the Admin user, add MFA and Passkeys, and enrol in the Advanced Protection Program
2. Setup Gmail for the Primary Domain
   1. Create Aliases
   2. Setup the MX records
   3. Setup a Catch-All Address
   4. Authenticate outgoing emails (DKIM)
   5. Setup an Outbound Gateway
3. Setup Gmail for the Secondary Domains (with a similar process to the Primary Domain)

But What About My Old Emails and Data?

That’s where it gets painful.

The last step involves migrating my old emails, along with other data like calendars, Google Drive, and Google Photos, from my personal Gmail account to the new Google Workspace account.

As for the section above, I decided to put the step-by-step instructions (with screenshots) on CloudSecDocs:

Here is a summary of the data I had to migrate:

Bonus: Activate GCP

Finally, the last step was to activate Google Cloud Platform (GCP) for my Google Workspace account.

This meant enabling the service, setting up users and groups, and configuring billing.

The step-by-step instructions (with screenshots) are on CloudSecDocs:

Conclusions

I hope you found this post valuable and interesting, and I’m keen to get feedback on it! If you find the information shared helpful, if something is missing, or if you have ideas on improving it, please let me know on 🐣 Twitter or at 📢 feedback.marcolancini.it.

Thank you! 🙇‍♂️