LGR

Cloudflare Email Routing Broken

TL;DR: Cloudflare email routing and support sucks, move your email forwarding to ImprovMX.

One of the problems with hosting your website on a service like DigitalOcean is the fact that they don’t offer email. If you want an email address associated with your domain you had to go elsewhere. For many years that was not a problem you could get a free Google Workspace account and have all the email accounts you needed, and then of course Google stopped allowing free Workspace accounts. But there were other options. Mailgun worked well for awhile, they they stopped offering the email forwarding service. Not long after Mailgun stopped letting people route email through them Cloudflare came out with Email Routing.

Cloudflare Email Routing seemed perfect! You could easily setup the DNS records on your Cloudflare dashboard, setup email addresses to forward that email to and it meant you did not need another service to manage your email routing. It seemed perfect, until it wasn’t. I was happy to move the email routing for lgr.ca to Cloudflare, until roughly two weeks ago when I discovered all email sent to my lgr.ca email addresses was being rejected by Gmail.

The specific error I could find in the Cloudflare Email Routing log was:

521 5.3.0 Upstream error, please check https://developers.cloudflare.com/email-routing/postmaster for possible reasons why.

Cloudflare Community Support

Searching Cloudflare Community support shows 26 results for 521 5.3.0 Upstream error. I went through all 26 of those posts looking for an answer. The common theme in the majority of those posts is there is no fix for this. There were four posts that had slightly more information or possible fixes.

Turn it off and on again fix
I kid you not. This fix could be straight out of the IT Crowd. Here is the short version.

I’ve disabled routing, including clearing MX records. I waited a few minutes, reactivated it and it worked.

In any case, I would like to know what happened so that it happens again.

Thank you all.

I tried this for my domain and had no luck. All emails continued to fail for the 521 error.

Emails being rejected with valid domain (google dot com)
This community post suggests that this is a problem specifically with Google (Gmail). It might be, I tried routing email to another email address that was not Gmail and it also failed. I do not have an Outlook email address and well, I could not be bothered to set one up to test. Even if it works with an Outlook email address this is not really a fix, it is merely an attempt to work around the problem that exists. If the problem is Google (Gmail) perhaps Cloudflare needs to work with them to find a way to make it work. After all how many people use Gmail as their primary email provider?

Emails bouncing when using Cloudflare Email forwarding
This is by far the most common type of community support post I found on my search. Simply, Cloudflare email routing does not work, and there is no reply from Cloudflare that will make it work. There is one more reply that I will touch on from the Community support board but it relates to what I did next.

Cloudflare Support Ticket

The lgr.ca domain having this problem is on a Cloudflare Pro plan and I get ticket support I thought I would just put in a support ticket. In the past Cloudflare ticket support has been helpful and usually pretty quick. I thought adding a support ticket surely I would get some help so I put in a ticket and wait for a reply. There were other issues along the way waiting for a reply, but here is the short version of my support ticket.

Ticket was submitted on February 28th, 2023. I did not get a reply from any one at Cloudflare support until March 10th. Now I understand that Pro plan customers don’t get priority support, but 10 days to even reply. The 10 day wait aside, surely the support ticket response would have a fix for my problem. Sadly, it did not. In fact this brings me back to the other community support post that I left out above. First here is the support ticket reply.

Hi there,

Apologies for the delay in getting back to you.

The below community thread may be useful to resolve the issue you are facing.
https://community.cloudflare.com/t/email-routing-521-5-3-0-upstream-error/422198

I hope this helps. Please let us know if you have any further questions or issues by replying to this e-mail or ticket.

Kind regards,

Think about this, the Cloudflare support solution is to send me to a community support post that first is not even from an official Cloudflare support person that says:

Turn off the sender verification in your destination mailserver for any forwarded recipient domains.

First off, how is that even a fix? It does not say how to turn off sender verification on any mail servers. It does not link to any other information about how to do this. This might be helpful for people that run their own mail servers, although it sounds more like a spam nightmare if you turn off sender verification on your email server. Google searching for how to turn off sender verification on a Gmail account shows very little helpful results. This apparently is the best reply that Cloudflare support can send to a customer after waiting 10 days for a reply. To say I was unimpressed being nice.

My ticket is still open. I replied the same day I got that reply. It has now been 18 days since my ticket was opened and it sits there, apparently being ignored by Cloudflare support with no further replies from them.

Cloudflare Email Routing Fix

The only fix that appears to work for Cloudflare email routing not working is simply to leave Cloudflare email routing. I had to move my email routing for this domain to ImprovMX and I highly recommend them so far. Looking at the logs of my forwarded email on ImprovMX also tells me that the suggested fix of turning off sender verification on Gmail is not the solution. The ImprovMX logs show that sender verification is still happening on Gmail and many spam emails are being prevented from showing up in my inbox. If I had gone ahead and actually found a way to turn off sender verification on my Gmail account I can only imagine the spam that I would have opened my inbox up to.

Closing Thoughts

Cloudflare has really dropped the ball on this. Email routing is a product many people need and it is convenient that Cloudflare offers it, but here is the most important thing. IT NEEDS TO WORK! With no answers on the Community support section being the norm to this issue and support tickets taking 10 plus days before being replied to with no real solutions it is no surprise that there are people that leave Cloudflare completely. When the best answer support can give is to pass the buck to the forwarding email server and it can be clearly shown using another service that is not the case Cloudflare needs to step up their support of this product OR retire it because their lousy support when it does not work just makes them look dumb.

In short you need to do better Cloudflare.

Backblaze B2 to Cloudflare Using Page Rules

Two companies I really like are Backblaze and Cloudflare. I have trusted Backblaze for years with my personal computer backup and I have been a long time customer of Cloudflare since 2011 at least. Both companies are part of the bandwidth alliance, meaning you don’t have to worry about bandwidth fees when you are transferring data between a Backblaze B2 bucket and Cloudflare if you set up the Backblaze B2 bucket to run through Cloudflare. Backblaze even gives you a tutorial on how to set it all up, except that is not the tutorial I followed years ago using page rules.

I understand that things change and people might want to host their cdn data on a private Backblaze B2 bucket but it is interesting to me that they replaced an easy to use tutorial on how to use Backblaze B2 with the Cloudflare CDN using page rules with a much more complicated tutorial involving Cloudflare Workers. This is the opposite of a user friendly option. If you are a developer sure, but the page rule tutorial was much more simple and was easy for the average user to setup. I would not even think of sending a client to try and follow the new tutorial.

If you are looking for the old Using Backblaze B2 with the Cloudflare CDN with Page Rules tutorial I have found the Wayback Machine copy here. It is much easier to setup and while it does require a public Backblaze B2 bucket if you are making this content available over the Internet do you really need to make it a private bucket?

Things don’t always have to be made more complicated to work. I have to admit I am a little disappointed in both Backblaze and Cloudflare for removing a good solid easy to use tutorial in favour of a more complicated one.

Mastodon Autopost Plugin

I saw this plugin mentioned on Mastodon today and thought I would give it a try on ClassicPress and see if it worked. Install in ClassicPress went easily, like most WordPress plugins do. There were no warnings and ClassicPress says it is compatible. The only hard part was finding the plugin. I had to search by the plugin authors name to find it. I have to say the authors name, L1am0, does not inspire confidence, but their website looks legit enough.

Once installed and activated I found the settings for the plugin under the Settings menu, which is nice. So many plugins think they deserve their own spot the admin menu, nice to see a plugin that picks the right menu place.

To get started you will need to connect your website with your Mastodon account. Simply start typing the name of your Mastodon server and the plugin will start to filter your choices down. Once you have your server selected you can then authorize the plugin as an app on your Mastodon server. After you authorize the plugin you will be redirected back to your website. This is the only error I had. The plugin output some text and cause a PHP bad header. I had to reload the admin and go to the settings page again to continue.

You can then select if it posts when new posts, pages or media are created, and how it looks. I can’t tell you if the plugin really works yet, since this is the first post I have created since I installed it. Once I publish this post I will come back and let you know.

You can find the plugin in the WordPress plugin repository.

Well look at that. Looks like it works.

Disable the W3 Total Cache Footer Comment

Most of the WordPress/ClassicPress websites I work on use Cloudflare I don’t often have problems with the W3 Total Cache footer comments in the footer. Cloudflare usually just removes them. But recently I was helping a friend with a website that had the W3 Total Cache plugin installed and the footer comments were being inserted. They simply wanted to get rid of them. Thankfully a quick Google search lead me to a WordPress support comment with the solution.

Add the following code to your theme functions file, or a site specific plugin and you can easily turn off the W3 Total Cache footer comments for all visitors to your website.

add_filter( 'w3tc_can_print_comment', function( $w3tc_setting ) { return false; }, 10, 1 );

Safari Blocking Google Analytics

If you do a search on Google for “safari blocking google analytics” you will probably find a lot of posts like the following:

As mentioned above, Safari does not block Google Analytics. You can still still see your website analytics.

Jun 3, 2022
https://www.simpleanalytics.com/en/blog/does-safari-block-google-analytics-and-apple-privacy-updates

No, Safari 14 (or any other version of Safari) will not block Google Analytics from loading and running on a website.

June 24, 2020

https://www.simoahava.com/analytics/no-safari-does-not-block-google-analytics/

Let me inform you that those posts are wrong and Safari as of October 2022 appears to be blocking Google Analytics from logging data.

Running some year end reports from Google Analytics in Google Looker Studio on some of my websites clearly shows that Safari traffic is pretty much nonexistent. There is traffic from Safari doing some log analysis but not that Google Analytics is recording.

If you have been seeing a dramatic drop in your pageviews and other statistics using Google Analytics check to see if your Safari reporting is being blocked. The good news is it appears so far that Google Analytics 4 data collection does not appear to be affected only the original Google Analytics. A good reason to switch over before the New Year if you can.

Get Around the Twitter Social Media Link Ban

Twitter and Elon Musk are getting dumber by the day. Honestly I have mostly stopped visiting Twitter and spend more time now on Mastodon but it recently came to my attention that you can no longer link to your Mastodon account from Twitter. Essentially Twitter has put up what is a virtual wall and not allowing people to link to their own social media profiles on other sites. You can read more about this stupid policy on the Twitter help page (Wayback machine copy in case Twitter deletes it).

Promotion of alternative social platforms policy

December 2022

Twitter is where the public conversation is happening, and where people from all over the globe come to promote their businesses, art, ideas, and more. We know that many of our users may be active on other social media platforms; however, going forward, Twitter will no longer allow free promotion of specific social media platforms on Twitter.

What is a violation of this policy?

At both the Tweet level and the account level, we will remove any free promotion of prohibited 3rd-party social media platforms, such as linking out (i.e. using URLs) to any of the below platforms on Twitter, or providing your handle without a URL:

Prohibited platforms:

Facebook, Instagram, Mastodon, Truth Social, Tribel, Post and Nostr

3rd-party social media link aggregators such as linktr.ee, lnk.bio

Examples:

“follow me @username on Instagram”

“[email protected]”

“check out my profile on Facebook – facebook.com/username”

Accounts that are used for the main purpose of promoting content on another social platform may be suspended. Additionally, any attempts to bypass restrictions on external links to the above prohibited social media platforms through technical or non-technical means (e.g. URL cloaking, plaintext obfuscation) is in violation of this policy. This includes, but is not limited to, spelling out “dot” for social media platforms that use “.” in the names to avoid URL creation, or sharing screenshots of your handle on a prohibited social media platform.

Example: “instagram dot com/username”

If you want to get around this Twitter stupidity keep reading. Note it might end up getting your account blocked, so I am not responsible if that happens to you. You do this at your own risk.

There is a way to get around this and it is really simple, in fact I created a plugin years ago for a whole different purpose that will help you. If you are using WordPresss or ClassicPress you can go and download my plugin either on the WordPress plugin repository or here on my website and install it. Once it is installed you can create a page on your website with the shortcode from the plugin.

For example here is the shortcode I used on my Mastodon redirect page.

[wpexitpage message=”This is a meta redirect to my Mastodon since Twitter is being dumb.” link=”LGR Mastodon Account” url=”https://mstdn.ca/@lgr” seconds=”0″]

The plugin will display the message on the page, create a link on the page using the link text and the destination url. The seconds parameter is how long that page waits before redirecting. The plugin works by adding in a meta redirect tag on the page and not using Javascript. You can read much more about a meta redirect on the W3C website. Because the meta redirect will actually send the page from your website to the person requesting it it sends a 200 response code and not a 301 response code and in my testing (yes I added this to my Twitter account, because honestly this is dumb) it should work fine. Once you have your page created and published just add your link to your Twitter bio or post and it will link to your new page. You can see it on my Twitter bio here.

If Twitter starts banning all links to their users own websites let them play whack a mole blocking all the websites on the Internet.

Google Analytics Exporting Guide

If you have been using Google Analytics to track your website usage and have historical data you want to keep you might want to put this on your to-do list in the New Year. As you may know Google Analytics will stop processing new data effective July 1, 2023 and you will need to move your statistics collection to Google Analytics 4 before then, or perhaps you might want to start looking at other statistics services.

Since July is such an odd month to switch data collection over you might want to get setup on Google Analytics 4 before the New Year so you can start collecting data there and once January comes you can start exporting historical data from Google Analytics into CSV or Google Sheets so you can then create reports using a tool such as Looker Studio (Datastudio) or some other tool like AirTable does something similar.

If you are looking for some help on how to export your data from Google Analytics I found this helpful post, the Ambitious Guide on How You Can Export Google Analytics Data. Unfortunately there does not look like there is a way to export it all. You will have to decide what historical data you want to retain and manually export it and possibly combine so you can use it.

It is unfortunate that Google once again is shutting down a well loved service and making it difficult to get all your data out. While I have already moved to Google Analytics 4 I know I will be looking at other alternatives in the near future since Google Analytics 4 is really not very end user friendly.

Core Web Vitals Biggest Flaw

I will say the majority of time the engineers at Google are really smart and I understand the rational behind Core Web Vitals. Fast web pages are better for everyone, but the way Google measures Core Web Vitals has a major flaw, see if you can spot it in the quote below taken from the Google Support.

The report is based on three metrics as measured by actual user data: LCP, FID, and CLS. Once a URL has a threshold amount of data for any metric, the URL group’s status is its most poorly performing metric. So, for example, if a URL group has poor CLS but good FID, the URL status is “poor.”
https://support.google.com/webmasters/answer/9205520

Did you see the big flaw? Read it again? Still didn’t see it?

Here I will pull it out and bold the flaw Google has made in measuring Core Web Vitals.

as measured by actual user data

Now you might say that is not a flaw that makes perfect sense, by measuring the actual user data Google can see how long the web pages actually load for real people. Except it assumes that your readers have a decent Internet connection. What if, for example, you run a website whose main readers are not privileged enough to have a high speed connection? Your website, by virtue of having readers that are on slow connections, is then pushed down in the rankings. It won’t matter what you do to improve your website if the end users Internet connection is below what Google is expecting for average Internet speed.

For some interesting reading you might want to check out this release from the CIRA. It shows the rural median internet speed in Canada is 9.74 in 2021. Compared to in urban centres the median speed is 51.09. If your website is primarily focused on issues and needs of say the agricultural community, the speed the majority of your users have is roughly a 5th of what Google is seeing for urban users, but Google calculated the Core Web Vitals speed based on the majority of users on the Internet. The majority of Internet users live in urban centres.

Certainly Google would be smart enough to realize this right? It does not appear so. Core Web Vitals does not take into account the users Internet speed to determine rankings that I have been able to find. Of course it might be hidden behind some of Google’s almighty algorithms, but to us poor web managers it is not available. The fix to this problem is not very difficult. Google is already collecting the data to fix it, simply find the speed of the majority of users for sites and base a websites Core Web Vitals on ACTUAL USER DATA, based on the actual speed of the users that visit the site. Unfortunately I can’t see Google making such a move.

I guess Google is not always as smart as they need to be.

The Future of Social Media

Social media has played a huge role the last few years in people’s personal lives, in politics and of course in business. More and more people are on Facebook, Twitter, Reddit, Youtube than ever before, but is that interaction positive. At one time people’s feeds were simply created by the people you follow, then came the algorithms and our social media feeds became not scrolling past the latest photos of our high schools friends kids or the latest news from our great aunt Bessy. Our social media feeds became what the algorithm decided what we might be interested in, except it didn’t did it. In reality our social media feeds became a stream of anger and hate and what drove the most likes and clicks and no matter what great aunt Bessy’s latest news was it could not compete with the rage machine from the algorithm.

Recently Elon Musk, took over Twitter, and it has not been going well. If you have spent anytime on Twitter in the last week you have probably noticed an increase in troll and fake name accounts tweeting hate and generally just being jerks. Then there is the fact that Mr. Musk decided to fire a large number of employees.

With the apparent collapse of Twitter being imminent another social network / microblogging service has arisen with a wave of Twitter refugees, Mastodon. Mastodon has become the new social network of all those wanting to have a backup social media account or in some small way to flip to bird off to Elon Musk. Mastodon is by no means new, according to Wikipedia it has been around since 2016 but this new wave of sign ups has certainly brought new light to the service and what is has to offer.

Let me be upfront, Mastodon is not Twitter. It has many similarities but it is missing much of the rage farming and hate that Twitter has, hopefully it can stay that way. Mastodon is also not Twitter in many other ways:

It is open source. Want to look at the code that runs it, go for it.
Mastodon is not one site, it is many sites that talk to each other. You create an account on an instance and can follow anyone on any other instance.
Because Mastodon is open source, you have choice in how you access the system. You can use the official apps or sites or you can try other apps what ever device you like.
Your feed is not an algorithm! Your feed is made up from the people you follow. You can also check the feed for all the people that have accounts on your instance and the feed for the entire Fediverse, what they call the entire network.
The instance you decide to make an account on is managed and run by someone that is most likely donating their own time and money to running that instance.
Many instances are growing quickly so you might want to be patient as they grow and get up to speed with the new influx of users.

If you want to give Mastodon a try the hardest part is finding an instance to start on. Don’t worry if you want to change to a different instance later, you can. Personally being a Canadian I went looking for an instance that was in Canada and I was happy to find mstdn.ca. My reasons were mainly to look for an instance that was closer to me than being on the other side of the world. The side benefit is I liked the rules of mstdn.ca.

If you are a Twitter user and are tired of being a pawn of another billionaire I encourage you to give Mastodon a try.

BTW: Thanks to PermaClipart for the Mastodon logo image.

Cloudflare Location Check

Recently I had a client come to me with a very interesting problem. They have multiple web servers running behind a Cloudflare load balancer and the majority of those requests flow through the load balancer and are directed properly. However, there were still a number of requests that would make it through straight to the origin IP’s. The majority of those requests were often attempts at common WordPress exploits or simply plugin scanning looking for vulnerable plugins. If those requests were properly going through Cloudflare they would be dealt with by the Cloudflare firewall but by using the IP address these bad actors were able to bypass that layer of security.

Thankfully Cloudflare has a way to check to see if the request actually passed through Cloudflare if the website has turned on the Cloudflare IP Geolocation. That service automatically adds the country code value passed along in the CF-IPCountry request header to the origin web server. If you want to know more about the Cloudflare IP Geolocation check out their support document.

The logic is pretty simple, if the request does not have the CF-IPCountry request header then the request did not pass through Cloudflare (and the Cloudflare Firewall) so redirect the request back to the fully qualified domain name.

/** * Cloudflare Location Check * * Checks for the Cloudflare location header. This is only there if the visitor has come through Cloudflare. * If the request does not have this it is direct access and should be redirected to the host name * */ function lgr_cflocation_check () { //the country header is added by Cloudflare. If it is not there then this is direct IP access and needs to be redirected. if( !$_SERVER["HTTP_CF_IPCOUNTRY"] ) { //send them to the full URL which should add it. header("Location: ".home_url().$_SERVER['REQUEST_URI']); die(); }

} add_action( 'init', 'lgr_cflocation_check' );

If you are having problems with direct access to your website through the IP address this might help you.