TL;DR: Cloudflare email routing and support sucks, move your email forwarding to ImprovMX.
One of the problems with hosting your website on a service like DigitalOcean is the fact that they don’t offer email. If you want an email address associated with your domain you had to go elsewhere. For many years that was not a problem you could get a free Google Workspace account and have all the email accounts you needed, and then of course Google stopped allowing free Workspace accounts. But there were other options. Mailgun worked well for awhile, they they stopped offering the email forwarding service. Not long after Mailgun stopped letting people route email through them Cloudflare came out with Email Routing.
Cloudflare Email Routing seemed perfect! You could easily setup the DNS records on your Cloudflare dashboard, setup email addresses to forward that email to and it meant you did not need another service to manage your email routing. It seemed perfect, until it wasn’t. I was happy to move the email routing for lgr.ca to Cloudflare, until roughly two weeks ago when I discovered all email sent to my lgr.ca email addresses was being rejected by Gmail.
The specific error I could find in the Cloudflare Email Routing log was:
521 5.3.0 Upstream error, please check https://developers.cloudflare.com/email-routing/postmaster for possible reasons why.
Cloudflare Community Support
Searching Cloudflare Community support shows 26 results for 521 5.3.0 Upstream error. I went through all 26 of those posts looking for an answer. The common theme in the majority of those posts is there is no fix for this. There were four posts that had slightly more information or possible fixes.
Turn it off and on again fix
I kid you not. This fix could be straight out of the IT Crowd. Here is the short version.
I’ve disabled routing, including clearing MX records. I waited a few minutes, reactivated it and it worked.
In any case, I would like to know what happened so that it happens again.
Thank you all.
I tried this for my domain and had no luck. All emails continued to fail for the 521 error.
Emails being rejected with valid domain (google dot com)
This community post suggests that this is a problem specifically with Google (Gmail). It might be, I tried routing email to another email address that was not Gmail and it also failed. I do not have an Outlook email address and well, I could not be bothered to set one up to test. Even if it works with an Outlook email address this is not really a fix, it is merely an attempt to work around the problem that exists. If the problem is Google (Gmail) perhaps Cloudflare needs to work with them to find a way to make it work. After all how many people use Gmail as their primary email provider?
Emails bouncing when using Cloudflare Email forwarding
This is by far the most common type of community support post I found on my search. Simply, Cloudflare email routing does not work, and there is no reply from Cloudflare that will make it work. There is one more reply that I will touch on from the Community support board but it relates to what I did next.
Cloudflare Support Ticket
The lgr.ca domain having this problem is on a Cloudflare Pro plan and I get ticket support I thought I would just put in a support ticket. In the past Cloudflare ticket support has been helpful and usually pretty quick. I thought adding a support ticket surely I would get some help so I put in a ticket and wait for a reply. There were other issues along the way waiting for a reply, but here is the short version of my support ticket.
Ticket was submitted on February 28th, 2023. I did not get a reply from any one at Cloudflare support until March 10th. Now I understand that Pro plan customers don’t get priority support, but 10 days to even reply. The 10 day wait aside, surely the support ticket response would have a fix for my problem. Sadly, it did not. In fact this brings me back to the other community support post that I left out above. First here is the support ticket reply.
Apologies for the delay in getting back to you.
The below community thread may be useful to resolve the issue you are facing.
I hope this helps. Please let us know if you have any further questions or issues by replying to this e-mail or ticket.
Think about this, the Cloudflare support solution is to send me to a community support post that first is not even from an official Cloudflare support person that says:
Turn off the sender verification in your destination mailserver for any forwarded recipient domains.
First off, how is that even a fix? It does not say how to turn off sender verification on any mail servers. It does not link to any other information about how to do this. This might be helpful for people that run their own mail servers, although it sounds more like a spam nightmare if you turn off sender verification on your email server. Google searching for how to turn off sender verification on a Gmail account shows very little helpful results. This apparently is the best reply that Cloudflare support can send to a customer after waiting 10 days for a reply. To say I was unimpressed being nice.
My ticket is still open. I replied the same day I got that reply. It has now been 18 days since my ticket was opened and it sits there, apparently being ignored by Cloudflare support with no further replies from them.
Cloudflare Email Routing Fix
The only fix that appears to work for Cloudflare email routing not working is simply to leave Cloudflare email routing. I had to move my email routing for this domain to ImprovMX and I highly recommend them so far. Looking at the logs of my forwarded email on ImprovMX also tells me that the suggested fix of turning off sender verification on Gmail is not the solution. The ImprovMX logs show that sender verification is still happening on Gmail and many spam emails are being prevented from showing up in my inbox. If I had gone ahead and actually found a way to turn off sender verification on my Gmail account I can only imagine the spam that I would have opened my inbox up to.
Cloudflare has really dropped the ball on this. Email routing is a product many people need and it is convenient that Cloudflare offers it, but here is the most important thing. IT NEEDS TO WORK! With no answers on the Community support section being the norm to this issue and support tickets taking 10 plus days before being replied to with no real solutions it is no surprise that there are people that leave Cloudflare completely. When the best answer support can give is to pass the buck to the forwarding email server and it can be clearly shown using another service that is not the case Cloudflare needs to step up their support of this product OR retire it because their lousy support when it does not work just makes them look dumb.
In short you need to do better Cloudflare.