🚀 Creating and Routing Email Addresses with Cloudflare Email Routing
Presented by: Apoorva Ravikrishnan, Celso Martinho, João Sousa Botto
Originally aired on October 29, 2021 @ 2:30 AM - 3:00 AM EDT
We are very excited to announce Cloudflare Email Routing. Everyone should have multiple email addresses, for the online banking login to stay separate from mailing lists and spam, but it's been quite cumbersome for some to do. Cloudflare Email Routing helps create free email addresses for your domain, and redirect them all to the mailbox you already use - like Gmail or Outlook.
Read the blog post:
Find all of our Birthday Week announcements and CFTV segments at the Birthday Week hub
English
Birthday Week
Transcript (Beta)
Hi everyone. Thank you so much for tuning in. This week is a very, very special week for us.
It's Cloudflare's 11th birthday. And this week we'll be announcing a series of releases that are designed to help build a better Internet.
I'm Apoorva Ravikrishnan from the product marketing team.
And I'm here today with folks from product and engineering team to talk about one of the releases that went out today, email routing.
Before I pass it on to my colleagues here, so they can introduce themselves.
I want to note that if you have any questions while still watching the segment, please do send them in.
We'll save some time toward the end to respond to all of them.
Anyway, João, do you want to quickly introduce yourself? Sure. I'm João Botto.
I'm a product manager here at Cloudflare. And amongst other products, I am the product manager for email routing, which is the exciting new product that we just announced today.
Celso, do you want to introduce yourself as well? Sure. My name is Celso Martinho.
I'm an engineering director based in Lisbon, the Cloudflare Lisbon office.
And I'm building a team to tackle the email feature that we just announced today.
Really excited about this. Yeah. Is that a call out for people that are excited about email to join us?
Yes. Cloudflare is always hiring and email is now one of our most exciting features.
So we're definitely hiring for email. I love the plug.
Definitely, folks who are seeing this, this is a very good plug. Please do check out our careers page.
We are expanding and we'd love to have talented folks on our team.
Anyway, let's kick off this segment with an overview of email forwarding.
João, do you want to give us a quick overview of what this feature is and what it's meant to do?
Yeah, absolutely. So one of the things that we've been thinking about for quite a while is that email is very important in people's lives.
Email is used for all sorts of scenarios from, well, your personal communications with family, with friends, with businesses as well.
And either you as a business or you receiving emails from businesses or asking for quotes or communicating with the government.
It's also used as your login for countless number of things.
Let's say your online banking, it's your login for Facebook.
If you want to send messages to people, you're most likely using your email address as a login.
And yet, most people still use and still only have one email address for all of those.
So the same email address they use to log into online banking is also the email address they use to sign up for 10% off your next purchase on whatever random website.
And that feels kind of dangerous. Like the recommendation is to have multiple email addresses and potentially even multiple mailboxes.
But we know that that's too hard for people to manage multiple mailboxes because there's one that you already check all day, every day, whether that's your work mailbox or your personal mailbox.
So there's a challenge in asking you, hey, keep four different open tabs or configure these four accounts to all receive somewhere.
And so we're making that extremely easy. If you already have a domain, all you need to do is go to Cloudflare.com, go to your dashboard.
Once it's live, obviously, because right now we're on a wait list period and we're slowly letting people in and experience our products.
But once it's your turn, once you see this, all you need to do is go to your dashboard on Cloudflare and select your domain, pick your domain there and select whatever email address.
So you're creating a new email address.
All you need to do is say, hey, this is joao .foto.com.
And I want all of those to land on joao.gmail.com, for instance, if that's the email that I keep checking all day.
And so this way I can have a separate email account that is from my own personal domain.
It's something that in the future, it may become my primary email address, or I may add a mailbox behind it.
But right now it's super, super useful because I can keep checking my own email account that I check, my mailbox that I check in regularly already and have all of my emails consolidated there.
And if I want, I can take it to a point where I can say all emails that come from whatever email address at foto.com at my domain, they will automatically be forwarded to joao .gmail.com.
But I can give different email addresses to different people and then I can go more granular and iterate on it.
So it's super, super simple.
You just create that rule. You say every email that comes to this domain.
So as I said, anything at foto.com in my example will be forwarded to this personal email address, or you can say that you want specific emails to be forwarded.
So it's as simple as it comes. And that was the main goal, make it available to everyone.
Make this thing of having multiple email addresses accessible to everyone without the hassle of having to check multiple mailboxes and eventually forgetting about them.
Yeah, that's one of the use cases. That's the one that I'm personally the most attached to because I've been doing this for a bit.
But also there's other use cases.
There's use cases of maybe you're a small business and you're getting started and you have emails that come to support at voto.com and I want to forward them to myself.
And I also have emails that come to sales at voto .com.
Let's say that's the name of my company. And so they also get redirected to me.
But as my company grows, maybe one of the things that I want to do is eventually I'll hire more people and I want to redirect these emails to different people.
And maybe eventually I'll want to get a mailbox for those things or I'll want to change them somehow.
But this gives you the flexibility of making those changes on the fly.
We don't have mailboxes. All we do is forwarding because, well, we're privacy first and we'll talk about it in a second.
But the most interesting part about our email service is really that what we do is we make something super, super straightforward.
And what we make super straightforward is really you being able to create as many email addresses as you want and direct them to the mailbox that you're already monitoring.
Thank you for explaining that.
That's so relatable, isn't it? I mean, for consumers who do not even have businesses who are just thinking about, I use the same email for my banking and also for promo code.
I'm the one who does that all the time. So it's a relatable problem.
But then changing gears, if you think about small businesses, they also have multiple email accounts that they need to manage.
And this is where the email routing comes in.
Thank you for explaining that. You mentioned it's more privacy focused.
I was wondering if you could change gears and talk about why privacy focused approach is so important to us and if you could elaborate that a bit.
Yeah. So Cloudflare is not in the business of buying data, selling data, or displaying advertising.
That's none of our business. Actually, a quote from our CEO, Matthew Prince, earlier today was, we think that data is toxic.
We don't want to have that data. We don't want to have personal data. We, of course, need a lot of data to operate our network.
But that's all anonymized. We only care about trends of what's happening around the Internet.
We don't care about the personal data of an individual.
And so for that reason, what we've done is we've built email forwarding right at the edge.
And we don't touch those emails. We do the absolute necessary.
And I'll pass it on to Celso in a second so that he can explain that in more detail.
But we do the absolute necessary just to forward the email as it comes.
We don't want to be in the business of actually looking inside of your emails to target ads to you.
We don't want to be in the business of hosting your emails and having a lot of your data living in our servers.
All we want to do is we help you get more mailboxes and feel safer online by letting you create as many email addresses as you want and forwarding those email addresses, as I explained earlier.
So Celso, we were talking a little bit about how we achieve this. Do you want to tell us a little bit more about that, about how email forwarding actually works?
Sure. So it's funny you mentioned Cloudflare's mission and principles.
And when we started discussing the email feature, it's funny because pretty much almost everyone in the team said, let's not deal with email storage or email queuing or looking into emails for any reason.
It was almost like an unanimous decision right from the beginning.
And so we basically designed this feature with privacy in mind from scratch.
And without going too technical, the way we did it is...
Oh, thanks for the screenshot. That's even better. So as we explained in the blog post, a typical email message, obviously this is a simplified view of email, but a typical message is made of three parts.
One is the envelope, which is part of the conversation protocol.
That's called the SMTP protocol.
And then the email itself, where you have the others and the body or the content of the email itself.
So the private parts of the email are basically in the others, which can describe things like addresses, the path that the email took before it got to the destination inbox and other details and the body itself where the content of the message is.
So others and bodies where the privacy and the personal data resides.
And what we're doing basically is doing some trickery and some changes only on the envelope.
So we receive the email for the domain.
We do a couple of changes on the envelope and we basically try to deliver that same email in real time to the upstream destination and SMTP server without touching the other or the envelope.
This has both the advantage of being as private or privacy preserving as possible and also keeping intact anti-spam and security-related protocols like SPF, DECIM and DMARC policies so that those don't break while we basically forward the email from the customer's domain to the upstream destination inbox.
So this was designed to be this way and in the future we'll do everything we can to keep this approach and make sure that we never need to actually change the content of the email itself or the others associated with that message.
Yeah, I love that this has friendly names. Contrary to a lot of things in technology, here you have a perfect analogy, right?
You have the envelope and the envelope has the destination of this email and inside you have letters and sometimes the letters have a header that tells you what's your address.
And so what we seem to be doing here is essentially we're changing the envelope.
We're just saying, hey, that's not the final destination. The final destination is somewhere else and so we put it inside a new envelope and we deliver this letter.
And that seems to be ideal because like this, let's say that I receive an email that came to joaoatputo .com and I receive it on my Gmail inbox.
What does it look like?
Does it say that it came from joaoatputo.com? Does it have the original sender?
What does it look like? It will preserve all the information that's visible to the client.
So changing the envelope doesn't change the email itself.
So the email you'll get at your Gmail account or whatever inbox you choose to forward your email to will be exactly the same as if you were receiving the email without doing any kind of forwarding.
That's one of the advantages of dealing with email forwarding at the envelope stage.
Right, right. So this is perfect because it looks exactly as I can see who sent this email to me.
I can see that it was sent to my whatever email address.
So even if I wanted to create some rules on my Gmail account, I could create some rules because I know that this one came for joaoatputo.com and not to, I don't know, newsletters at puto.com so I can differentiate between both of those.
So I know where it came from, where it was intended to, and as you mentioned, you have SPF that is maintained, you have DKIM that is maintained, so DMARC passes.
Should we talk a little bit more about why those things are important and how they are used?
Sure. So some of the challenges we had when we started designing this feature is how do you deploy something like this at scale in a network like Cloudflare, which is completely global.
So I think our last figures point to something like 17% of the Internet traffic comes through Cloudflare.
We have over 300 POPs across the globe. So how do we deploy this at a global scale while being completely secure and at the same time while pushing for important email security protocols and emerging technologies?
So as you said, Joao, currently we're making sure that SPF works, we're making sure that DKIM works and we're making sure that the DMARC policies don't break and that's completely assured by our solution.
On top of this, we're thinking about pushing for IPv6, doing a good job with anti-spam, which as I think you all know is a big problem with email.
So we're doing some of these at start, but we're definitely going to do a lot more moving forward and we're already discussing plans for that.
I'm sure there's a fine balance in terms of email. Going back a little bit to those things that are so important, as we mentioned, we mentioned a couple of times SPF, we mentioned a couple of times DKIM.
Those are things that contribute to your spam ranking, right?
It contributes to whether a message can land on your Gmail inbox and whether it lands on your inbox or on your spam folder, whether it even gets delivered.
Do you want to go into a little bit more detail about how those work?
Sure. So first of all, I think it's fair to say that email is broken.
It was badly designed during the 90s and over the years, we've been doing patches on top of a poorly designed protocol from the old days.
Which means that today you have a couple of emerging protocols running on the classical SMTP protocol that help you use email in a relatively secure way.
And the problem with anti-spam or email forging or email security in general can be simplified to IP reputation.
So basically what most people do is something so simple as I'm going to accept emails from this source, as long as I think it's secure, as long as I think it has a good reputation.
And this is where we think Cloudflare can do a really good job, because if someone knows the Internet deeply and is in a position to know where bad traffic and good traffic comes from or goes to, that's Cloudflare.
So as I said before, currently we're doing some IP reputation for anti-spam on top of supporting SPF, Dakim and other things.
But I think in the future Cloudflare will be in a privileged position to do a lot more for anti-spam and anti-abuse on email, because we do know a lot of IP reputation.
Yeah, anti-spam is definitely one of the biggest challenges nowadays, at least for me personally.
I've seen issues like my COVID test results recently landed on the spam folder.
And so have I not gone there and checked if it was marked as spam for any reason?
I didn't know that I had received those and I couldn't take my flight.
On the other hand, I think it must be a fine balance. On one hand, you don't want your emails to end up in spam when they're not spam.
But on the other hand, you don't want emails flooding your inbox when they're actually spam.
And so it must be a really fine balance also, because if we're routing emails through us, I think the other providers will think that it came from us.
Gmail could potentially say everything coming from Cloudflare is spam because we're sending too much spam there.
Is that a possibility, Celso?
I think there's so many ideas around anti -spam.
It's, again, from doing simple IP reputation, from building machine learning models, learning with the traffic you see, while preserving the privacy and personal data of our customers.
I can't go into the details, but again, I must say that Cloudflare is in a really privileged position to do a great job, a better job than most companies on the Internet today can do.
We definitely have the know-how and the scale and the know-how of what's going on the Internet to do a great job with anti-spam.
Yeah, it's definitely not the time to unveil what comes next in the next few months.
But we do believe that. We know so much about the Internet traffic and website and IP address reputation, and we know DNS better than most.
We're in a privileged position, as you've been mentioning, to really build a more reliable solution, something where you know that spam and phishing is being handled accordingly.
And yeah, we hope that we will provide you with a much better experience.
So, Apoorva, I'm going to pass it on back to you. Do you want to tell our viewers why this is wait-list still, and why can't I just go there and create a bunch of email addresses already?
They will soon be able to, but then there are a couple of unknown unknowns, obviously.
So, before we sort of open it for everyone, we wanted to take the approach of signing up to a wait-list, and then it'll be available to everyone shortly.
Stay tuned. Yes, yes. That's the way to do it.
We wouldn't want to have millions of emails flowing through us without having it first tested with thousands, and then tens of thousands, and hundreds of thousands, and we need to get there gradually.
So, we're opening up new spots every hour pretty much nowadays, and just enrolling new people and getting more people access to this product, and putting it to the paces.
And we also want your feedback, obviously.
There's a Cloudflare community. You can come there, send us feedback, send us questions, send us any feature requests.
We're also open for that, obviously.
And Twitter. We're also listening, obviously, to those channels, and we're also gathering feedback and answering questions there.
So, you can reach out in your preferred way.
Are there any prerequisite right now to avail this feature, Joao?
I'm sorry? Are there any prerequisite that you should have the DNS hosted on Cloudflare, or is that not going to be the case hereafter?
Can we talk about that?
We're going to take care of everything for the customer. Everything we launch at Cloudflare has simplicity in mind.
We're known by that, and this is no exception.
So, as soon as our customers get on board this feature, there will be a quick feature presentation, and then in one or two clicks, we'll basically configure the customer's domain to start receiving emails.
So, that includes setting up the MX records and the SPF DNS entries, and then the customer will be taken to a roles engine, where you can start creating custom addresses and whatever rules he wants to configure for each domain.
But everything will be that simple.
In fact, I think that one of the challenges we had, and I think we've managed to solve it pretty well, was to how do we turn complex technical things like SPF, for instance, and make it really easy to understand and to use for our customers.
And so, I think this is one of the features where we will do a good job simplifying things.
Yeah, I've definitely been on the other side of the table. I'm obviously not as technical as you are, Celso.
And so, the first time that I tried to configure email routing, email forwarding on a third party, it was so complicated.
I went there, I typed in my domain, it had to go check my domain, then it had to go and ask me to add a bunch of records to my DNS.
And so, I have a list where I needed to pick who is hosting my DNS, and that list was super long and with really complex instructions for someone not as technical.
And then we would have to go and edit those DNS records and wait for them to be valid, and then email would start flowing.
That would just not cut it for us. And so, for us in terms of prerequisites, well, for doing email routing, there's obviously two things.
One of them is you need to have an email, your own domain.
Then you can create as many email addresses as you want, but you need to have your own domain and again, you can either bring your own if you already have one, or you can create one with Cloudflare.
There's tons of options and you should totally do that. Then there's another prerequisite that is we are bringing this to people that have their DNS on Cloudflare at first.
And DNS at Cloudflare, there's even a free tier. And you may not have anything configured, but as long as you have access to your DNS on Cloudflare or DNS is connected to your domain, obviously, what you would need to do is there's a button on email routing that says configure my DNS and boom, one click, done.
No going there and entering MX records and SPF records and all of those things that Salsa just mentioned.
So, we wanted to make this available really to everyone and make this something that anyone can use and that everyone should have the right to stay safer online and to have a good experience when setting up their business, when organizing their digital lives, in fact.
So, those are the two things.
One of them, have a domain, bring it over to Cloudflare. It doesn't need to be hosted with us, but you need it there and connecting your Cloudflare DNS to it.
There is a quick question from some of our viewers. So, will this be available for all?
And will folks on the free plan be able to enjoy email routing? And when will it be available for people who have signed up for the beta access?
When will it be made available?
Yeah, that's an excellent question. Email routing will be available to everyone for free.
So, when it will open, well, it will open, it will become generally available once we have enough confidence in this.
But as I said, every hour, we're just enrolling more people.
So, join our wait list and we promise that it's worth the wait.
It's not going to be a super long one. Hopefully, it's a few hours to a few days, but depending on how much traffic we get, how many people are asking for it, but we promise that we'll get you in soon.
And yeah, that it's going to be worth your wait.