cloudflare · abstergail · Mar 27, 2026 · Mar 30, 2026
@@ -50,6 +50,83 @@ If you want to remove these records:
 
 ---
 
+## dc-##### and \_dc-mx subdomains
+
+You notice a `_dc-mx` or `dc-#####` subdomain in your DNS records that you did not create (for example, `_dc-mx.a1b2c3d4e5f6.example.com`).
+
+### Cause
+
+When your `SRV` or `MX` record resolves to a domain configured to [proxy](/dns/proxy-status/) through Cloudflare, Cloudflare automatically creates a DNS record that resolves to the origin IP address. This record ensures that mail or service traffic bypasses the Cloudflare proxy and reaches your server directly, while the proxy continues to work for all other traffic.
+
+The prefix of the auto-generated record depends on the record type that triggered it:
+
+- **MX records:** Cloudflare creates a record with the `_dc-mx` prefix (for example, `_dc-mx.a1b2c3d4e5f6.example.com`).
+- **SRV records:** Cloudflare creates a record with the `dc-` prefix (for example, `dc-a1b2c3d4e5f6.example.com`).
+
+#### How \_dc-mx records work
+
+Before using Cloudflare, suppose your DNS records for mail are as follows:
+
+`example.com MX example.com`
+
+`example.com A 192.0.2.1`
+
+After using Cloudflare and proxying the `A` record, Cloudflare provides DNS responses with a [Cloudflare IP address](/fundamentals/concepts/cloudflare-ip-addresses/) (`203.0.113.1` in the example below):
+
+`example.com MX example.com`
+
+`example.com A 203.0.113.1`
+
+Since proxying mail traffic through Cloudflare would break your mail services, Cloudflare detects this situation and creates a `_dc-mx` record:
+
+`example.com MX _dc-mx.a1b2c3d4e5f6.example.com`
+
+`_dc-mx.a1b2c3d4e5f6.example.com A 192.0.2.1`
+
+`example.com A 203.0.113.1`
+
+You can verify this behavior by querying your domain's MX records (replace `example.com` with your domain):
+
+```sh
+dig example.com mx +short
+```
+
+```sh output
+100 _dc-mx.a1b2c3d4e5f6.example.com.
+```
+
+The `_dc-mx` record resolves directly to your origin IP:
+
+```sh
+dig _dc-mx.a1b2c3d4e5f6.example.com a +short
+```
+
+```sh output
+192.0.2.1
+```
+
+### Solution
+
+These records are safe to leave in place — they ensure your mail traffic reaches your server correctly. Do not delete them directly, as Cloudflare will recreate them.
+
+If you want to remove a `_dc-mx` or `dc-#####` record, you must address the underlying proxy conflict:
+
+- If no mail is received for the domain, delete the `MX` record.
+- If mail is received for the domain, update the `MX` record to resolve to a separate `A` record for a mail subdomain that is not proxied by Cloudflare:
+
+  `example.com MX mail.example.com`
+
+  `mail.example.com A 192.0.2.1`
+
+  `example.com A 203.0.113.1`
+
+:::caution
+
+If your mail server resides on the same IP as your web server, your MX record will expose your origin IP address, since it is not hidden behind the Cloudflare proxy.
+:::
+
+---
+
 ## Incorrect results for DNS queries
 
 You notice DNS queries returning incorrect results even after you waited for the [TTL](/dns/manage-dns-records/reference/ttl/) to expire.

@@ -9,81 +9,72 @@ sidebar:
   order: 6
 ---
 
-import { Render } from "~/components";
+import { DashButton, Render } from "~/components";
 
 If you have issues sending or receiving mail, follow these troubleshooting steps.
 
 ## Are your records correct?
 
-Consult with your mail administrator or mail provider to ensure you have valid DNS record content.
+To check that your MX records are resolving correctly, run the following `dig` command in your terminal (replace `example.com` with your domain):
 
-## Are DNS records missing?
-
-Contact your mail administrator to confirm the DNS records for your domain are correct. Refer to our guide on [managing DNS records in Cloudflare](/dns/manage-dns-records/how-to/create-dns-records) if you need assistance to add or edit DNS records.
-
-## Do you have NS records configured?
-
-NS records are used to delegate the management of a hostname to another DNS provider (refer to [Delegate a subdomain (outgoing)](/dns/manage-dns-records/how-to/subdomains-outside-cloudflare/#delegate-a-subdomain-outgoing) for further context). If you have NS records configured on your DNS records table, confirm that these are expected and not generating conflicts.
-
-## Do you have CNAME flattening enabled?
-
-When [**CNAME flattening for all CNAME records**](/dns/cname-flattening/set-up-cname-flattening/) is on, queries to all `CNAME` records will flatten to an `A` record; no `CNAME` records will be returned.
-
-Also, if `CNAME` records are not returned by the queried nameserver (sometimes nameservers will return `TXT` records), this may result in nothing being returned when **CNAME flattening for all CNAME records** is on. Turning off this feature should fix any issues with your `CNAME` records not being returned.
+```sh
+dig example.com mx +short
+```
 
-## Is Cloudflare Spectrum enabled on your account?
+Alternatively, you can use a third-party tool to look up your MX records. For a list of options, refer to [Recommended third-party tools](/dns/reference/recommended-third-party-tools/).
 
-Cloudflare does not proxy traffic on port 25 (SMTP) unless [Cloudflare Spectrum](/spectrum/reference/configuration-options#smtp) is turned on and configured to proxy email traffic across Cloudflare. If you do not have Spectrum turned on, then no email traffic (SMTP) passes through Cloudflare, and Cloudflare only resolves the DNS. This also means that any DNS record used to send email traffic must be DNS-only to bypass the Cloudflare network. For more information, refer to [Identifying subdomains compatible with Cloudflare's proxy](/dns/proxy-status/).
+This returns a list of mail servers for your domain. Compare the output to the MX records on your Cloudflare DNS records page.
 
-## Contact your mail provider for assistance
+<DashButton url="/?to=/:account/:zone/dns/records" />
 
-If your email does not work shortly after editing DNS records, contact your mail administrator or mail provider for further assistance in troubleshooting so that data about the issue can be provided to Cloudflare support.
+If the mail server listed does not match your email provider's expected value, update the MX record content to the correct value. Check your email provider's setup documentation for the correct MX record values.
 
-## dc-######### subdomain
+## Are DNS records missing?
 
-The dc-##### subdomain is added to overcome a conflict created when your `SRV` or `MX` record resolves to a domain configured to [proxy](/dns/proxy-status/) to Cloudflare.
+If `dig` returns no results for your domain's MX records, your records may not have been created or may have been accidentally deleted.
 
-Therefore, Cloudflare will create a `dc-#####` DNS record that resolves to the origin IP address. The `dc-#####` record ensures that traffic for your `MX` or `SRV` record is not proxied (it directly resolves to your origin IP) while the Cloudflare proxy works for all other traffic.
+Even if your MX records are correct, missing email authentication records can cause delivery failures:
 
-For example, before using Cloudflare, suppose your DNS records for mail are as follows:
+- **Missing `SPF` record:** receiving servers cannot verify that your domain authorizes the sending server, which may cause messages to be rejected or marked as spam.
+- **Missing `DKIM` record:** messages cannot be cryptographically verified as originating from your domain, which reduces trust with receiving servers.
+- **Missing `DMARC` record:** receiving servers have no policy for handling messages that fail `SPF` or `DKIM` checks, which can lead to inconsistent delivery or spoofing of your domain.
 
-`example.com MX example.com`
+Refer to [Set up email records](/dns/manage-dns-records/how-to/email-records/) to add missing records.
 
-`example.com A 192.0.2.1`
+## Do your MX records point to a delegated subdomain?
 
-After using Cloudflare and proxying the `A` record, Cloudflare will provide DNS responses with a Cloudflare IP (`203.0.113.1` in the example below):
+`NS` records [delegate a subdomain](/dns/manage-dns-records/how-to/subdomains-outside-cloudflare/#delegate-a-subdomain-outgoing) to another DNS provider. If your MX record points to a subdomain that is delegated via `NS` records (for example, `mail.example.com`), the mail server records are managed by that external provider, not Cloudflare. Confirm that the external provider has the correct `A` or `AAAA` records for the mail subdomain.
 
-`example.com MX example.com`
+## Is CNAME flattening turned on?
 
-`example.com A 203.0.113.1`
+Some email providers require `CNAME` records for features like DKIM authentication or autodiscover. When [CNAME flattening](/dns/cname-flattening/) is turned on for all `CNAME` records, all `CNAME` records are flattened to `A` records, which can prevent email providers from reading these records correctly.
 
-Since proxying mail traffic to Cloudflare would break your mail services, Cloudflare detects this situation and creates a `dc-#####` record:
+If your email provider requires pointing to `CNAME` records and those records are not resolving as expected, [CNAME flattening](/dns/cname-flattening/set-up-cname-flattening/) may need to be turned off. 
 
-`example.com MX dc-1234abcd.example.com`
+## Is Cloudflare Spectrum turned on?
 
-`dc-1234abcd.example.com A 192.0.2.1`
+Cloudflare does not proxy email traffic (SMTP, port 25) by default. Unless you have explicitly configured [Cloudflare Spectrum](/spectrum/reference/configuration-options#smtp) to proxy SMTP traffic, email is delivered directly to your mail server and does not pass through the Cloudflare network. DNS records used for email should be set to [DNS-only](/dns/proxy-status/) to ensure mail traffic is not affected by the proxy.
 
-`example.com A 203.0.113.1`
+<DashButton url="/?to=/:account/:zone/spectrum" />
 
-Removing the `dc-######` record is only possible via one of these methods:
+## Is Email Routing turned on?
 
-- If no mail is received for the domain, delete the `MX` record.
-- If mail is received for the domain, update the `MX` record to resolve to a separate `A` record for a mail subdomain that is not proxied by Cloudflare:
+If [Email Routing](/email-routing/) is turned on, Cloudflare manages your MX records and may create additional DNS records automatically. You may also see [`_dc-mx` or `dc-#####` subdomains](/dns/manage-dns-records/troubleshooting/unexpected-dns-records/#dc--and-_dc-mx-subdomains) in your DNS if your MX records point to a proxied hostname.
 
-   `example.com MX mail.example.com`
+<DashButton url="/?to=/:account/:zone/email/routing" />
 
-   `mail.example.com A 192.0.2.1`
+If Email Routing is turned on but you use a different mail provider, the Email Routing MX records may conflict with your provider's records. You can [turn off Email Routing](/email-routing/setup/disable-email-routing/) to remove the managed records and configure your own.
 
-   `example.com A 203.0.113.1`
+---
 
-:::caution
+## Best practices for MX records on Cloudflare
 
-If your mail server resides on the same IP as your web server, your MX
-record will expose your origin IP address.
-:::
+<Render file="email-record-origin-ip" product="learning-paths" />
 
 ---
 
-## Best practices for MX records on Cloudflare
+## Still having email issues?
 
-<Render file="email-record-origin-ip" product="learning-paths" />
+If your DNS records are correct but email is still not working, contact your mail administrator or mail provider with the specific error or bounce message you are receiving. They can confirm whether the issue is with DNS resolution, mail server configuration, or message delivery.
+
+If your provider confirms the issue is related to Cloudflare, [contact Cloudflare support](/support/contacting-cloudflare-support/).
@@ -33,3 +33,9 @@ Depending on your zone configuration, you might have your DNS records unlocked.
 Select **View DNS records** for a list of the required `MX` and sender policy framework (SPF) records Email Routing is using.
 
 If you are having trouble with your account's DNS records, refer to the [Troubleshooting](/email-routing/troubleshooting/) section.
+
+## _dc-mx records
+
+If you see a DNS record with a `_dc-mx` prefix (for example, `_dc-mx.a1b2c3d4e5f6.example.com`), Cloudflare created it automatically. This record appears when your `MX` record points to a hostname that is [proxied](/dns/proxy-status/) through Cloudflare. The `_dc-mx` record resolves directly to your origin IP address so that mail traffic bypasses the proxy and reaches your mail server.
+
+For more information, refer to [dc-##### and _dc-mx subdomains](/dns/manage-dns-records/troubleshooting/unexpected-dns-records/#dc--and-_dc-mx-subdomains).