Cloudflare Email Service(blog.cloudflare.com) |
Cloudflare Email Service(blog.cloudflare.com) |
It would be interesting to send GDPR requests and have Cloudflare figure out all of the parties who got or use your mail.
It just seems like this is trying to force something that was never remotely designed for it.
Don't get me wrong, sending (and delivering) emails is genuinely hard. But we'll only know how good Cloudflare is at it after a couple years of real-world experience.
Cloudflare just filled a huge gap.
Sending and receiving is in my mind the easy part. The hardest part is to make this work with actual AI agents. This is the same problem as with sub-agent communication because you need to implement all kinds of additional fictionality to ensure the agent is not just responding for no good reason, go into loops, etc.
My $0.02 from experience.
If they establish a solid email solution I will likely use that for some of the projects I'm hosting there.
Looks better than fixed $20 for Resend.
I like Resend, a lot, but this is probably something I can't pass up, especially if it does what it says on the tin
It's next to impossible to get approved on Amazon SES now vs 10 years ago. I don't know why its so ridiculous difficult to use it for transactional verificaiton emails.
I see AWS screwing up and Cloudflare replacing it.
That’s a huge assumption unless you exclude several countries where people have a phone number but not really an email address (or even if they do, they may not know what an email address is) and exclude many very old (say, 70+) people who wouldn’t know what email is or what their email address is.
Moving on, I assumed the title meant the launch of a new consumer email service or platform. Reading the announcement, it’s not. That was disappointing to me.
That said, would be nice if CF offered an analog to gmail/m365 email, contacts and calendars as a service to go along side the application access. As it is, I'd probably use a subdomain for service based emails, separate from user emails if using this service.
Also, search is a bigger/harder issue to solve, assuming you want to support clients searching for emails without a full scan of their mailbox for matches.
Email is one of the most gatekept interfaces in the world.
Edit: didn't realize people were paying resend $20. AWS already exists at a low price and people pick them anyway, i'm sure they're fine.
It's an email sender that you can access through an API, or directly through Workers. For those who haven't been keeping up over the years, Workers is their product for running code on Cloudflare's platform directly (an AWS Lambda competitor, more or less) and they've been trying to make it the centerpiece of an ecosystem where you deploy your code to their platform and get access to a variety of tools: databases, storage, streaming, AI, and now email sending. All of this is stuff that AWS has had for years, but some people like Cloudflare more (I certainly do).
One thing that surprised me is the price-- Cloudflare's cloud offerings are usually much cheaper, and I've saved plenty of money by migrating from AWS S3 to Cloudflare's R2. This new offering is 3x the AWS price, though. Weird. Anyway, most small companies don't send enough email for it to matter.
But getting back to the consensus in the comments here: I'm not sure why people think that they'll be worse about policing spam than AWS SES, Azure Email, etc.
Cloudflare is (in)famous for not acting against spammers, fraud, piracy and other less savory groups that are hosting their stuff at/behind Cloudflare, so reasonably, people who've been affected by that are now afraid the same thing will happen with email.
We have reserved IPs for Email Service and will be protecting the reputation and fighting spam from originating on Email Service.
If we did not do so, our IPs would get flagged and then emails end up in spam or not delivered. That defeats the purpose of having a transactional Email Service. We're well aware of this.
I guess they got that reputation years ago when the founders (?) got into public spats about what they would and wouldn't host. AWS is more lawyers and committees and seems more anonymous, so people don't necessarily like it more but they do trust it to be what it looks like more.
Probably just a function of time and size.
For my small, personal email server, I just gave up on trying... I can deliver to Gmail and every other major email provider without issue, and even MS seems to be split into a couple different backing orgs.
For certain types of marketing and transactional emails, it's cheaper I think. AWS SES pricing doesn't include attachments. If you assume a maxed out 25MB email attachment body, I think the price comes out to be mostly similar, amortized at least.
But if you are sending basic text/mostly text transactional emails for stuff like password resets, then SES comes out ahead for sure.
c. 2022 Cloudflare had a free email sending service (via MailChannels) [0] until it was sunset in Aug 2024 [1].
[0] https://blog.cloudflare.com/sending-email-from-workers-with-...
[1] https://support.mailchannels.com/hc/en-us/articles/456589835... / https://archive.vn/xNLzv
Most cloud IP blocks already have very poor reputations, and or already on Spamhaus blacklists.
People have a right to choose to be upset. =3
[1] https://www.spamhaus.org/resource-hub/service-providers/how-...
Not sure if you read the announcement closely:
> Sending email that actually reaches inboxes usually means wrestling with SPF, DKIM, and DMARC records. When you add your domain to Email Service, we configure all of it automatically. Your emails are authenticated and delivered, not flagged as spam.
this service is batteries included. SES is not.
They could price per use, but it would have to start with a base fee that is about the same at 10,000 emails.
When the cost of spamming is near 0.00, all open platforms will be abused to the tilt. We have seen the email channel get less and less reliable with our own clients (password recovery, notifications and etc).
This might evolve into a couple of oligopolies (Microsoft 365 Outlook, Google Gmail, may be some legacy email providers like Yahoo) and if you want delivery you'd need to pay them, because they'd be the verifiers that you're not a spammer.
And these platforms will have a hell of time to fight the spammers that will create millions of email addresses and spam trough them.
$0.35 per 1,000 emails
Here are the limits:
"Your account may have daily sending limits based on Cloudflare's assessment of your account standing. "
Source: https://developers.cloudflare.com/email-service/platform/pri... https://developers.cloudflare.com/email-service/platform/lim...
Currently using ZeptoMail ($2.5 per 10,000 emails) but if this service by Cloudflare proves reliable once it reaches GA I'd be happy to switch.
I’ve been developing last three months by emailing Claude, with email threads mapping to an isolated workspace and claude -p. Works super well, especially when trying to get some coding done between everything else.
With right CLAUDE.md and a bit of workflow tooling this extends itself to building other kinds of agents as well. For example, I do my bookkeeping by emailing Claude my statements and receipts, which it then imports into a plain-text accounting system. And we’ve proven this in corporate environment as well, creating agent that can troubleshoot more complex issues by correlating diagnostic logs against product source code.
Once the basic “email agent” infrastructure is there, creating new agents becomes super simple.
Haha, great visual. Really illustrative of what these AI startups and bootstrapped indie developers are dealing with (and, if I had to guess, why most of them don't go anywhere).
Well that part was impressive. It looks like they focused on receiving emails, that is probably even worse, as I expect OpenAI/Anthropic to add such ability directly to agents, if it really is useful.
That's wild. $6M for an MCP server for SMTP?
I had the same thought when I read this part. The $6MM investment on Agent Mail is in serious trouble right now.
This is simply the framing device that all marketing needs to present these days.
"Please stop talking about the thing we can't stop talking about"
The problem is that once you're on the paid plan, you're exposed to unlimited risk if your worker goes crazy due to a stupid code bug or if you're hacked. As a solo dev, it's a risk I simply cannot take; I could wake to a bankruptcy bill from Cloudflare. Even as a company, an employee could sign you up and your accounts team would have no idea of the risk.
I am using Supabase at the moment, and see they have a hard cap now. and so does Vercel after they had some nightmare stories of large bills in the past.
I am not sure why / what CloudFlare think about this - or simply dont care.
I was reading the pricing page for workers and here is what it says there:
> To prevent accidental runaway bills or denial-of-wallet attacks, configure the maximum amount of CPU time that can be used per invocation by defining limits in your Worker's Wrangler file, or via the Cloudflare dashboard (Workers & Pages > Select your Worker > Settings > CPU Limits).
Link: end of example 4 section: https://developers.cloudflare.com/workers/platform/pricing/
For example 1 million requests to a Worker is only $0.30 and there's no bandwidth charge. Similar for R2, Pages, etc.
Also I believe their rate limiting rules have been completely free for one or two years now.
There are many services I wanted to use Workers for but ended up with some self hosted service simply because I can't properly limit my monetary risk here.
Source : post on x from an employee
Side note: the bills from cloudflare are much lower than the ones from AWS/Vercel when there's a mistake. The most I saw passing by was 150€, with Vercel and AWS > 10 k.
Things developers believe about email
[1] https://github.com/mlhpdx/email-origin [2] https://github.com/mlhpdx/email-delivery
Seems like you can only send email via the worker or REST API for now?
Can I send via SMTP? I'm using Supabase and it needs the SMTP credentials.
I can't find anything on the dashboard or on the docs, even though last year they said it supports SMTP [0]
My first thought in reading this would be using this service and the default mail app's structure to back end typical email protocols so you can still use a regular email client to access/use the system as a gateway.
That said, I still think Cloudflare is in a unique position to compete with gmail/m365 mail/calandar/contacts... possibly funding Thunderbird development to tighten the integration as a mail client.
For that matter, I still think cloudflare is in a good position to create a new
Cloudflare is very transparent about their prefixes and reverse DNS, which is generally a good thing for the ecosystem! But it makes it trivial for operators who want to block the entire service, and extremely bad for Cloudflare's deliverability.
And while there are many open blacklists which I have no doubt Cloudflare monitors, there are many (including soft spam-classification signals) that are proprietary and difficult/impossible to monitor other than by watching rates of actual customer/prospect replies and engagement.
Amazon SQS has similar dynamics, and its reputation is far from stellar.
(If the Cloudflare team is reading this, and I'm missing an on-ramp to a company purchasing dedicated IPs with distinct PTR records, I do apologize! I'm not seeing documentation about this, though.)
How's that compare?
From the dashboard link:
> Enable Email Sending Email Sending is currently only available with the Workers Paid plan. Upgrade your plan to start sending emails.
https://developers.cloudflare.com/email-routing/setup/mta-st...
However, I still think AWS SES is the gold standard of deliverability because of their constant monitoring of your reputation (bounces etc). I always combine it with SendOps (https://sendops.dev/) for easy setup and deep analytics to avoid those issues.
Disclaimer: I don't work for agentmail.
please no.
>Sending email that actually reaches inboxes usually means wrestling with SPF, DKIM, and DMARC records. When you add your domain to Email Service, we configure all of it automatically. Your emails are authenticated and delivered, not flagged as spam.
this is going to be an absolute nightmare for spam. i cant exactly block all of cloudflare...
it would be nice if anyone at cloudflare could write about how they plan to proactively reduce abuse of this feature, how they will respond to spam reports, what the punishment for abuse will be, etc.
I think the answer is somewhat the same as where we've gone with many HTTP servers: proof of work. Just like Captcha and more recently Cloudflare turnstile required you complete a task before you'd be able to access as website, senders should be required to complete a task before you'll accept their email.
It can even be a sliding scale: the higher you want the chances of the recipient seeing it to be, the more work you need to do.
However this also break emails considered "legitimate" by businesses, like marketing newsletters and other nonsense, which is why it'll likely never happen.
Even with those, the amount of farmed accounts from a reputable platforms is still high, and it will go higher with the cheap AI targeting that will make the texts much more well crafted and spam filters much more aggressive.
My other conjecture is that the big mail providers would have enough data to catch the spammers based on a number of signals.
...you know the one, where you have email preferences, and you only have "new messages" and "commercial offers" in the settings, and you uncheck the "commercial offers" and think you're sae. Then you get a spam email from them... check the preferences again, and there's a "new product notification" preference, checked by default, and you uncheck that too. Bam! another spam! "personalized offers" option appeared, check by default. "limited time offers". "value deals", etc.
Also Cloudflare is way cheaper compared to eg Sendgrid or Postmark.
Nothing I could do could convince them that I wasn't trying to do 'bad' stuff. Just gave up and decided not to use any AWS tech.
Just used GMail api to send email.
Again, using legitimate traffic to shim network spam is a common counterargument against black listing.
Of the approximate 274000 banned hosts I stare at... many nuisances are from Amazon, Azure, digital ocean, and Hetzner. I am sure Maildrill or Mailchimp does have legitimate use cases, but generally the majority of the traffic suggests otherwise. I am certainly biased in this opinion. =3
TBF, the demo app referenced in TFA and depending on how many emails you actually send for however many domains may well be a better option for me than my small MTA server.
In the real world those wins get eaten up by all the other ways CF are better (free egress, no cold start, cpu-time only duration billing).
My verdict: Workers wins on price by a lot.
Man-in-the-middle and gatekeeper of (large parts of) the web.
It's getting harder and harder to participate online without being subject to their surveillance and/or approval.
Also, the person who just wants to send a few 100 emails a month is actually far more likely to be a spammer. So it's also a way for them to eliminate those folks.
And lastly, the support burden can be high.
AWS has basically said they only want serious customers, let the other guys worry about the small senders.
Our initial blog covered most of Email Service's API and what you can expect from it in terms of deliverability, DNS records setup, etc. https://blog.cloudflare.com/email-service/
Email Service can definitely be used as a transactional email API, and it has everything you would expect like SDKs, binding, observability and more coming on the way
The agent angle in this post reflects what we're actually seeing from developers during our private beta. And the idea that an agent can have an inbox to communicate is a new piece in the developer toolbelt.
I can definitely understand some of the ire-- people are probably imagining how they'll try to contact Verizon and will get back a totally unhelpful email from ChatGPT when all they wanted was to talk to a real human for 5 minutes. Your blog post about hooking up agents to email probably speaks to that fear.
legit question: did you invite anyone that isn't doing agentic whatever during your beta?
In theory, Cloudflare should take those down, when requested by legal means, but that doesn't matter. How sure are we that they'll act differently for email, instead of trying to get rid of the reputation system instead?
> getting that email to not be rejected totally IS rocket science and it's simultaneously an art form known only to a handful of email nerds working at the core of the big email sending services
It really isn't, you need a clean IP and a clean domain, send handful of emails and you're pretty much whitelisted on most services out there. Maybe you'd say I'm one of the handful, but I personally know more than a handful others who also run their own email services, just like me, and besides the usual hassle of running your own service, as long as you don't spam, your emails will arrive as usual.
It's hard to appreciate how difficult this battle is when running at scale.
Just tangential, but maybe that is part of the problem, isn't it? Napkin math tells me that esch person in the world receives every month an e-mail from you, and you're obviously just one of hundres of providers, and only half of the population actially has e-mail... I think you get the point.
E-Mail got to the point where it's actually worse then physical mail to some degree. Physical mail at least has a hurdle for the sender, and it's easier to throw away without even looking at it. The amount of low-quality mail and annoying, unnecessary notifications I receive is just at a level where I really think of dropping e-mail except for absolute becessary services.
Giving you the benefit of the doubt and accepting your claim, doesn't that make you one of the people at least second-order responsible for the current state of affairs in email blocking? It would seem that your company, by dint of your volume, navigates roadblocks that the rest of us (ie. the 99.999% of Internet email servers and their admins), who aren't FAANG et al[1], have to deal with to get our users' legitimate email delivered.
If so, could you perhaps give us a brief explanation as to why an otherwise competent engineer can "follow all the best practices" with their server which has no known compromises[2], on an IP address they have controlled for, oh, let's say a full calendar year, and yet still can't get off those FAANG et al default-deny blocklists, but you can?[3]
A cynic might say that your service had a vested interest in paying for unimpeded access to those FAANG et al companies to get over the bar that the rest of us are unable to vault. A cynic might also say that those biggest of the big email services like it that way, because it drives more users to them at the expense of the rest of us 99.999%.
I'll try to remain open to the possibility that there are aspects of the industry I've not yet had any exposure to, and refrain from chimping out over having my users blocked through no fault of their own.
[1] Yes, I know, Facebook doesn't receive anywhere near as much email as they send, and Hotmail = Microsoft, etc. If I used an accurate acronym I could pat myself on the back for being Technically Correct, while nobody would know what the heck I was talking about.
[2] We shan't digress into a discussion of hardware/firmware/OS/application backdoors nor Snowden disclosures. It's not that hard to auto-install security updates and run a reasonably tight ship with no unnecessary attack surfaces.
[3] Or perhaps there aren't any default-deny blocklists at all, but in fact only much smaller default-allow whitelists? That would be cynical indeed.
In Spain, what they are doing, is the "lawful way", it's literally happening via the courts and judges. Do you think ISPs are blocking Cloudflare specifically just for fun, out of their own accord?
> Actual illegal sports streams are not impacted by Cloudflare being down, and Cloudflare is not the only impacted network.
Some are, many aren't. Cloudflare is indeed the only impacted network, at least for me. Which other networks are being blocked for you during the La Liga matches?
> For years, Spamhaus has observed abusive activity facilitated by Cloudflare’s various services. Cybercriminals have been exploiting these legitimate services to mask activities and enhance their malicious operations, a tactic referred to as living off trusted services (LOTS) [2].
> With 1201 unresolved Spamhaus Blocklist (SBL) listings [3], it is clear that the state of affairs at Cloudflare’s Connectivity Cloud looks less than optimal from an abuse-handling perspective. 10.05% of all domains listed on Spamhaus’s Domain Blocklist (DBL), which indicates signs of spam or malicious activity, are on Cloudflare nameservers
https://www.spamhaus.org/resource-hub/service-providers/too-...
Cloudflare is not perfect, but at least it been consistent about not becoming censorship service with very few exceptions where they banned something.
Id rather let criminals freely buy and use kitchen knives than let shady organizations control who is allowed to buy one.
Not defending spammers, but this comes across a smidge naive considering Cloudflare's overall footprint in the modern internet.
"Thanks for being a user of AgentMail - a lot of people use AgentMail for outbound (spin up and warm up inboxes, send sequences, handle replies), ..."
Yes, that's right. The first use case mentioned is to send automated outbound emails. "Cold prospecting" workflows are likely going to be a big slice of usage on the new Cloudflare service, as it seems to be on AgentMail.
Then how about not market it as "for agents" when said agents are just LLM output?
For example with SES I will get automatically suspended if my bounce rate is more than 10% or if my complaint rate is more than 0.1%.
There are serious financial penalties for robocallers who violate the Do Not Call list (in America, at least). Let's update those laws for the 21st century, shall we?
One long term hope: That domain name reputation eventually overtakes IP address reputation entirely.
There are also direct actions against cloudflare, but that's not what's taking everything down, is it?
Did I misunderstand something?
That's about as good of an answer as I can provide: keep sending smart people to the conferences!
If even a small fraction of legitimate email recipients altered their mail client settings to route "tipped" messages to their inbox, that would probably suffice to get senders to participate in the scheme. Senders are starved for high quality engagement data. Meanwhile, anything we can do to make spam less likely - on a relative scale - to reach the inbox in comparison to "legitimate" traffic, is a win.
Previously I was the spam cop for a big sender and saw up close all the ways our clients would try to weasel around it.
Remains to be seen if the block will remain in place or not, you could argue it goes against some other laws, but it has to be argued legally, just like how the block initially happened because La Liga went through the courts. So far us developers or people who visit more American websites tend to be hit the worst, since they're talking about "protecting" other matches too, in other sports, I'm guessing it'll get worse before it gets better.