I'm not sure why this announcement has generated so much irritation in the comments-- Cloudflare has been transitioning from "DDoS protection" to "AWS competitor" for many years now, and this is just their alternative to AWS SES.
It's an email sender that you can access through an API, or directly through Workers. For those who haven't been keeping up over the years, Workers is their product for running code on Cloudflare's platform directly (an AWS Lambda competitor, more or less) and they've been trying to make it the centerpiece of an ecosystem where you deploy your code to their platform and get access to a variety of tools: databases, storage, streaming, AI, and now email sending. All of this is stuff that AWS has had for years, but some people like Cloudflare more (I certainly do).
One thing that surprised me is the price-- Cloudflare's cloud offerings are usually much cheaper, and I've saved plenty of money by migrating from AWS S3 to Cloudflare's R2. This new offering is 3x the AWS price, though. Weird. Anyway, most small companies don't send enough email for it to matter.
But getting back to the consensus in the comments here: I'm not sure why people think that they'll be worse about policing spam than AWS SES, Azure Email, etc.
embedding-shape 1 days ago [-]
> But getting back to the consensus in the comments here: I'm not sure why people think that they'll be worse about policing spam than AWS SES, Azure Email, etc.
Cloudflare is (in)famous for not acting against spammers, fraud, piracy and other less savory groups that are hosting their stuff at/behind Cloudflare, so reasonably, people who've been affected by that are now afraid the same thing will happen with email.
ttul 1 days ago [-]
When it comes to email delivery, you can't ignore spam. It's the bane of existence of every email sending service and the number one business challenge in that segment. After all, orchestrating delivery over SMTP is not rocket science. But getting that email to not be rejected totally IS rocket science and it's simultaneously an art form known only to a handful of email nerds working at the core of the big email sending services...
embedding-shape 1 days ago [-]
Ok, but what about as a CDN/website-proxy/WAF? I know we don't have the same automated reputation-propagation as with email, but same thing supposedly happens there, where eventually you get turned off if you don't act on lawful requests, which is exactly why Cloudflare is unavailable in Spain during La Liga matches, because Cloudflare don't take piracy streams down.
In theory, Cloudflare should take those down, when requested by legal means, but that doesn't matter. How sure are we that they'll act differently for email, instead of trying to get rid of the reputation system instead?
> getting that email to not be rejected totally IS rocket science and it's simultaneously an art form known only to a handful of email nerds working at the core of the big email sending services
It really isn't, you need a clean IP and a clean domain, send handful of emails and you're pretty much whitelisted on most services out there. Maybe you'd say I'm one of the handful, but I personally know more than a handful others who also run their own email services, just like me, and besides the usual hassle of running your own service, as long as you don't spam, your emails will arrive as usual.
ttul 1 days ago [-]
I run an email sending service at scale (billions of messages per month, tens of millions of end users, thousands of customers). Most of our software development and operational effort revolves around abuse mitigation. That has been the case for 15 years. It's a cat-and-mouse game with two different mice: the senders, who are constantly trying to figure out how to get you to deliver their garbage; and the receivers, who are constantly trying to figure out how to block it. We're stuck in the middle.
It's hard to appreciate how difficult this battle is when running at scale.
chrisandchris 14 hours ago [-]
> billions of messages per month
Just tangential, but maybe that is part of the problem, isn't it? Napkin math tells me that esch person in the world receives every month an e-mail from you, and you're obviously just one of hundres of providers, and only half of the population actially has e-mail... I think you get the point.
E-Mail got to the point where it's actually worse then physical mail to some degree. Physical mail at least has a hurdle for the sender, and it's easier to throw away without even looking at it. The amount of low-quality mail and annoying, unnecessary notifications I receive is just at a level where I really think of dropping e-mail except for absolute becessary services.
embedding-shape 23 hours ago [-]
Right, I won't disagree with any of that, but I'm not sure how it's related to what I wrote either. Maybe I should have been more specific that I'm talking about hosting your own email, not hosting emails for others, which brings out a lot of other types of problems.
ttul 21 hours ago [-]
Apologies. When you said "email services" I thought you were implying "email services for use by others". Yeah, you can definitely run your own mail server in 2026 and I think the internet community should always strongly endorse being able to do so. Unfortunately, large email receivers have to make do with imperfect signals when making filtering decisions, and your traffic from a lonely IP that happens to have a bad neighbour might get blocked as collateral damage.
One long term hope: That domain name reputation eventually overtakes IP address reputation entirely.
i_think_so 20 hours ago [-]
> I run an email sending service at scale (billions of messages per month, tens of millions of end users, thousands of customers).
Giving you the benefit of the doubt and accepting your claim, doesn't that make you one of the people at least second-order responsible for the current state of affairs in email blocking? It would seem that your company, by dint of your volume, navigates roadblocks that the rest of us (ie. the 99.999% of Internet email servers and their admins), who aren't FAANG et al[1], have to deal with to get our users' legitimate email delivered.
If so, could you perhaps give us a brief explanation as to why an otherwise competent engineer can "follow all the best practices" with their server which has no known compromises[2], on an IP address they have controlled for, oh, let's say a full calendar year, and yet still can't get off those FAANG et al default-deny blocklists, but you can?[3]
A cynic might say that your service had a vested interest in paying for unimpeded access to those FAANG et al companies to get over the bar that the rest of us are unable to vault. A cynic might also say that those biggest of the big email services like it that way, because it drives more users to them at the expense of the rest of us 99.999%.
I'll try to remain open to the possibility that there are aspects of the industry I've not yet had any exposure to, and refrain from chimping out over having my users blocked through no fault of their own.
[1] Yes, I know, Facebook doesn't receive anywhere near as much email as they send, and Hotmail = Microsoft, etc. If I used an accurate acronym I could pat myself on the back for being Technically Correct, while nobody would know what the heck I was talking about.
[2] We shan't digress into a discussion of hardware/firmware/OS/application backdoors nor Snowden disclosures. It's not that hard to auto-install security updates and run a reasonably tight ship with no unnecessary attack surfaces.
[3] Or perhaps there aren't any default-deny blocklists at all, but in fact only much smaller default-allow whitelists? That would be cynical indeed.
pbronez 1 days ago [-]
What structural changes could we make to improve the situation?
ttul 22 hours ago [-]
That is such a great question and there is no easy answer. There have been enormous efforts to do better for at least the last 20 years. An entire organization, M3AAWG, was founded for that reason and it meets three times a year, bringing together all the people that matter for making the situation better. It's a great organization and the people are all really smart and awesome. The IETF is no slouch either, coming up with excellent new standards and improving existing ones, such as the recent update to DKIM.
That's about as good of an answer as I can provide: keep sending smart people to the conferences!
edoceo 1 days ago [-]
Signed senders?
b112 1 days ago [-]
It's simple, there's a standard, a new one, which takes into account SPF, DKIM, DMARC, ARC, and even DANE along with upcoming and purposed SPKF, DKIM+, DMARC2, and ARCv4. It should fix just about everything.
I always loved the hashcash concept and actually raised our original funding because of it (our Microsoft angels loved the idea of making spamming more expensive, and our Series A concept was tar-pitting to dissuade botnets). In the context of email sending services, we have a modern version of hashcash that we might at some point turn to. If someone can figure out how to tokenize sending at scale, then senders could pay recipients to open their emails by attaching a "tip" to each message.
If even a small fraction of legitimate email recipients altered their mail client settings to route "tipped" messages to their inbox, that would probably suffice to get senders to participate in the scheme. Senders are starved for high quality engagement data. Meanwhile, anything we can do to make spam less likely - on a relative scale - to reach the inbox in comparison to "legitimate" traffic, is a win.
pocksuppet 1 days ago [-]
Cloudflare acts on lawful requests during LaLiga matches. The problem is that the Spanish government doesn't want to bother doing things the lawful way because that takes too long. They want piracy to magically disappear and they'll randomly shut down more parts of the internet until it does. Actual illegal sports streams are not impacted by Cloudflare being down, and Cloudflare is not the only impacted network.
embedding-shape 23 hours ago [-]
> problem is that the Spanish government doesn't want to bother doing things the lawful way because that takes too long
In Spain, what they are doing, is the "lawful way", it's literally happening via the courts and judges. Do you think ISPs are blocking Cloudflare specifically just for fun, out of their own accord?
> Actual illegal sports streams are not impacted by Cloudflare being down, and Cloudflare is not the only impacted network.
Some are, many aren't. Cloudflare is indeed the only impacted network, at least for me. Which other networks are being blocked for you during the La Liga matches?
Dylan16807 22 hours ago [-]
The specific blocks don't go through courts and judges.
embedding-shape 22 hours ago [-]
Yes, the specific block of blocking Cloudflare in Spain during La Liga matches literally has gone through a court and been ordered by a judge, I'm not sure how you could have missed this. Judges have also dismissed the requests from Cloudflare and others to remove the "dynamic block" as there is collateral damage.
Dylan16807 21 hours ago [-]
My understanding was that cloudflare was being blocked by the same IP blocking list as everything else. And while that system went through courts, the list didn't.
There are also direct actions against cloudflare, but that's not what's taking everything down, is it?
Did I misunderstand something?
embedding-shape 21 hours ago [-]
The sites are directed to be blocked by IP and DNS, this is the list I suppose you're talking about, I'm not sure of any specific "system vs list" distinction. Since some of the sites are behind Cloudflare, some of the IPs are IPs used by Cloudflare for any customer, not just the streams, so then Cloudflare gets blocked wholesale, the collateral damage that we get to joyfully experience every game.
Remains to be seen if the block will remain in place or not, you could argue it goes against some other laws, but it has to be argued legally, just like how the block initially happened because La Liga went through the courts. So far us developers or people who visit more American websites tend to be hit the worst, since they're talking about "protecting" other matches too, in other sports, I'm guessing it'll get worse before it gets better.
thomas_gauvin 1 days ago [-]
Blog author chiming in here:
We have reserved IPs for Email Service and will be protecting the reputation and fighting spam from originating on Email Service.
If we did not do so, our IPs would get flagged and then emails end up in spam or not delivered. That defeats the purpose of having a transactional Email Service. We're well aware of this.
embedding-shape 1 days ago [-]
Will you also do this for other spammers using Cloudflare infrastructure, or just specifically for this email product?
> For years, Spamhaus has observed abusive activity facilitated by Cloudflare’s various services. Cybercriminals have been exploiting these legitimate services to mask activities and enhance their malicious operations, a tactic referred to as living off trusted services (LOTS) [2].
> With 1201 unresolved Spamhaus Blocklist (SBL) listings [3], it is clear that the state of affairs at Cloudflare’s Connectivity Cloud looks less than optimal from an abuse-handling perspective. 10.05% of all domains listed on Spamhaus’s Domain Blocklist (DBL), which indicates signs of spam or malicious activity, are on Cloudflare nameservers
I would note that Cloudflare has been doing better-- the SBL listings page mentioned in that article[1] shows only 47 active complaints, down from 1201 when the article was written 2 years ago. Many of those complaints are stale, too: I spot-checked a few (referencing the domains fireplacecoffee.com and expansionus.com) and the domains are expired and not being hosted by anyone.
Spamhaus itself is a shady and non transparent organization and basically one of reasons why its been so hard to actually run email service for decades.
Cloudflare is not perfect, but at least it been consistent about not becoming censorship service with very few exceptions where they banned something.
Id rather let criminals freely buy and use kitchen knives than let shady organizations control who is allowed to buy one.
computershit 20 hours ago [-]
> 10.05% of all domains listed on Spamhaus’s Domain Blocklist...are on Cloudflare nameservers
Not defending spammers, but this comes across a smidge naive considering Cloudflare's overall footprint in the modern internet.
Bender 1 days ago [-]
As someone that has managed very large outbound transactional email environments, email campaign platforms and some corporate email I just wanted to wish Cloudflare the best of luck on this endeavor. This is an entirely different animal from anything related to a CDN. Stay vigilant and don't let the cute and fuzzy bunnies ruin it for everyone else. They are evil and mischievous and will do whatever they technically can do.
creatonez 22 hours ago [-]
Agent-produced emails are by definition spam. Everyone should be reacting to this news by immediately blocking your service.
ttul 22 hours ago [-]
Recent outreach after creating an AgentMail account:
"Thanks for being a user of AgentMail - a lot of people use AgentMail for outbound (spin up and warm up inboxes, send sequences, handle replies), ..."
Yes, that's right. The first use case mentioned is to send automated outbound emails. "Cold prospecting" workflows are likely going to be a big slice of usage on the new Cloudflare service, as it seems to be on AgentMail.
ttul 22 hours ago [-]
If you take the approach of policing individual sender accounts with a strict anti-abuse policy, you have a chance of succeeding. I'm sure you have already discovered that the moment you allow anyone to sign up for an email sending account, the worst of the worst actors immediately take up the opportunity to do so! Cloudflare has a massive amount of data about web traffic and I would hope that this data can be recycled into effective threat detection and control. No doubt you already know this and have people working on it. Good luck!
chinathrow 24 hours ago [-]
> We're well aware of this.
Then how about not market it as "for agents" when said agents are just LLM output?
themafia 23 hours ago [-]
So what are the thresholds?
For example with SES I will get automatically suspended if my bounce rate is more than 10% or if my complaint rate is more than 0.1%.
wang_li 1 days ago [-]
I think you should put your money where your mouth is. For each spam message sent to a recipient server, you send $1000 to the recipient.
i_think_so 19 hours ago [-]
Make that penalty $1 per (so the discussion can be taken seriously) and I will not only support your proposal, I'll volunteer my time and effort in encouraging Congresscritters to vote for it.
There are serious financial penalties for robocallers who violate the Do Not Call list (in America, at least). Let's update those laws for the 21st century, shall we?
sixhobbits 1 days ago [-]
I'm not sure if it's a correct impression but my impression is still that AWS is the "devil you know" and Cloudflare is less predictable with more individual decision making from high ups.
I guess they got that reputation years ago when the founders (?) got into public spats about what they would and wouldn't host. AWS is more lawyers and committees and seems more anonymous, so people don't necessarily like it more but they do trust it to be what it looks like more.
Probably just a function of time and size.
pocksuppet 1 days ago [-]
Cloudflare will predictably shut down your account until you pay $150k. They will not transfer out any of your domains or files - they will be inaccessible until you pay $150k.
b2m9 1 days ago [-]
Excuse me, what are you referring to?
foolswisdom 1 days ago [-]
There have been stories about people with heavy internet traffic (generally media streaming I think) being more or less shut down unless they upgrade their cloudflare plan (to enterprise I guess). Some were posted on HN in the past.
NoahZuniga 24 hours ago [-]
And a gambling site
el_sinchi 17 hours ago [-]
[dead]
1 days ago [-]
navigate8310 1 days ago [-]
I've used their email relay services to forward it to my Microsoft account, every forward is rejected by Microsoft due to spam generated by Cloudflare. So I don't have much faith at least in their email services.
tracker1 1 days ago [-]
Of all email services, delivery to MS hosted systems is absolutely the worst to deal with. It's completely opaque and almost impossible to resolve most of the time. They tend to direct you to paid channels to try to mitigate issues instead of actually responding to complaints for false positive flagging as spam.
For my small, personal email server, I just gave up on trying... I can deliver to Gmail and every other major email provider without issue, and even MS seems to be split into a couple different backing orgs.
magguzu 22 hours ago [-]
This isn't unique to Cloudflare. Microsoft email spam filter absolutely sucks. I hit it a lot too from my small provider.
tentacleuno 19 hours ago [-]
I recall them actually marking Microsoft emails as spam. Not sure if that's even changed.
Onavo 1 days ago [-]
> Cloudflare's cloud offerings are usually much cheaper, and I've saved plenty of money by migrating from AWS S3 to Cloudflare's R2. This new offering is 3x the AWS price, though. Weird. Anyway, most small companies don't send enough email for it to matter.
For certain types of marketing and transactional emails, it's cheaper I think. AWS SES pricing doesn't include attachments. If you assume a maxed out 25MB email attachment body, I think the price comes out to be mostly similar, amortized at least.
But if you are sending basic text/mostly text transactional emails for stuff like password resets, then SES comes out ahead for sure.
m463 17 hours ago [-]
they are a gatekeeper, and along with DDOS protection, they are also setting defacto internet policies, like what browser you should use to access websites.
EGreg 1 days ago [-]
Can Cloudflare do an SMS service? That would be something :)
Joel_Mckay 1 days ago [-]
Almost every SaaS (Spam as a Service) API ends up arguing its minority of legitimate users are a justified excuse for the majority of nuisance traffic.
Most cloud IP blocks already have very poor reputations, and or already on Spamhaus blacklists.
People have a right to choose to be upset. =3
Meekro 1 days ago [-]
My experience has been the opposite of what you're saying: AWS SES (one of AWS's flagship products, and probably the biggest email sender in the world) is a pretty responsible anti-spam citizen. Spamhaus even wrote this article[1] praising SES's anti-spam efforts. From the article: "Amazon SES has a long-standing relationship with Spamhaus, working closely to prevent suspicious IPs and domains from impacting their network." Though I'm sure that new incidents come up daily, Spamhaus themselves seem to disagree with the notion that SES's IP blocks have "poor reputations."
Whatever IP people temporarily host on a cloud incurs the prior users reputation.
Again, using legitimate traffic to shim network spam is a common counterargument against black listing.
Of the approximate 274000 banned hosts I stare at... many nuisances are from Amazon, Azure, digital ocean, and Hetzner. I am sure Maildrill or Mailchimp does have legitimate use cases, but generally the majority of the traffic suggests otherwise. I am certainly biased in this opinion. =3
tracker1 1 days ago [-]
Are those hosts using hosted VPS instances, or are they sending through SES? There's a pretty significant difference... FWIW, I get why a lot of VPSes simply block email hosting altogether. It makes it a bit harder for me to find a host for my own small server, but I do understand the pain. Some services are better or worse, and I can imagine at the scale of many cloud hosts, trying to keep the IPs for general hosting out of blocklists would impact the bottom line more than reputational damage for a handful of legit email hosting accounts.
TBF, the demo app referenced in TFA and depending on how many emails you actually send for however many domains may well be a better option for me than my small MTA server.
jiveturkey 19 hours ago [-]
> One thing that surprised me is the [high] price [vs SES for example]
Not sure if you read the announcement closely:
> Sending email that actually reaches inboxes usually means wrestling with SPF, DKIM, and DMARC records. When you add your domain to Email Service, we configure all of it automatically. Your emails are authenticated and delivered, not flagged as spam.
this service is batteries included. SES is not.
arpinum 1 days ago [-]
The pricing is disappointing. I'm surprised Cloudflare has not tried to compete on price against AWS lately after a good start with R2. Queues, database storage, database writes, worker invocation all more expensive than the AWS offering.
TurdF3rguson 19 hours ago [-]
Can you back that up with a link? You're saying Lambda is cheaper than Workers?
ignoramous 20 hours ago [-]
> One thing that surprised me is the price-- Cloudflare's cloud offerings are usually much cheaper ... This new offering is 3x the AWS price, though. Weird.
c. 2022 Cloudflare had a free email sending service (via MailChannels) [0] until it was sunset in Aug 2024 [1].
Cloudflare is spending years of goodwill earned through technical skill, trending towards AI enshittification starting with their blog posts and vibe coded features/products.
Meekro 1 days ago [-]
I also kind of rolled my eyes at the blog post and its obsessive focus on "agents" -- definitely feels like a solution looking for a problem. But the email-sending product being promoted is probably ok, right? They just happened to write a lot of words observing that ChatGPT can, in fact, call sendmail() through their platform (if you give it access) -- a fact that shouldn't surprise anyone.
thomas_gauvin 1 days ago [-]
Blog author chiming in:
Our initial blog covered most of Email Service's API and what you can expect from it in terms of deliverability, DNS records setup, etc. https://blog.cloudflare.com/email-service/
Email Service can definitely be used as a transactional email API, and it has everything you would expect like SDKs, binding, observability and more coming on the way
The agent angle in this post reflects what we're actually seeing from developers during our private beta. And the idea that an agent can have an inbox to communicate is a new piece in the developer toolbelt.
Meekro 1 days ago [-]
Thanks for the clarification! Sounds like some developers, including your beta users, are experimenting with new ideas (which includes plugging agents into different workflows to see what happens), while old farts like myself bemoan AI getting plugged into everything and every app sprouting "Ask AI" buttons that they never asked for or wanted.
I can definitely understand some of the ire-- people are probably imagining how they'll try to contact Verizon and will get back a totally unhelpful email from ChatGPT when all they wanted was to talk to a real human for 5 minutes. Your blog post about hooking up agents to email probably speaks to that fear.
fernandotakai 1 days ago [-]
>The agent angle in this post reflects what we're actually seeing from developers during our private beta.
legit question: did you invite anyone that isn't doing agentic whatever during your beta?
tracker1 1 days ago [-]
It's most likely people doing active development, willing to experiment on a test/beta platform... which probably correlates strongly with those testing/trying agent based workflows.
Meekro 1 days ago [-]
Thomas can probably speak to this better, but as someone who has participated in other Cloudflare betas: there's usually a button or a form and you can request access.
dbbk 1 days ago [-]
It's just email man you do not need to throw an AI buzzword in front of everything
gardnr 1 days ago [-]
It's like the author handed the copy to the editor who then added a new broken sentence after each original sentence that somehow jams "agents" in there.
gpi 1 days ago [-]
Unfortunate situation. Also, what is cloudflare exactly? They seemed to have diversified a tad much.
foresto 1 days ago [-]
> what is cloudflare exactly?
Man-in-the-middle and gatekeeper of (large parts of) the web.
It's getting harder and harder to participate online without being subject to their surveillance and/or approval.
gpi 1 days ago [-]
That's a good way to put it.
austhrow743 15 hours ago [-]
Just a cloud dev infrastructure provider like Amazon Web Services or Google Cloud Platform.
pfortuny 1 days ago [-]
Cloudflare is, believe it or not, the owner of several IP blocked by Telefonica in Spain durong football matches. Soon to be tennis, basket, too.
i_think_so 19 hours ago [-]
[dead]
freefaler 1 days ago [-]
A classic "the tragedy of the commons" with the SMTP protocol.
When the cost of spamming is near 0.00, all open platforms will be abused to the tilt. We have seen the email channel get less and less reliable with our own clients (password recovery, notifications and etc).
This might evolve into a couple of oligopolies (Microsoft 365 Outlook, Google Gmail, may be some legacy email providers like Yahoo) and if you want delivery you'd need to pay them, because they'd be the verifiers that you're not a spammer.
And these platforms will have a hell of time to fight the spammers that will create millions of email addresses and spam trough them.
Youden 1 days ago [-]
I don't think the protocol is necessarily the problem. For example we don't say the HTTP protocol is the problem when spammers abuse website comment forms or forums, we say it's the server on the other side.
I think the answer is somewhat the same as where we've gone with many HTTP servers: proof of work. Just like Captcha and more recently Cloudflare turnstile required you complete a task before you'd be able to access as website, senders should be required to complete a task before you'll accept their email.
It can even be a sliding scale: the higher you want the chances of the recipient seeing it to be, the more work you need to do.
However this also break emails considered "legitimate" by businesses, like marketing newsletters and other nonsense, which is why it'll likely never happen.
freefaler 1 days ago [-]
The legacy compatibility of the protocol has brought all the hacks on top of it for identity verification like SPF, DMARC, DKIM ...
Even with those, the amount of farmed accounts from a reputable platforms is still high, and it will go higher with the cheap AI targeting that will make the texts much more well crafted and spam filters much more aggressive.
My other conjecture is that the big mail providers would have enough data to catch the spammers based on a number of signals.
xhkkffbf 1 days ago [-]
I've gotten my email routed to spam even though it never left the Google cloud. They don't say, "Gosh, this is coming from inside the house. Therefore it's trustworthy." Nope. The push legit mail from other Google hosted domains into spam without a second thought.
nutjob2 1 days ago [-]
I've had emails from Google end up in spam and I'm using Google Workspace, it's driven by what people flag as spam, not domain trust.
ajsnigrutin 1 days ago [-]
I'd be happy if we at least started punishing the large, well known and established companies for spamming us...
...you know the one, where you have email preferences, and you only have "new messages" and "commercial offers" in the settings, and you uncheck the "commercial offers" and think you're sae. Then you get a spam email from them... check the preferences again, and there's a "new product notification" preference, checked by default, and you uncheck that too. Bam! another spam! "personalized offers" option appeared, check by default. "limited time offers". "value deals", etc.
nope1000 1 days ago [-]
It's funny. All the examples they show in the blogpost are just things that were already pretty easy without agents. Sending an email when the CI pipeline passes, when a support request is incoming, when an order is shipped. I think we haven't found a problem for this solution.
written-beyond 1 days ago [-]
The problem is how bullshit transactional emails are when you're outside of AWS. If you're not expecting to use 10,000 emails a month but would like the option to go over the free tier without committing to 10,000 more. Just let me pay per use FFS.
jedberg 1 days ago [-]
The reason AWS does that is because there is a lot of base level work to verify you as "not a spammer" and to keep verifying you. So this is their way of making sure you pay the base cost.
They could price per use, but it would have to start with a base fee that is about the same at 10,000 emails.
written-beyond 1 days ago [-]
The base fee doesn't need to be monthly, they can take $50 dollars as a one time registration verification fee. That should be enough to cover their compute costs for the year, specially when you pool in that from multiple customers. Who is spamming with 100 monthly emails? How much compute do they need to verify you aren't spamming. They can bake all of that into the pay per use price, they choose not to and I'm glad cloudflare is offering this.
jedberg 1 days ago [-]
Maintaining the reputation of an IP address is the issue here. If one bad actor sends just a few emails that get marked as spam, the entire IP gets marked as bad. That's basically what you're paying for.
Also, the person who just wants to send a few 100 emails a month is actually far more likely to be a spammer. So it's also a way for them to eliminate those folks.
And lastly, the support burden can be high.
AWS has basically said they only want serious customers, let the other guys worry about the small senders.
purrcat259 24 hours ago [-]
Scaleway TEM offer pay per use. I moved off of resend when my side project went beyond their free tier and now pay <0.5€ a month
ghoshbishakh 1 days ago [-]
Pricing:
$0.35 per 1,000 emails
Here are the limits:
"Your account may have daily sending limits based on Cloudflare's assessment of your account standing. "
Currently using ZeptoMail ($2.5 per 10,000 emails) but if this service by Cloudflare proves reliable once it reaches GA I'd be happy to switch.
chrysoprace 18 hours ago [-]
Unless I've misunderstood something, the Cloudflare price is like 3x of AWS SES. It probably won't matter for small scale products, but it definitely makes a difference at a large scale.
pier25 17 hours ago [-]
You have to use AWS though :)
Also Cloudflare is way cheaper compared to eg Sendgrid or Postmark.
ghoshbishakh 23 hours ago [-]
Why not use SES?
vlod 20 hours ago [-]
It is a major pita dealing with the SES team. I originally wanted to send email from my web app (simply notification flow. i.e. you have a new request from user-123) and it is (IMHO) impossible to get past them. They won't tell you any reasons why. (Because they don't want devs gaming the system).
Nothing I could do could convince them that I wasn't trying to do 'bad' stuff. Just gave up and decided not to use any AWS tech.
Just used GMail api to send email.
pier25 22 hours ago [-]
I just avoid AWS as much as I can.
hardsnow 1 days ago [-]
I seriously think this great! I’ve been saying that email is the right interface for agents for a while now. It is available anywhere, natively threaded, and works for asynchronous long-form communication. Comes with great clients as well.
I’ve been developing last three months by emailing Claude, with email threads mapping to an isolated workspace and claude -p. Works super well, especially when trying to get some coding done between everything else.
With right CLAUDE.md and a bit of workflow tooling this extends itself to building other kinds of agents as well. For example, I do my bookkeeping by emailing Claude my statements and receipts, which it then imports into a plain-text accounting system. And we’ve proven this in corporate environment as well, creating agent that can troubleshoot more complex issues by correlating diagnostic logs against product source code.
Once the basic “email agent” infrastructure is there, creating new agents becomes super simple.
Oof. I know of a startup that recently Show HN'd here, the agent mail.to, that is NOT having a good time right now. I don't know what all these new startups having moats thinner than Durex are thinking -- like, what the plan if someone does what you do, faster and cheaper?
bridgetburch 1 days ago [-]
I'm building something similar (Dead Simple Email - same category, different pricing structure). The moat criticism is fair and worth being honest about.
The defensible part isn't the feature set, it's infrastructure and price. We run our own mail servers rather than reselling SES, which gives us direct control over deliverability and costs. That's what lets us charge $29/mo for 100 inboxes where AgentMail is at $200. Whether that's a real moat or just a head start is a legitimate question.
Email deliverability is genuinely hard to get right at scale, but I can't say with confidence they won't eventually just absorb this. Building fast and staying cheap is the only real answer I have to that.
FlyingSnake 1 days ago [-]
“Each agent gets its own identity from a single domain.“ That too on the edge, along with the futuristic CF Dev primitives.
I had the same thought when I read this part. The $6MM investment on Agent Mail is in serious trouble right now.
nozzlegear 1 days ago [-]
> new startups having moats thinner than Durex are thinking
Haha, great visual. Really illustrative of what these AI startups and bootstrapped indie developers are dealing with (and, if I had to guess, why most of them don't go anywhere).
CWwdcdk7h 1 days ago [-]
> We raised $6M in Seed Funding
Well that part was impressive. It looks like they focused on receiving emails, that is probably even worse, as I expect OpenAI/Anthropic to add such ability directly to agents, if it really is useful.
strbean 22 hours ago [-]
> It looks like they focused on receiving emails
That's wild. $6M for an MCP server for SMTP?
Kye 1 days ago [-]
Classic "is this a feature or a product?" problem. You're going to have a bad time if you spend all your effort on a feature and nothing to set it apart.
delfinom 1 days ago [-]
Write an angry blog post about how big business is using their power to kill their _totally_ unique original idea that nobody could possibly copy in a hour?
Hendrikto 1 days ago [-]
The plan is to have exited by then. These people are mostly just grifters.
moribvndvs 1 days ago [-]
While we’re adding antiquated and shitty ways to interface with your agent, can we add fax support? Maybe direct-to-mail service for postcards and flyers?
tclancy 1 days ago [-]
I knew I hung onto that C64 cassette player for a reason! Beyond the new Sturgill album, I mean.
verdverm 1 days ago [-]
This has been possible for many years, before agents were a thing. They will open the mail and scan the contents into a pdf for you, requires filing a form with the post office. It gets expensive because they nickel and dime you where they can. There are many more services should you wish to send snail mail.
As an aside, this company's services seem incredibly sketchy - they let you have fake residential or commercial addresses so you can pretend to have a US office or other address
doublerabbit 1 days ago [-]
Can we go minidisc if we're going for obsolete tech?
TechSquidTV 1 days ago [-]
I feel like a lot of folks down here are focusing too much on the agent part. That's purely marketing. No one who worked on the service, I am sure, was building exclusively for agent usage.
This is simply the framing device that all marketing needs to present these days.
bakugo 1 days ago [-]
Of course it's just marketing, but that doesn't mean it's above criticism, especially when it's shoved so hard down our throats.
"Please stop talking about the thing we can't stop talking about"
amazingamazing 1 days ago [-]
More spam at scale. I wish recipients of email had more control over the conditions to which the email is delivered to them, rather than after the fact curation…
synkarius 1 days ago [-]
Along these lines, I am experimenting with a two-tiered system where I use Proton's sieve filters to create a sender/cc/bcc whitelist for personal emails (which alert my phone) and a non-Proton collection of burnable aliases for everything else (which do not alert my phone). It doesn't solve the problem completely, but it is mitigating it pretty well so far.
pupppet 1 days ago [-]
After ticking every documented box to get out of AWS SES sandbox mode and being told nope and we can't tell you why, I'm all for this.
woodylondon 1 days ago [-]
I would pay for Cloudflare Workers Paid ($5) in a heartbeat and currently use the free version of cloudflare for all my DNS / Hosting etc. Where it does not meet my needs i have Dokpoly + Digital Ocean. I would use CloudFlare Containers. I currently pay for resend.com for all my email API needs.
The problem is that once you're on the paid plan, you're exposed to unlimited risk if your worker goes crazy due to a stupid code bug or if you're hacked. As a solo dev, it's a risk I simply cannot take; I could wake to a bankruptcy bill from Cloudflare. Even as a company, an employee could sign you up and your accounts team would have no idea of the risk.
I am using Supabase at the moment, and see they have a hard cap now. and so does Vercel after they had some nightmare stories of large bills in the past.
I am not sure why / what CloudFlare think about this - or simply dont care.
gls2ro 15 hours ago [-]
I think it is possible.
I was reading the pricing page for workers and here is what it says there:
> To prevent accidental runaway bills or denial-of-wallet attacks, configure the maximum amount of CPU time that can be used per invocation by defining limits in your Worker's Wrangler file, or via the Cloudflare dashboard (Workers & Pages > Select your Worker > Settings > CPU Limits).
Limiting CPU time for a single invocation of a worker is more for catching bugs in code that is using more CPU than expected and is not whatsoever effective as a hard limit on spending...
weird-eye-issue 17 hours ago [-]
Have you done the math on this because it's actually very, very difficult to blow up your Cloudflare bill compared to something like Vercel or Firebase.
For example 1 million requests to a Worker is only $0.30 and there's no bandwidth charge. Similar for R2, Pages, etc.
Also I believe their rate limiting rules have been completely free for one or two years now.
laurisbernhart 23 hours ago [-]
100% agree. Spending limits for Workers would be a game changer.
There are many services I wanted to use Workers for but ended up with some self hosted service simply because I can't properly limit my monetary risk here.
NicoJuicy 1 days ago [-]
They are working on it
Source : post on x from an employee
Side note: the bills from cloudflare are much lower than the ones from AWS/Vercel when there's a mistake. The most I saw passing by was 150€, with Vercel and AWS > 10 k.
TimCTRL 1 days ago [-]
> Everyone already has an email address
Things developers believe about email
AtNightWeCode 1 days ago [-]
Or the even worse category. People sharing email.
arkaoss 1 days ago [-]
There is not much developers UNDERSTAND about email, let alone believe... There's soo much to read into this product.. and it boils down to JASS ( just another spam source) .
mlhpdx 1 days ago [-]
I’ll have to take a look at this as a way to move off my homegrown serverless email on AWS. Doesn’t look like it has parity with being able to send email from many subsystems safely (with delay and veto)[1], but is pretty close on the receive side automation[2].
Not to oversimplify the issue... but you could probably run a small VPS and SMTP relay service that requires tls+auth and just relays all email from your domain through to API calls. You could probably get something operational in a couple hours with Claude Code.
My first thought in reading this would be using this service and the default mail app's structure to back end typical email protocols so you can still use a regular email client to access/use the system as a gateway.
That said, I still think Cloudflare is in a unique position to compete with gmail/m365 mail/calandar/contacts... possibly funding Thunderbird development to tighten the integration as a mail client.
For that matter, I still think cloudflare is in a good position to create a new
karimf 24 hours ago [-]
Oh yeah for sure. At that point, using SES is probably a better option compared to running a VPS just for SMTP. I posted that to let them know that SMTP support is a requirement for some developers.
scrollaway 23 hours ago [-]
Yeah one of their devs (https://news.ycombinator.com/threads?id=thomgo) said SMTP will be available, but I cannot find any info on this either. I'm glad to be switching from the horror that is Sendgrid, though. I migrated a few projects that have basic contact forms and it's been super easy so far.
cdrnsf 1 days ago [-]
If I get one email from your agent, I'm torching your entire domain.
Cloudflare is very transparent about their prefixes and reverse DNS, which is generally a good thing for the ecosystem! But it makes it trivial for operators who want to block the entire service, and extremely bad for Cloudflare's deliverability.
And while there are many open blacklists which I have no doubt Cloudflare monitors, there are many (including soft spam-classification signals) that are proprietary and difficult/impossible to monitor other than by watching rates of actual customer/prospect replies and engagement.
Amazon SQS has similar dynamics, and its reputation is far from stellar.
(If the Cloudflare team is reading this, and I'm missing an on-ramp to a company purchasing dedicated IPs with distinct PTR records, I do apologize! I'm not seeing documentation about this, though.)
8organicbits 21 hours ago [-]
Pushing agent workflows over email has some risks not present for HTTP. Transit security is still a problem for email as we're stuck in the opportunistic encryption stage. If you decide to use email-based agents, look into MTA-STS as a way to prevent downgrade attacks. It looks like Cloudflare supports this, but it isn't enabled by default or called out in the on-boarding process.
Thanks, hiding the pricing under a submenu called "Platform" is an .. interesting design choice
balupton 1 days ago [-]
No mention in the announcement that it is restricted to the paid plans. Also no mentioned of it in the paid plan comparison.
From the dashboard link:
> Enable Email Sending
Email Sending is currently only available with the Workers Paid plan. Upgrade your plan to start sending emails.
fny 24 hours ago [-]
I've been very happy with agentmail.to for a while with great success. You get 3K free emails per month with 3 inboxes. Paid tier starts at $0.20 per 1000 emails.
Disclaimer: I don't work for agentmail.
ksajadi 1 days ago [-]
I think this is going to be a really good service: the service can be used easily with Workers making it super easy to not only send transactional emails but use it for forms embedded in Pages. I am very much looking forward to using this.
However, I still think AWS SES is the gold standard of deliverability because of their constant monitoring of your reputation (bounces etc). I always combine it with SendOps (https://sendops.dev/) for easy setup and deep analytics to avoid those issues.
john_strinlai 1 days ago [-]
>Everyone already has an email address, which means everyone can already interact with your application or agent. And your agent can interact with anyone.
please no.
>Sending email that actually reaches inboxes usually means wrestling with SPF, DKIM, and DMARC records. When you add your domain to Email Service, we configure all of it automatically. Your emails are authenticated and delivered, not flagged as spam.
this is going to be an absolute nightmare for spam. i cant exactly block all of cloudflare...
it would be nice if anyone at cloudflare could write about how they plan to proactively reduce abuse of this feature, how they will respond to spam reports, what the punishment for abuse will be, etc.
cuu508 1 days ago [-]
Sure you can, look at Spain ;-)
tredre3 20 hours ago [-]
> i cant exactly block all of cloudflare...
That's what potential buyers are counting on. Pricing is decent, but imho that is the true value proposition here.
edsimpson 1 days ago [-]
I wish they had developed the open source Inbox into a consumer hosted email service for users. It would have been nice to see more competition with Google and Microsoft.
rc_kas 23 hours ago [-]
Yeah I had thought this was what they were building when I first heard they had an email project. I guess not.
1 days ago [-]
paultopia 22 hours ago [-]
Hah, what I wish Cloudflare would supply in the email space is a “prove you’re a human” except for access to my inbox
gck1 23 hours ago [-]
Not all email automation is spam and if you want your emails to not end up in spam folder, you pretty much have to go with Google Workspace and pay for essentially entire business suite when you just want to send emails. I needed something like this for my project and it's pretty much Google Workspace or nothing.
I am so excited for this. I’ve used Amazon SES begrudgingly for years and have wanted a better UI and easier routing level automation.
_pdp_ 1 days ago [-]
Good! However, ...
Sending and receiving is in my mind the easy part. The hardest part is to make this work with actual AI agents. This is the same problem as with sub-agent communication because you need to implement all kinds of additional fictionality to ensure the agent is not just responding for no good reason, go into loops, etc.
My $0.02 from experience.
pradn 1 days ago [-]
How much do existing services trust new email service providers? It would seem to be an uphill battle for Cloudflare to start a new service. It's easy to automate from the start, meaning it's easier to send spam. I suppose reputation is not simply based on the domain the email comes from?
efalcao 1 days ago [-]
Hi, I work on this team at Cloudflare. We've been sending email for years via our free email routing product and email sending is built on top of the same infrastructure, code and knowledge.
tracker1 1 days ago [-]
I hope you've (your org) been able to curate something resembling higher level contacts with Microsoft. They seem to be the single largest email provider that consistently has deliverability issues.
20 hours ago [-]
dgb23 1 days ago [-]
It's certainly interesting that they provide an email service now. In their documentation/blog recommendations they switched their recommended approach twice or three times already.
If they establish a solid email solution I will likely use that for some of the projects I'm hosting there.
agentifysh 20 hours ago [-]
so I have to ask, what is the pricing? This solves a major annoyance of having to use Resend. I just want to be able to send some confirmation emails but I have to pay extra for each domain I add. I am ready to migrate to Cloudflare Email Service if the pricing is competitive.
It's next to impossible to get approved on Amazon SES now vs 10 years ago. I don't know why its so ridiculous difficult to use it for transactional verificaiton emails.
I see AWS screwing up and Cloudflare replacing it.
I'm having a hard time figuring out if I could use this as a replacement for something like AWS WorkMail or E365. The "Agentic" inbox looks really nice, but is this intended for humans to use? I am really confused due to the marketing hype.
bjord 1 days ago [-]
finally, more spam!
ryangst_1 1 days ago [-]
$0.35 per 1,000 emails it's fair pricing.
Looks better than fixed $20 for Resend.
skc 1 days ago [-]
Yep, and I'm both a Cloudflare and Resend customer.
I like Resend, a lot, but this is probably something I can't pass up, especially if it does what it says on the tin
bdangubic 1 days ago [-]
Resend will change the pricing - guaranteed. Not sure how soon but I'd expect very soon.
STRiDEX 1 days ago [-]
I guess if they're big enough they should be working on moving off of amazon SES for emails and warming up ip addresses? Otherwise they need to keep a markup on top of amazon.
Edit: didn't realize people were paying resend $20. AWS already exists at a low price and people pick them anyway, i'm sure they're fine.
pupppet 1 days ago [-]
I'm betting a non-small chunk of these are users AWS wouldn't let out of sandbox mode.
bdangubic 1 days ago [-]
and you’d be 100% right!
slig 1 days ago [-]
It's very easy to get started with Resend, and they have a free tier that basically works for any bootstrapped project, and by the time you have to upgrade, you can pay $20/m.
stewartjarod 1 days ago [-]
And if you want a SaaS like experience for your own AWS, there is wraps.dev ;d
> Everyone already has an email address, which means everyone can already interact with your application or agent. And your agent can interact with anyone.
That’s a huge assumption unless you exclude several countries where people have a phone number but not really an email address (or even if they do, they may not know what an email address is) and exclude many very old (say, 70+) people who wouldn’t know what email is or what their email address is.
Moving on, I assumed the title meant the launch of a new consumer email service or platform. Reading the announcement, it’s not. That was disappointing to me.
tracker1 1 days ago [-]
It is a new customer email service/platform... analogous to AWS SES for being able to send emails. They also have a baseline web email application.
That said, would be nice if CF offered an analog to gmail/m365 email, contacts and calendars as a service to go along side the application access. As it is, I'd probably use a subdomain for service based emails, separate from user emails if using this service.
potato-peeler 1 days ago [-]
I can use this to set up my own custom mail service, like an alternative to gmail? Or at the very least, my own personal mail provider?
tracker1 1 days ago [-]
You'd need to write your own mail protocol host/gateway on top of this service... Pop/smtp/imap, etc.
Also, search is a bigger/harder issue to solve, assuming you want to support clients searching for emails without a full scan of their mailbox for matches.
20 hours ago [-]
yalogin 1 days ago [-]
Isn’t email already scriptable? What does cf provide that is different? I clicked on it assuming they are launching their own email service.
dawnerd 1 days ago [-]
It really is showing how dumb this whole bubble is when you can launch the same service that’s been around for decades but slap ai and agent on it.
sltr 1 days ago [-]
> Email is the most accessible interface in the world
Email is one of the most gatekept interfaces in the world.
daft_pink 1 days ago [-]
I’m really just curious how they guard against prompt injection. Otherwise this seems awesome.
opengrass 1 days ago [-]
No thanks I'll keep my Mailgun. After 2.5M it's half the SES bill.
cbg0 1 days ago [-]
How far off are we from Cloudflare releasing a Gmail competitor?
TimLeland 1 days ago [-]
How easy is it to switch from other email providers?
schainks 1 days ago [-]
Sendgrid is such an enshittified product, I am grateful this now exists and integrates directly with tools I have on cloudflare already.
Hamuko 1 days ago [-]
How awful is the reputation on those IP addresses going to be?
lagniappe 1 days ago [-]
It's cloudflare, they type iddqd before every request.
rc_kas 23 hours ago [-]
what is iddqd?
lagniappe 14 hours ago [-]
god mode code from Doom
dbbk 1 days ago [-]
Good luck trying to send emails during a LaLiga match I guess
diimdeep 16 hours ago [-]
Cancer spreads.
qJaskkT 1 days ago [-]
Did anyone ask the poor people who unknowingly send mail to someone who feeds it to an AI surveillance company?
It would be interesting to send GDPR requests and have Cloudflare figure out all of the parties who got or use your mail.
lloydatkinson 22 hours ago [-]
Sounds like this is only for AI or something. Does it support normal usage or only """agents"""?
creatonez 22 hours ago [-]
AI agents should be nowhere near email, full stop. Who comes up with this shit? Why would Cloudflare ruin their email deliverability by allowing this?
freitzzz 1 days ago [-]
If we're letting agents send e-mail, what's the point of reading e-mail? Surely I can have an agent to reply to e-mail that other agent has sent. Do we really want to create dead internet?
AtNightWeCode 1 days ago [-]
I never got email routing to work. I doubt this will work in the general case.
csomar 1 days ago [-]
This is a very long post just to say they're now running an SMTP server. I've been sending and receiving emails from Workers for two years; though for sending, you still need an external SMTP server like SES or Postmark.
Don't get me wrong, sending (and delivering) emails is genuinely hard. But we'll only know how good Cloudflare is at it after a couple years of real-world experience.
johtso 1 days ago [-]
Another email sending service without support for idempotency?
esseph 1 days ago [-]
AFAIK there is no communication service or protocol on the internet designed with idempotency in mind. (That was worthwhile and adopted)
johtso 1 days ago [-]
Sure, but this is not a protocol, this is an API. APIs that allow actions that cost money, potentially annoy users / effect your reputation in the eyes of email recipients, I believe, should allow the caller to supply a unique key to enforce idempotency.
esseph 1 days ago [-]
Track state on your side.
johtso 23 hours ago [-]
It’s impossible to know whether an action completed successfully if an error occurs between sending the request and persisting the result
esseph 23 hours ago [-]
You also have no idea if it's been blocked or dropped before delivery unless you're using things like tracking pixels etc, right? And even then, that only works if they aren't being blocked (Proton Mail can do this, etc.)
It just seems like this is trying to force something that was never remotely designed for it.
cdrnsf 1 days ago [-]
Slop spam? Slam?
SleepyQuant 1 days ago [-]
[flagged]
Meekro 1 days ago [-]
You mentioned a 12-agent setup with IMAP that you might consider migrating into this platform. Could you tell me more about the overall goal of the project? I'm curious because this whole "email+agent" thing that the article talks about strikes me as kind of strange, and I'm curious what the non-spam use cases are.
SleepyQuant 1 days ago [-]
[flagged]
baal80spam 1 days ago [-]
Ugh, who asked for this?
cdrnsf 1 days ago [-]
The same people that think letting OpenClaw access their inbox is a good idea.
esseph 1 days ago [-]
People wanting an AWS service but from Cloudflare instead of Amazon.
bdangubic 1 days ago [-]
Everyone paying $20/month to Resend et al to send few thousand emails
Rendered at 18:52:02 GMT+0000 (Coordinated Universal Time) with Vercel.
It's an email sender that you can access through an API, or directly through Workers. For those who haven't been keeping up over the years, Workers is their product for running code on Cloudflare's platform directly (an AWS Lambda competitor, more or less) and they've been trying to make it the centerpiece of an ecosystem where you deploy your code to their platform and get access to a variety of tools: databases, storage, streaming, AI, and now email sending. All of this is stuff that AWS has had for years, but some people like Cloudflare more (I certainly do).
One thing that surprised me is the price-- Cloudflare's cloud offerings are usually much cheaper, and I've saved plenty of money by migrating from AWS S3 to Cloudflare's R2. This new offering is 3x the AWS price, though. Weird. Anyway, most small companies don't send enough email for it to matter.
But getting back to the consensus in the comments here: I'm not sure why people think that they'll be worse about policing spam than AWS SES, Azure Email, etc.
Cloudflare is (in)famous for not acting against spammers, fraud, piracy and other less savory groups that are hosting their stuff at/behind Cloudflare, so reasonably, people who've been affected by that are now afraid the same thing will happen with email.
In theory, Cloudflare should take those down, when requested by legal means, but that doesn't matter. How sure are we that they'll act differently for email, instead of trying to get rid of the reputation system instead?
> getting that email to not be rejected totally IS rocket science and it's simultaneously an art form known only to a handful of email nerds working at the core of the big email sending services
It really isn't, you need a clean IP and a clean domain, send handful of emails and you're pretty much whitelisted on most services out there. Maybe you'd say I'm one of the handful, but I personally know more than a handful others who also run their own email services, just like me, and besides the usual hassle of running your own service, as long as you don't spam, your emails will arrive as usual.
It's hard to appreciate how difficult this battle is when running at scale.
Just tangential, but maybe that is part of the problem, isn't it? Napkin math tells me that esch person in the world receives every month an e-mail from you, and you're obviously just one of hundres of providers, and only half of the population actially has e-mail... I think you get the point.
E-Mail got to the point where it's actually worse then physical mail to some degree. Physical mail at least has a hurdle for the sender, and it's easier to throw away without even looking at it. The amount of low-quality mail and annoying, unnecessary notifications I receive is just at a level where I really think of dropping e-mail except for absolute becessary services.
One long term hope: That domain name reputation eventually overtakes IP address reputation entirely.
Giving you the benefit of the doubt and accepting your claim, doesn't that make you one of the people at least second-order responsible for the current state of affairs in email blocking? It would seem that your company, by dint of your volume, navigates roadblocks that the rest of us (ie. the 99.999% of Internet email servers and their admins), who aren't FAANG et al[1], have to deal with to get our users' legitimate email delivered.
If so, could you perhaps give us a brief explanation as to why an otherwise competent engineer can "follow all the best practices" with their server which has no known compromises[2], on an IP address they have controlled for, oh, let's say a full calendar year, and yet still can't get off those FAANG et al default-deny blocklists, but you can?[3]
A cynic might say that your service had a vested interest in paying for unimpeded access to those FAANG et al companies to get over the bar that the rest of us are unable to vault. A cynic might also say that those biggest of the big email services like it that way, because it drives more users to them at the expense of the rest of us 99.999%.
I'll try to remain open to the possibility that there are aspects of the industry I've not yet had any exposure to, and refrain from chimping out over having my users blocked through no fault of their own.
[1] Yes, I know, Facebook doesn't receive anywhere near as much email as they send, and Hotmail = Microsoft, etc. If I used an accurate acronym I could pat myself on the back for being Technically Correct, while nobody would know what the heck I was talking about.
[2] We shan't digress into a discussion of hardware/firmware/OS/application backdoors nor Snowden disclosures. It's not that hard to auto-install security updates and run a reasonably tight ship with no unnecessary attack surfaces.
[3] Or perhaps there aren't any default-deny blocklists at all, but in fact only much smaller default-allow whitelists? That would be cynical indeed.
That's about as good of an answer as I can provide: keep sending smart people to the conferences!
If even a small fraction of legitimate email recipients altered their mail client settings to route "tipped" messages to their inbox, that would probably suffice to get senders to participate in the scheme. Senders are starved for high quality engagement data. Meanwhile, anything we can do to make spam less likely - on a relative scale - to reach the inbox in comparison to "legitimate" traffic, is a win.
In Spain, what they are doing, is the "lawful way", it's literally happening via the courts and judges. Do you think ISPs are blocking Cloudflare specifically just for fun, out of their own accord?
> Actual illegal sports streams are not impacted by Cloudflare being down, and Cloudflare is not the only impacted network.
Some are, many aren't. Cloudflare is indeed the only impacted network, at least for me. Which other networks are being blocked for you during the La Liga matches?
There are also direct actions against cloudflare, but that's not what's taking everything down, is it?
Did I misunderstand something?
Remains to be seen if the block will remain in place or not, you could argue it goes against some other laws, but it has to be argued legally, just like how the block initially happened because La Liga went through the courts. So far us developers or people who visit more American websites tend to be hit the worst, since they're talking about "protecting" other matches too, in other sports, I'm guessing it'll get worse before it gets better.
We have reserved IPs for Email Service and will be protecting the reputation and fighting spam from originating on Email Service.
If we did not do so, our IPs would get flagged and then emails end up in spam or not delivered. That defeats the purpose of having a transactional Email Service. We're well aware of this.
> For years, Spamhaus has observed abusive activity facilitated by Cloudflare’s various services. Cybercriminals have been exploiting these legitimate services to mask activities and enhance their malicious operations, a tactic referred to as living off trusted services (LOTS) [2].
> With 1201 unresolved Spamhaus Blocklist (SBL) listings [3], it is clear that the state of affairs at Cloudflare’s Connectivity Cloud looks less than optimal from an abuse-handling perspective. 10.05% of all domains listed on Spamhaus’s Domain Blocklist (DBL), which indicates signs of spam or malicious activity, are on Cloudflare nameservers
https://www.spamhaus.org/resource-hub/service-providers/too-...
[1] https://check.spamhaus.org/sbl/listings/cloudflare.com/
Cloudflare is not perfect, but at least it been consistent about not becoming censorship service with very few exceptions where they banned something.
Id rather let criminals freely buy and use kitchen knives than let shady organizations control who is allowed to buy one.
Not defending spammers, but this comes across a smidge naive considering Cloudflare's overall footprint in the modern internet.
"Thanks for being a user of AgentMail - a lot of people use AgentMail for outbound (spin up and warm up inboxes, send sequences, handle replies), ..."
Yes, that's right. The first use case mentioned is to send automated outbound emails. "Cold prospecting" workflows are likely going to be a big slice of usage on the new Cloudflare service, as it seems to be on AgentMail.
Then how about not market it as "for agents" when said agents are just LLM output?
For example with SES I will get automatically suspended if my bounce rate is more than 10% or if my complaint rate is more than 0.1%.
There are serious financial penalties for robocallers who violate the Do Not Call list (in America, at least). Let's update those laws for the 21st century, shall we?
I guess they got that reputation years ago when the founders (?) got into public spats about what they would and wouldn't host. AWS is more lawyers and committees and seems more anonymous, so people don't necessarily like it more but they do trust it to be what it looks like more.
Probably just a function of time and size.
For my small, personal email server, I just gave up on trying... I can deliver to Gmail and every other major email provider without issue, and even MS seems to be split into a couple different backing orgs.
For certain types of marketing and transactional emails, it's cheaper I think. AWS SES pricing doesn't include attachments. If you assume a maxed out 25MB email attachment body, I think the price comes out to be mostly similar, amortized at least.
But if you are sending basic text/mostly text transactional emails for stuff like password resets, then SES comes out ahead for sure.
Most cloud IP blocks already have very poor reputations, and or already on Spamhaus blacklists.
People have a right to choose to be upset. =3
[1] https://www.spamhaus.org/resource-hub/service-providers/how-...
Again, using legitimate traffic to shim network spam is a common counterargument against black listing.
Of the approximate 274000 banned hosts I stare at... many nuisances are from Amazon, Azure, digital ocean, and Hetzner. I am sure Maildrill or Mailchimp does have legitimate use cases, but generally the majority of the traffic suggests otherwise. I am certainly biased in this opinion. =3
TBF, the demo app referenced in TFA and depending on how many emails you actually send for however many domains may well be a better option for me than my small MTA server.
Not sure if you read the announcement closely:
> Sending email that actually reaches inboxes usually means wrestling with SPF, DKIM, and DMARC records. When you add your domain to Email Service, we configure all of it automatically. Your emails are authenticated and delivered, not flagged as spam.
this service is batteries included. SES is not.
c. 2022 Cloudflare had a free email sending service (via MailChannels) [0] until it was sunset in Aug 2024 [1].
[0] https://blog.cloudflare.com/sending-email-from-workers-with-...
[1] https://support.mailchannels.com/hc/en-us/articles/456589835... / https://archive.vn/xNLzv
Our initial blog covered most of Email Service's API and what you can expect from it in terms of deliverability, DNS records setup, etc. https://blog.cloudflare.com/email-service/
Email Service can definitely be used as a transactional email API, and it has everything you would expect like SDKs, binding, observability and more coming on the way
The agent angle in this post reflects what we're actually seeing from developers during our private beta. And the idea that an agent can have an inbox to communicate is a new piece in the developer toolbelt.
I can definitely understand some of the ire-- people are probably imagining how they'll try to contact Verizon and will get back a totally unhelpful email from ChatGPT when all they wanted was to talk to a real human for 5 minutes. Your blog post about hooking up agents to email probably speaks to that fear.
legit question: did you invite anyone that isn't doing agentic whatever during your beta?
Man-in-the-middle and gatekeeper of (large parts of) the web.
It's getting harder and harder to participate online without being subject to their surveillance and/or approval.
When the cost of spamming is near 0.00, all open platforms will be abused to the tilt. We have seen the email channel get less and less reliable with our own clients (password recovery, notifications and etc).
This might evolve into a couple of oligopolies (Microsoft 365 Outlook, Google Gmail, may be some legacy email providers like Yahoo) and if you want delivery you'd need to pay them, because they'd be the verifiers that you're not a spammer.
And these platforms will have a hell of time to fight the spammers that will create millions of email addresses and spam trough them.
I think the answer is somewhat the same as where we've gone with many HTTP servers: proof of work. Just like Captcha and more recently Cloudflare turnstile required you complete a task before you'd be able to access as website, senders should be required to complete a task before you'll accept their email.
It can even be a sliding scale: the higher you want the chances of the recipient seeing it to be, the more work you need to do.
However this also break emails considered "legitimate" by businesses, like marketing newsletters and other nonsense, which is why it'll likely never happen.
Even with those, the amount of farmed accounts from a reputable platforms is still high, and it will go higher with the cheap AI targeting that will make the texts much more well crafted and spam filters much more aggressive.
My other conjecture is that the big mail providers would have enough data to catch the spammers based on a number of signals.
...you know the one, where you have email preferences, and you only have "new messages" and "commercial offers" in the settings, and you uncheck the "commercial offers" and think you're sae. Then you get a spam email from them... check the preferences again, and there's a "new product notification" preference, checked by default, and you uncheck that too. Bam! another spam! "personalized offers" option appeared, check by default. "limited time offers". "value deals", etc.
They could price per use, but it would have to start with a base fee that is about the same at 10,000 emails.
Also, the person who just wants to send a few 100 emails a month is actually far more likely to be a spammer. So it's also a way for them to eliminate those folks.
And lastly, the support burden can be high.
AWS has basically said they only want serious customers, let the other guys worry about the small senders.
$0.35 per 1,000 emails
Here are the limits:
"Your account may have daily sending limits based on Cloudflare's assessment of your account standing. "
Source: https://developers.cloudflare.com/email-service/platform/pri... https://developers.cloudflare.com/email-service/platform/lim...
Currently using ZeptoMail ($2.5 per 10,000 emails) but if this service by Cloudflare proves reliable once it reaches GA I'd be happy to switch.
Also Cloudflare is way cheaper compared to eg Sendgrid or Postmark.
Nothing I could do could convince them that I wasn't trying to do 'bad' stuff. Just gave up and decided not to use any AWS tech.
Just used GMail api to send email.
I’ve been developing last three months by emailing Claude, with email threads mapping to an isolated workspace and claude -p. Works super well, especially when trying to get some coding done between everything else.
With right CLAUDE.md and a bit of workflow tooling this extends itself to building other kinds of agents as well. For example, I do my bookkeeping by emailing Claude my statements and receipts, which it then imports into a plain-text accounting system. And we’ve proven this in corporate environment as well, creating agent that can troubleshoot more complex issues by correlating diagnostic logs against product source code.
Once the basic “email agent” infrastructure is there, creating new agents becomes super simple.
I had the same thought when I read this part. The $6MM investment on Agent Mail is in serious trouble right now.
Haha, great visual. Really illustrative of what these AI startups and bootstrapped indie developers are dealing with (and, if I had to guess, why most of them don't go anywhere).
Well that part was impressive. It looks like they focused on receiving emails, that is probably even worse, as I expect OpenAI/Anthropic to add such ability directly to agents, if it really is useful.
That's wild. $6M for an MCP server for SMTP?
https://www.virtualpostmail.com/
This is simply the framing device that all marketing needs to present these days.
"Please stop talking about the thing we can't stop talking about"
The problem is that once you're on the paid plan, you're exposed to unlimited risk if your worker goes crazy due to a stupid code bug or if you're hacked. As a solo dev, it's a risk I simply cannot take; I could wake to a bankruptcy bill from Cloudflare. Even as a company, an employee could sign you up and your accounts team would have no idea of the risk.
I am using Supabase at the moment, and see they have a hard cap now. and so does Vercel after they had some nightmare stories of large bills in the past.
I am not sure why / what CloudFlare think about this - or simply dont care.
I was reading the pricing page for workers and here is what it says there:
> To prevent accidental runaway bills or denial-of-wallet attacks, configure the maximum amount of CPU time that can be used per invocation by defining limits in your Worker's Wrangler file, or via the Cloudflare dashboard (Workers & Pages > Select your Worker > Settings > CPU Limits).
Link: end of example 4 section: https://developers.cloudflare.com/workers/platform/pricing/
For example 1 million requests to a Worker is only $0.30 and there's no bandwidth charge. Similar for R2, Pages, etc.
Also I believe their rate limiting rules have been completely free for one or two years now.
There are many services I wanted to use Workers for but ended up with some self hosted service simply because I can't properly limit my monetary risk here.
Source : post on x from an employee
Side note: the bills from cloudflare are much lower than the ones from AWS/Vercel when there's a mistake. The most I saw passing by was 150€, with Vercel and AWS > 10 k.
Things developers believe about email
[1] https://github.com/mlhpdx/email-origin [2] https://github.com/mlhpdx/email-delivery
Seems like you can only send email via the worker or REST API for now?
Can I send via SMTP? I'm using Supabase and it needs the SMTP credentials.
I can't find anything on the dashboard or on the docs, even though last year they said it supports SMTP [0]
[0] https://blog.cloudflare.com/email-service/
My first thought in reading this would be using this service and the default mail app's structure to back end typical email protocols so you can still use a regular email client to access/use the system as a gateway.
That said, I still think Cloudflare is in a unique position to compete with gmail/m365 mail/calandar/contacts... possibly funding Thunderbird development to tighten the integration as a mail client.
For that matter, I still think cloudflare is in a good position to create a new
Cloudflare is very transparent about their prefixes and reverse DNS, which is generally a good thing for the ecosystem! But it makes it trivial for operators who want to block the entire service, and extremely bad for Cloudflare's deliverability.
And while there are many open blacklists which I have no doubt Cloudflare monitors, there are many (including soft spam-classification signals) that are proprietary and difficult/impossible to monitor other than by watching rates of actual customer/prospect replies and engagement.
Amazon SQS has similar dynamics, and its reputation is far from stellar.
(If the Cloudflare team is reading this, and I'm missing an on-ramp to a company purchasing dedicated IPs with distinct PTR records, I do apologize! I'm not seeing documentation about this, though.)
https://developers.cloudflare.com/email-routing/setup/mta-st...
How's that compare?
From the dashboard link:
> Enable Email Sending Email Sending is currently only available with the Workers Paid plan. Upgrade your plan to start sending emails.
Disclaimer: I don't work for agentmail.
However, I still think AWS SES is the gold standard of deliverability because of their constant monitoring of your reputation (bounces etc). I always combine it with SendOps (https://sendops.dev/) for easy setup and deep analytics to avoid those issues.
please no.
>Sending email that actually reaches inboxes usually means wrestling with SPF, DKIM, and DMARC records. When you add your domain to Email Service, we configure all of it automatically. Your emails are authenticated and delivered, not flagged as spam.
this is going to be an absolute nightmare for spam. i cant exactly block all of cloudflare...
it would be nice if anyone at cloudflare could write about how they plan to proactively reduce abuse of this feature, how they will respond to spam reports, what the punishment for abuse will be, etc.
That's what potential buyers are counting on. Pricing is decent, but imho that is the true value proposition here.
Cloudflare just filled a huge gap.
Sending and receiving is in my mind the easy part. The hardest part is to make this work with actual AI agents. This is the same problem as with sub-agent communication because you need to implement all kinds of additional fictionality to ensure the agent is not just responding for no good reason, go into loops, etc.
My $0.02 from experience.
If they establish a solid email solution I will likely use that for some of the projects I'm hosting there.
It's next to impossible to get approved on Amazon SES now vs 10 years ago. I don't know why its so ridiculous difficult to use it for transactional verificaiton emails.
I see AWS screwing up and Cloudflare replacing it.
Looks better than fixed $20 for Resend.
I like Resend, a lot, but this is probably something I can't pass up, especially if it does what it says on the tin
Edit: didn't realize people were paying resend $20. AWS already exists at a low price and people pick them anyway, i'm sure they're fine.
That’s a huge assumption unless you exclude several countries where people have a phone number but not really an email address (or even if they do, they may not know what an email address is) and exclude many very old (say, 70+) people who wouldn’t know what email is or what their email address is.
Moving on, I assumed the title meant the launch of a new consumer email service or platform. Reading the announcement, it’s not. That was disappointing to me.
That said, would be nice if CF offered an analog to gmail/m365 email, contacts and calendars as a service to go along side the application access. As it is, I'd probably use a subdomain for service based emails, separate from user emails if using this service.
Also, search is a bigger/harder issue to solve, assuming you want to support clients searching for emails without a full scan of their mailbox for matches.
Email is one of the most gatekept interfaces in the world.
It would be interesting to send GDPR requests and have Cloudflare figure out all of the parties who got or use your mail.
Don't get me wrong, sending (and delivering) emails is genuinely hard. But we'll only know how good Cloudflare is at it after a couple years of real-world experience.
It just seems like this is trying to force something that was never remotely designed for it.