MX/Inline deployment
With pre-delivery deployment, also known as Inline deployment, Email Security evaluates email messages before they reach a user's inbox.
When you deploy Email Security via MX/Inline, you will have to change your email's MX records to point to Cloudflare. An MX record is a DNS record.
If your DNS records are hosted by Cloudflare (or any other provider, except for Google), you can edit your DNS records via the dashboard or the API to point your MX records to Cloudflare.
By changing your MX records, Email Security will be positioned between your incoming emails and Microsoft 0365 or Gmail.
Once you changed your MX records, you will have to set up the Time to Live (TTL) on your DNS records. If you do not set up the TTL, the DNS propagation will take longer to happen. By reducing the TTL, you are decreasing the time it takes for DNS records to propagate.
Email Security becomes a hop in the SMTP ↗ processing chain and physically interacts with incoming email messages. Based on your policies, various messages are blocked before reaching the inbox.
When you choose an inline deployment, you get the following benefits:
- Messages are processed and physically blocked before arriving in a user's mailbox.
- Your deployment is simpler, because any complex processing can happen downstream and without modification.
- Email Security can modify delivered messages, adding subject or body mark-ups.
- Email Security can offer high availability and adaptive message pooling.
- You can set up advanced handling downstream for non-quarantined messages with added X-headers.
Was this helpful?
- Resources
- API
- New to Cloudflare?
- Products
- Sponsorships
- Open Source
- Support
- Help Center
- System Status
- Compliance
- GDPR
- Company
- cloudflare.com
- Our team
- Careers
- 2025 Cloudflare, Inc.
- Privacy Policy
- Terms of Use
- Report Security Issues
- Trademark