please no.
>Sending email that actually reaches inboxes usually means wrestling with SPF, DKIM, and DMARC records. When you add your domain to Email Service, we configure all of it automatically. Your emails are authenticated and delivered, not flagged as spam.
this is going to be an absolute nightmare for spam. i cant exactly block all of cloudflare...
it would be nice if anyone at cloudflare could write about how they plan to proactively reduce abuse of this feature, how they will respond to spam reports, what the punishment for abuse will be, etc.
Well that part was impressive. It looks like they focused on receiving emails, that is probably even worse, as I expect OpenAI/Anthropic to add such ability directly to agents, if it really is useful.
Haha, great visual. Really illustrative of what these AI startups and bootstrapped indie developers are dealing with (and, if I had to guess, why most of them don't go anywhere).
How's that compare?
$0.35 per 1,000 emails
Here are the limits:
"Your account may have daily sending limits based on Cloudflare's assessment of your account standing. "
Source: https://developers.cloudflare.com/email-service/platform/pri... https://developers.cloudflare.com/email-service/platform/lim...
Things developers believe about email
When the cost of spamming is near 0.00, all open platforms will be abused to the tilt. We have seen the email channel get less and less reliable with our own clients (password recovery, notifications and etc).
This might evolve into a couple of oligopolies (Microsoft 365 Outlook, Google Gmail, may be some legacy email providers like Yahoo) and if you want delivery you'd need to pay them, because they'd be the verifiers that you're not a spammer.
And these platforms will have a hell of time to fight the spammers that will create millions of email addresses and spam trough them.
...you know the one, where you have email preferences, and you only have "new messages" and "commercial offers" in the settings, and you uncheck the "commercial offers" and think you're sae. Then you get a spam email from them... check the preferences again, and there's a "new product notification" preference, checked by default, and you uncheck that too. Bam! another spam! "personalized offers" option appeared, check by default. "limited time offers". "value deals", etc.
I think the answer is somewhat the same as where we've gone with many HTTP servers: proof of work. Just like Captcha and more recently Cloudflare turnstile required you complete a task before you'd be able to access as website, senders should be required to complete a task before you'll accept their email.
It can even be a sliding scale: the higher you want the chances of the recipient seeing it to be, the more work you need to do.
However this also break emails considered "legitimate" by businesses, like marketing newsletters and other nonsense, which is why it'll likely never happen.
Looks better than fixed $20 for Resend.
I like Resend, a lot, but this is probably something I can't pass up, especially if it does what it says on the tin
Edit: didn't realize people were paying resend $20. AWS already exists at a low price and people pick them anyway, i'm sure they're fine.
It would be interesting to send GDPR requests and have Cloudflare figure out all of the parties who got or use your mail.
Cloudflare is very transparent about their prefixes and reverse DNS, which is generally a good thing for the ecosystem! But it makes it trivial for operators who want to block the entire service, and extremely bad for Cloudflare's deliverability.
And while there are many open blacklists which I have no doubt Cloudflare monitors, there are many (including soft spam-classification signals) that are proprietary and difficult/impossible to monitor other than by watching rates of actual customer/prospect replies and engagement.
Amazon SQS has similar dynamics, and its reputation is far from stellar.
(If the Cloudflare team is reading this, and I'm missing an on-ramp to a company purchasing dedicated IPs with distinct PTR records, I do apologize! I'm not seeing documentation about this, though.)
It's an email sender that you can access through an API, or directly through Workers. For those who haven't been keeping up over the years, Workers is their product for running code on Cloudflare's platform directly (an AWS Lambda competitor, more or less) and they've been trying to make it the centerpiece of an ecosystem where you deploy your code to their platform and get access to a variety of tools: databases, storage, streaming, AI, and now email sending. All of this is stuff that AWS has had for years, but some people like Cloudflare more (I certainly do).
One thing that surprised me is the price-- Cloudflare's cloud offerings are usually much cheaper, and I've saved plenty of money by migrating from AWS S3 to Cloudflare's R2. This new offering is 3x the AWS price, though. Weird. Anyway, most small companies don't send enough email for it to matter.
But getting back to the consensus in the comments here: I'm not sure why people think that they'll be worse about policing spam than AWS SES, Azure Email, etc.
Cloudflare is (in)famous for not acting against spammers, fraud, piracy and other less savory groups that are hosting their stuff at/behind Cloudflare, so reasonably, people who've been affected by that are now afraid the same thing will happen with email.
In theory, Cloudflare should take those down, when requested by legal means, but that doesn't matter. How sure are we that they'll act differently for email, instead of trying to get rid of the reputation system instead?
> getting that email to not be rejected totally IS rocket science and it's simultaneously an art form known only to a handful of email nerds working at the core of the big email sending services
It really isn't, you need a clean IP and a clean domain, send handful of emails and you're pretty much whitelisted on most services out there. Maybe you'd say I'm one of the handful, but I personally know more than a handful others who also run their own email services, just like me, and besides the usual hassle of running your own service, as long as you don't spam, your emails will arrive as usual.
We have reserved IPs for Email Service and will be protecting the reputation and fighting spam from originating on Email Service.
If we did not do so, our IPs would get flagged and then emails end up in spam or not delivered. That defeats the purpose of having a transactional Email Service. We're well aware of this.
> For years, Spamhaus has observed abusive activity facilitated by Cloudflare’s various services. Cybercriminals have been exploiting these legitimate services to mask activities and enhance their malicious operations, a tactic referred to as living off trusted services (LOTS) [2].
> With 1201 unresolved Spamhaus Blocklist (SBL) listings [3], it is clear that the state of affairs at Cloudflare’s Connectivity Cloud looks less than optimal from an abuse-handling perspective. 10.05% of all domains listed on Spamhaus’s Domain Blocklist (DBL), which indicates signs of spam or malicious activity, are on Cloudflare nameservers
https://www.spamhaus.org/resource-hub/service-providers/too-...
I guess they got that reputation years ago when the founders (?) got into public spats about what they would and wouldn't host. AWS is more lawyers and committees and seems more anonymous, so people don't necessarily like it more but they do trust it to be what it looks like more.
Probably just a function of time and size.
Most cloud IP blocks already have very poor reputations, and or already on Spamhaus blacklists.
People have a right to choose to be upset. =3
[1] https://www.spamhaus.org/resource-hub/service-providers/how-...
Our initial blog covered most of Email Service's API and what you can expect from it in terms of deliverability, DNS records setup, etc. https://blog.cloudflare.com/email-service/
Email Service can definitely be used as a transactional email API, and it has everything you would expect like SDKs, binding, observability and more coming on the way
The agent angle in this post reflects what we're actually seeing from developers during our private beta. And the idea that an agent can have an inbox to communicate is a new piece in the developer toolbelt.
legit question: did you invite anyone that isn't doing agentic whatever during your beta?
I can definitely understand some of the ire-- people are probably imagining how they'll try to contact Verizon and will get back a totally unhelpful email from ChatGPT when all they wanted was to talk to a real human for 5 minutes. Your blog post about hooking up agents to email probably speaks to that fear.
This is simply the framing device that all marketing needs to present these days.
"Please stop talking about the thing we can't stop talking about"
I’ve been developing last three months by emailing Claude, with email threads mapping to an isolated workspace and claude -p. Works super well, especially when trying to get some coding done between everything else.
With right CLAUDE.md and a bit of workflow tooling this extends itself to building other kinds of agents as well. For example, I do my bookkeeping by emailing Claude my statements and receipts, which it then imports into a plain-text accounting system. And we’ve proven this in corporate environment as well, creating agent that can troubleshoot more complex issues by correlating diagnostic logs against product source code.
Once the basic “email agent” infrastructure is there, creating new agents becomes super simple.
[1] https://github.com/mlhpdx/email-origin [2] https://github.com/mlhpdx/email-delivery
Sending and receiving is in my mind the easy part. The hardest part is to make this work with actual AI agents. This is the same problem as with sub-agent communication because you need to implement all kinds of additional fictionality to ensure the agent is not just responding for no good reason, go into loops, etc.
My $0.02 from experience.
Don't get me wrong, sending (and delivering) emails is genuinely hard. But we'll only know how good Cloudflare is at it after a couple years of real-world experience.
bjord•2h ago