Cloudflare Email Service Turns HN Toward the Old Problems: SMTP, Deliverability, and Spam
Original: Cloudflare Email Service View original →
The HN thread around Cloudflare Email Service quickly separated the agent framing from the infrastructure story. Cloudflare's post puts agents and email workflows in the foreground. HN mostly asked a more grounded question: is this a practical transactional email service, and how will it survive the old problems of SMTP?
Some commenters welcomed the move. A sender that works directly from Workers and through an API gives small teams another option beside AWS SES, Resend, and other mail providers. That matters because email setup is still full of friction: sandbox exits, reputation warm-up, opaque sending limits, DNS records, and sudden deliverability drops. For developers already using Cloudflare for DNS and Workers, adding outbound email to the same platform has an obvious operational pull.
The pushback was aimed at the agent wrapper. HN users noted that several examples, such as sending mail after CI passes or after an order ships, were already straightforward without agents. In that reading, the service may be useful, but the agent language is mostly the current marketing lens. The underlying product is still an email sender, and email senders live or die by boring reliability.
Spam and reputation dominated the deeper thread. SMTP has a near-zero marginal cost for abuse, so every open sending platform eventually faces pressure from bad actors. Commenters worried that another large-scale sender could add more noise unless Cloudflare is strict about account standing, limits, domain checks, and abuse response. Others pointed out that recipients have little control until after unwanted mail arrives.
Security details also surfaced. Email-driven agents are attractive because email is threaded, asynchronous, and universal. But email transit security is not the same as a well-scoped HTTP API. HN commenters pointed to MTA-STS and downgrade protection as details teams should check before treating email as an agent control plane. The thread's useful lesson is that agent workflows do not remove the old email stack. They make its deliverability, reputation, and security tradeoffs more important.
Related Articles
On March 11, 2026, Cloudflare announced the general availability of AI Security for Apps. It also made AI endpoint discovery free for Free, Pro, and Business customers, while adding custom-topics detection and integrations involving IBM and Wiz.
Cloudflare scanned 200,000 high-traffic domains and found only 4% declaring AI usage preferences, 3.9% serving Markdown content negotiation, and fewer than 15 exposing MCP Server Cards or API Catalogs. Its Agent Readiness score turns the agent web into an audit checklist.
Cloudflare tested Anthropic's security-specialized Mythos Preview model against their own infrastructure under Project Glasswing. Mythos can chain low-severity bugs into working exploits, demonstrating reasoning comparable to senior security researchers — but with inconsistent safeguards and significant triage overhead.