Circumvent Proton Mail third-parties integration limitations with Cloudflare

One of the biggest Proton limitations is around connecting it to third-party products. Here is how to solve it.

· 4 min read
Circumvent Proton Mail third-parties integration limitations with Cloudflare
Photo by Ed Hardie / Unsplash

Explanation and Disclaimer

Disclaimer, the instructions below defeat the primary reasons why someone would use Proton (EE2E, Zero-Knowledge, and other features) yet allowing you to work around some of Proton's limitations. Before proceeding make sure about this risk and use another third-party server, service, or product that you trust.

One of the biggest Proton limitations is around connecting it to third-party products and depending on your industry this is inherently necessary.

The below tutorial describes how to use Proton alone with a third-party email service to allow other products to connect to your email and facilitate some specific features to work, some of those features can be:

  • Automation of Support Tickets creation
  • Automation of workflow management depending on the email subject, recipient, sender, and/or other
  • Use of a more feature rich product to current Proton products, such as Calendar invite handling, cloud storage, and others

Again, you should proceed with caution and assume the risk that you're trusting another third-party to see, send and forward your email to another service or product.


The instructions below are linked to Proton, Cloudflare or any other provider documentation. I'm assuming you have a proficient level of understanding of the terminology and procedures used below. If there are doubts, please reach out to me via Twitter, I will do my best to clarify but please don't assume I will do step-by-step guide or troubleshooting on this for you.

Before we start there are some prerequisites that we need to have before starting with this implementation, those are:

  1. A Cloudflare account
  2. Set Cloudflare as your DNS Nameserver; in case Cloudflare is not your current domains name registrar you must follow your current Domains Registrar instructions on how to set this up
  3. Enable Email Service for your primary domain
  4. Enable Email Worker (beta) for your primary domain
  5. Addo Custom Domains to Proton. You will need at least two domains for this to work. One will be your primary, the one you intend to use for people to send/receive emails from you and your third-party tools and another one will be used for Cloudflare to forward that email to your Proton account.
  6. A Proton Business account

All the prerequisites above are linked to Cloudflare Documentation so if you have any doubts on how to do anything please go through each of the links. Anyhow, here is what we need to make this work:

Create an Email Worker

Within the Email Service Panel in Cloudflare let's create a new Email Worker "blank" and use the code below as our starting template.

export default {
  async email(message, env, ctx) {
    const addresses = [
      "", // 1- proton secondary domain, prerequisite 5
      "", // 2- your first third-party service
      "" // 3- your second third-party service
    for (let address of addresses) {
      await message.forward(address);
Example - Email worker

There are a few important aspects to have in mind for the Email Worker to work:

  • All the emails where we are going to forward the emails to need to be verified
  • A secondary domain should have already been added to your Proton Business account
  • The order of emails in the script has not effect on the result but I choose this order to provide some clarity and order for myself

Now let's go with the configuration:

  1. The first email "" in the script will be your secondary proton domain address. This way you'll always get your email into your Proton account
  2. The "first" and "second" third-party emails are going to be at other addresses where I will also be forwarding those emails to, in this example, Gmail and Apple iCloud email; this could be your Zendesk and Google Workspace account.

Additional Configuration

Once our email worker configuration is complete, we need to do one more thing, reconfigure our domain DNS SPF records to allow multiple servers to impersonate your email account. Assuming we have configured our DMARC and SPF records during the "add domain" process in Proton or we have successfully enabled the Cloudflare Email Service we can then just update the SPF record (see the default records below); if for some reason the record does not exist then we will need to add a TXT record like the one in the example below:

Note: Default SPF records Proton & Cloudflare

v=spf1 mx ~all

v=spf1 ~all

v=spf1 ~all
Example - Domain SPF record

Let me explain the above SPF record, first we established the version (spf1) and then we added all the servers that we want to allow to send email on our behalf. In this example, we have added Simple Login, Proton, Google (for Gmail) and Cloudflare Email Servers, this last one is particularly important, otherwise, you'll have a lot of impersonation errors when receiving or sending emails; lastly, the ~all refers to how strict the rules are, in this case, I choose ~ SOFTFAIL but you can also use - instead. Here is an incredibly detailed article on how SPF records work.

End Result

Use Case

All this may or may not make sense to many of you, especially those who choose Proton for its privacy and security features, however, there is no lie in saying that there are many business use cases in which Proton Security and Privacy hinder the use of other business tools that can benefit you.

There are three personal limitations and use cases in which Proton just interfere with my use cases:

No Email inspection for automation tools

This sound ironic but in a business world this makes a lot of sense, there are tools that facilitate your life; one tool I use is related to Trip planning, TripIt, this tool automatically pulled all my flight and hotel reservations, adjust the time zones accordingly and other things that help me get out with my Trip, doing this manually is always a hit and missed.


Yes, Proton has a new built-in Calendar, but this still inferior, at least in terms of facilitating my day but, there is not collaborative shared calendar, for family or team calendars, there is no location feature, yes there is a location field, but it has no integration with any Maps tool, privacy focus, open source or the big evils Google or Bing, Maps.

Cloud Drive

I love where Proton Drive is going but it is still inferior to OneDrive for Business and other similar Cloud services.

Shared Mailbox

The biggest issue of all, a Business Account should have a Shared Mailbox service, period.

I hope these instructions help you circumvent Proton limitations but also allow you to use the service (or support them). If you have any questions, please send me a Tweet.