0

Today I use DigitalOcean as hosting my software.

Our platform is a SaaS that sends emails from wildcard domains, example: purchase@subdomain.example.com; purchase@another-subdomain.example.com;

Email services like Gmail, Outlook, etc, require SPF Records for subdomains, to avoid spoofing problems. The problem is that DigitalOcean does not allow a wildcard TXT record (*.example.com), and creating a subdomain for each account is not viable, as there are thousands of subdomains.

Is there a way to create a DNS record that can work around DigitalOcean's limitation?

There are more than thousands of subdomains used to send email, and it is impossible to create one by one. And also update all in batch.

Tom
  • 289
  • 3
  • 13
  • 1
    Why not just send from an email address of `subdomain@example.com`. One SPF record, many addresses. – ceejayoz Apr 07 '20 at 19:50
  • @ceejayoz I use the subdomain so that my email server can identify which company the email is being replied to. – Tom Apr 07 '20 at 20:45
  • I'm suggesting the username for that. Unless you've got a scenario where you need `arbitrary-id@subdomain.example.com`, like for a ticketing system or something. – ceejayoz Apr 08 '20 at 01:48

1 Answers1

0

The documentation on DigitalOcean's DNS records doesn't really mention whether wildcards are allowed with CNAME records or not, but that could be an option to circumvent the issue you are facing. E.g.

*.example.com.            IN  CNAME  saas-mailer.example.com.
saas-mailer.example.com.  IN  A      198.51.100.100
saas-mailer.example.com.  IN  TXT    "v=spf1 +ip4:198.51.100.100/32 -all"
Esa Jokinen
  • 46,944
  • 3
  • 83
  • 129
  • Today I have an A record for this wildcard, this record redirects the client to the HTTP server. Wouldn't using an additional CNAME generate an access error? *.example.com IN A XXX.XXX.XXX.XXX – Tom Apr 07 '20 at 20:50
  • The setup initially worked. But Google tools don't accept it, for the following reason: Naked domain must be an A record (not CNAME). – Tom Apr 08 '20 at 01:50
  • The naked domain is `example.com.`, which can't have a `CNAME` for obvious reasons (replacing all `NS`, `SOA` etc.).. This is about all subdomains `*.example.com.`. – Esa Jokinen Apr 08 '20 at 03:46