top | item 35828706

(no title)

uean | 2 years ago

I like the idea. Your description on the website is missing the explanation that the final step is the service provider verified the records via email/sms.

I think one challenge always faced is dns propagation, creating your record and walking away and waiting (sometimes) hours for it to be recognized. Your method gives an ability to create a number of records in advance with different security restrictions so that’s nice, but requires a lot of thought and even more time adding records in your DNS.

So whats the actual verification process look like? You give the SP the subdomain generated and they query TXT records from there? how does the actual verification work here and when/how does the user receive an email?

discuss

elliottinvent|2 years ago

Thanks for your feedback.

> So whats the actual verification process look like? You give the SP the subdomain generated and they query TXT records from there? how does the actual verification work here and when/how does the user receive an email?

1. You sign up to service provider like Google Ads

2. They verify your email as part of normal onboarding

3. You tell them you own example.com (no need to give them a subdomain)

4. They run a Domain Verification check using your already verified email (they hash your email and run a DNS query based on that hash)

  a) If the check passes, your domain is verified

  b) If the check fails, they could invite you to verify another email (back to step 4)

5. If Domain Verification isn't ultimately successful, they can either:

  a) instruct you to create a DV record; or

  b) default to current domain verification method (store a random string in DNS)

jeroenhd|2 years ago

Does this mean this service doesn't work if you use unique email addresses for different services? By that I mean example+tag@gmail.com, catch-all email addresses, Apple's and Mozilla's email anonymization services, and so on.