fizz.today

Wildcard MX records enable Fastmail subdomain addressing without per-subdomain config

I manage 10 domains across Route53 and Cloudflare, all with Fastmail for email. I wanted subdomain addressing — newsletter@sub.ferkakta.dev, vendor@billing.fizz.work — without creating MX records for every subdomain on every domain.

The trick

A wildcard MX record (* MX) catches mail for any subdomain that doesn’t have its own explicit MX. Fastmail handles the rest: mail to anything@whatever.yourdomain.com lands in your inbox as long as the MX points to Fastmail’s servers.

The Terraform

locals {
  fastmail_records = { for domain in [
    "ferkakta.dev", "fizz.today", "ferkakta.com",
    "fizz.work", # ... all domains
  ] : domain => {
    mx = {
      name   = ""
      type   = "MX"
      values = ["10 in1-smtp.messagingengine.com", "20 in2-smtp.messagingengine.com"]
    }
    mx_wildcard = {
      name   = "*"
      type   = "MX"
      values = ["10 in1-smtp.messagingengine.com", "20 in2-smtp.messagingengine.com"]
    }
    # SPF, DKIM records...
  } }
}

The mx_wildcard key is identical to mx except name = "*" instead of name = "" (apex). Both point to the same Fastmail inbound servers. The module creates matching records in both R53 and Cloudflare.

Why this works

DNS MX lookup for sub.yourdomain.com:

  1. Check for an explicit MX at sub.yourdomain.com — none exists
  2. Check for a wildcard MX at *.yourdomain.com — found, returns Fastmail servers
  3. Fastmail accepts the mail because the apex domain is verified in your account

Fastmail doesn’t care what subdomain the mail was addressed to. It matches on the verified domain and delivers to your inbox. You can then filter on the To: header to sort by subdomain.

Provider caveat: This works because Fastmail accepts mail for arbitrary subdomains of a verified domain. Not all providers do. Google Workspace, for example, does not by default — it requires explicit subdomain configuration. Check whether your provider supports this before adding the wildcard MX.

The use case

Subdomain addressing is useful for the same reasons plus addressing is: tracking who sold your email, filtering vendor mail, and creating disposable addresses. The advantage over plus addressing (user+tag@domain) is that many forms reject the + character. Nobody rejects vendor@billing.yourdomain.com.

One record per domain, applied once, covers every possible subdomain. No per-vendor DNS changes.

#dns #email #terraform #fastmail