I have a webapp running on Azure and use Google Domains for the domain name (mywebapp.com) and DNS. Azure automatically generates URLs for different resources/services (e.g: https://black-cat-12345.azurestaticapps.net, https://my-webapp-api.azurewebsites.net) and I use CNAMEs to create subdomains:
mywebapp.com A 3600 {Google IP}
mywebapp.com MX 3600 {Google mail servers}
mywebapp.com SPF "v=spf1 include:_spf.google.com ~all"
login.mywebapp.com CNAME 3600 black-cat-12345.azurestaticapps.net
api.mywebapp.com CNAME 3600 my-webapp-api.azurewebsites.net
etc
I've been told to strongly consider adding SPF records for the subdomains to prevent mail spoofing and phishing emails, but according to Adding both CNAME and TXT DNS records for one subdomain I can't have SPF records while using CNAMEs. I'm at a loss on how to achieve this.
If I never send mail from the subdomains, and don't have MX records, are SPF records necessary?
If I should add SPF records, is the only way to achieve this by changing from CNAMEs to A records? I can't use the underlying IP of the Azure resource/service (e.g: my-webapp-api.azurewebsites.net -> 52.175.36.249) so I'm open to ideas.
Best Answer
Azure Web App supports custom domain, but not in case you are using the free (F1) tier. Instead using an DNS alias (aka CNAME), the right approach is probably to use another pricing tier and to configure your custom domain.
Some documentation on it: