I need to create an RBL exception for hubspot, but they suggest using a DNS which resolves to a TXT record. Can I whitelist based on a TXT DNS?

So they are routinely blacklisted as spammers, but your organization wants to put your own reputation in their hands by using tem to send email on your behalf?  Not my recommendation.

Rbl lists are implementrd using dns, so in theory you could creste an override in your dns system, and then point utm to that override.  I don't  think utm does txt records.   And if you make a mistake you might let in real spam.

The problem with sender domain exceptions us that it applies to both the domain and any fraudulent mail asserting the same identity.   IP exceptions are safer.  On the other hand, you have to consider that an ip whitelist allows snything sent from those servers for any domain, and oerhaps some of that mail is more woorisome than mail falsely claiming to be from hotspot.com

Yes, not my recommendation either, but such is IT.    I've settled on BAlfson's recommendation of just an RBL exception for senders as *@*.shared.hubspot.com which will allow my marketing people who use the hubspot servers to at least receive emails when the random server they use for deliver is on an RBL.  I'm only keeping 30 days of logs, but I'm seeing 6% of the delivery attempts hubspot is making come up as dropped due to RBL in the last 30 days. 

Why do cloud companies use tens or even hundreds of different IPs to deliver mail for single domains?

I bet that information might make hubspot change suppliers.  I bet their customers would not like knowing that 6% of the emails they pay for are blocked by blacklists.

Jason, I don't think *@*.shared.hubspot.com will work with that second * in there.

Cheers - Bob

I bet that information might make hubspot change suppliers.  I bet their customers would not like knowing that 6% of the emails they pay for are blocked by blacklists.

Jason, I don't think *@*.shared.hubspot.com will work with that second * in there.

Cheers - Bob