DNS TXT record
A text record, otherwise known as a TXT record, is a type of domain name system (DNS) that stores all text-based information about a domain. This information includes human-readable text, such as the server name, network type, and datacenters. Though it was first created to hold human-readable values, a TXT record can now contain machine-readable data as well.
Why do you need a TXT record?
The primary use of a TXT record is to validate domain ownership and prevent email spam. The TXT record plays a crucial role in identifying whether the email you received is from a legitimate domain and, in turn, controls spam.
How TXT record lookup works
TXT records are helpful when a domain's ownership needs to be authenticated. One can authenticate their domain by adding a verification string as a TXT record to the server to prove their ownership. This addition makes the cloud/service provider acknowledge that some changes have been made to the domain, and that they are the domain owner.
Types of TXT records
To determine the domain's legitimacy, three different types of TXT records are used: SPF, DKIM, and DMARC.
The Sender Policy Framework (SPF) is a gateway to test whether emails are from legitimate and authorized users. This is one of the major factors that help decide where an email should end up. If the sender's SPF is listed under the receivers list, it lands in the inbox. Otherwise, it's moved to spam. There can be only one SPF record for a domain.
Domain Key Identified Mail (DKIM) acts as a shield from spammers and phishing websites. DKIM uses digital signatures to ensure that emails haven't been tampered with prior to delivery. DKIM is added to the email header, which also contains the private key component to decode it.
Domain-based Message Authentication, Reposting and Conformance (DMARC) is a policy that decides what action needs to be performed when security checks such as SPF and DKIM fail. It's a type of TXT record that decides if the email must be quarantined, rejected, or allowed to pass into the inbox. These records are stored in the DNS as DNS TXT records.
Example of a TXT record
There can be more than one TXT record for a domain. A simple TXT record would contain the host/domain name, its entry (content), and its time-to-live (TTL) value. The format of the TXT record is an attribute value pair. An attribute is always followed by an = sign and its value. For example, when a TXT record represents the SPF, its attribute value pair would be v=spf1.
|abc.com||v=spf1 include: ~all||1800|
Components of a TXT record
Host name: The name of the domain for which the TXT record has been obtained.
Entry: Where the actual TXT records are stored. A typical TXT record can hold up to 255 characters. If this limit is exceeded, they must be split into different parts with each part enclosed inside double quotes.
TTL: The time-to-live value tells the server how long the data can reside in its cache before its next update.
Frequently Asked Questions
Is the TXT record mandatory for all domains?Yes. Even domains that don't use email service must also have their SPF, DKIM, and DMARC configured so that spammers don't use their domain name for phishing purposes.
How do you differentiate an SPF record from a TXT record?A TXT record is a text-based DNS record that holds human as well as machine-readable information about a domain, whereas an SPF record is used for domain validation and email authentication purposes. Typically, an SPF record is defined using a TXT record.
Can I have multiple TXT records?Yes. A domain can have more than one TXT record, but there can be only one SPF record for a domain. If there is more than one SPF record, it fails the email authentication process.
Are there any limitations to TXT records?A TXT record can hold up to 255 characters in one single string. For framework policies like SPF and DKIM, the character count may increase; therefore, these characters must be separated into separate strings enclosed inside double quotes.
Can I modify TXT records?Yes. TXT records can be modified through the admin dashboard where all of your domain-based details are stored.