Most DNS records contain data in a computer-readable language, but TXT records allow for both human- and computer-readable instructions. TXT records serve a variety of purposes, including domain ownership verification, email spam prevention and framework policies. They also provide general information and points of contact for the domain.
TXT records have no specific formatting requirements, but they’re not meant for large amounts of data. Values longer than 255 characters will need to be split into multiple parts, with each section that contains more than 255 characters enclosed in double quotes. In this case, both values would then need to be added to the TXT record.
The DNS ‘text’ (TXT) record lets a domain administrator enter text into the Domain Name System (DNS). The TXT record was originally intended as a place for human-readable notes. However, now it is also possible to put some machine-readable data into TXT records. One domain can have many TXT records.
Example of a TXT record:
| example.com | record type: | value: | TTL |
|---|---|---|---|
| @ | TXT | This is an awesome domain! Definitely not spammy. | 32600 |
Today, two of the most important uses for DNS TXT records are email spam prevention and domain ownership verification, although TXT records were not designed for these uses originally.
How do TXT records help prevent email spam?
Spammers often try to fake or forge the domains from which they send their email messages. TXT records are a key component of several different email authentication methods that help an email server determine if a message is from a trusted source.
Common email authentication methods include Domain Keys Identified Mail (DKIM), Sender Policy Framework (SPF), and Domain-based Message Authentication, Reporting & Conformance (DMARC). By configuring these records, domain operators can make it more difficult for spammers to spoof their domains and can track attempts to do so.
SPF records: SPF TXT records list all the servers that are authorized to send email messages from a domain.
DKIM records: DKIM works by digitally signing each email using a public-private key pair. This helps verify that the email is actually from the domain it claims to be from. The public key is hosted in a TXT record associated with the domain.
DMARC records: A DMARC TXT record references the domain’s SPF and DKIM policies. It should be stored under the title _dmarc.example.com. with ‘example.com’ replaced with the actual domain name. The ‘value’ of the record is the domain’s DMARC policy.