TXT Records

TXT records might be the most versatile entries in your domain's DNS settings. These simple text-based records have become the foundation of modern email authentication and play a crucial role in email deliverability. While they were originally designed for human-readable notes, today they're primarily used by machines to verify sender identity, implement security policies, and enable various email services.

What is a TXT Record?

A TXT (Text) record is a type of DNS record that stores text information for a domain. Unlike specialized records like MX that have a specific format and purpose, TXT records can contain virtually any text data. This flexibility makes them perfect for storing authentication policies and other machine-readable information.

In the email world, TXT records are primarily used for three critical functions:

  • Verifying domain ownership: Many services require you to add a specific TXT record to prove you control a domain
  • Implementing email authentication: SPF, DKIM, and DMARC all use TXT records
  • Providing service information: Including anti-spam details, email handling instructions, and service-specific configurations

A typical SPF record in TXT format looks like this: v=spf1 include:_spf.google.com -all

Let's break it down:

  • v=spf1: Specifies the SPF version being used
  • include:_spf.google.com: Includes Google's SPF record, authorizing Google's servers to send mail for your domain
  • -all: Strict policy that fails authentication for any servers not specified in the record

While a DMARC record might appear as: v=DMARC1; p=reject; rua=mailto:dmarc-reports@example.com

Let's break it down:

  • v=DMARC1: Indicates this is a DMARC record, version 1
  • p=reject: Policy that tells receiving servers to reject emails that fail authentication
  • rua=mailto:dmarc-reports@example.com: Specifies where aggregate reports should be sent

How Do TXT Records Work?

When a TXT record is created in your domain's DNS, it becomes publicly accessible to anyone who performs a DNS lookup. Each record consists of a name (sometimes called the host or subdomain), a TTL (Time To Live), and the text value itself.

For email authentication, specific naming conventions are used:

  • SPF records are published at the root domain (e.g., example.com)
  • DKIM records use a special selector format (e.g., selector._domainkey.example.com)
  • DMARC records have a dedicated prefix (e.g., _dmarc.example.com)

When an email server receives a message, it performs several DNS lookups to validate the sender:

  1. It checks for an SPF record to see if the sending server is authorized
  2. It extracts the DKIM selector from the email headers and looks up the corresponding public key
  3. It verifies the DMARC policy to determine how to handle authentication failures

The contents of these TXT records provide instructions to receiving servers about how to process and validate incoming email. Since they're stored in DNS, which is distributed and cached worldwide, updates to TXT records don't take effect immediately, changes typically propagate within 24-48 hours, depending on the TTL values.

One important limitation: TXT records have a maximum length (traditionally 255 characters per string), but modern DNS implementations allow for multiple strings that are automatically concatenated. This allows for longer policies, like extensive SPF records that list many authorized senders.

Why are TXT Records Important?

TXT records are crucial for email security and deliverability because they publish your domain's authentication policies (SPF, DKIM, and DMARC) in DNS, allowing receiving servers to verify message legitimacy. Without them, emails are more likely to be rejected or marked as spam, and your domain becomes vulnerable to spoofing and phishing attacks. Properly configured TXT records prevent email spoofing, improve inbox placement with major providers like Gmail, protect brand reputation, provide clear handling instructions for suspicious messages, and enable valuable reporting on email authentication.

Frequently Asked Questions About TXT Records

How many TXT records can I have for my domain?

You can have multiple TXT records for a domain, but only one TXT record per specific name/host. For example, you can have separate TXT records for example.com, _dmarc.example.com, and selector._domainkey.example.com, but you can't have two different TXT records both named exactly _dmarc.example.com.

Can TXT records affect email deliverability?

Absolutely. Properly configured SPF, DKIM, and DMARC records (all implemented as TXT records) significantly improve deliverability. Missing or incorrect authentication records can cause legitimate emails to be marked as spam or rejected outright, especially by major providers like Gmail and Microsoft.

How do I create or update TXT records?

TXT records are managed through your domain's DNS settings, typically in your domain registrar's control panel or DNS hosting provider. The exact process varies by provider, but generally involves navigating to DNS settings, selecting "Add Record", choosing "TXT" as the record type, and entering the appropriate name and value.

Can I use TXT records for other purposes than email?

Yes. While email authentication is the most common use case, TXT records are also used to verify domain ownership for various services, implement security policies like BIMI (Brand Indicators for Message Identification), and even store general information about a domain or service.

Send Consistent-looking & beautiful emails today!

Email communication is part of your product! Don't let it ruin your user's experience with your brand

Get started