DNS TXT Record

What is a DNS TXT Record?

A DNS TXT Record is a type of Domain Name System (DNS) record used to store text-based information associated with a domain. Originally designed for simple notes or administrative data, TXT records have evolved into one of the most versatile tools in modern internet infrastructure.

Today, TXT records are used to store a wide range of information: verification tokens, email authentication settings, and security policies. Each TXT record is tied to a specific domain or subdomain, and can contain nearly any text value up to 255 characters per string (with multiple strings allowed in a single record).

For example, an SPF record is often stored as a DNS TXT entry:

When mail servers or security systems query DNS for your domain, they retrieve the TXT record to check these published values.

How DNS TXT Records Work

A DNS TXT record lives within the DNS zone of your domain. When a lookup is made, the DNS resolver retrieves the TXT record and returns its contents to the requester.

Common use cases include:

• Domain ownership verification (used by Google, Microsoft, and others)
• Email authentication protocols like SPF, DKIM, and DMARC
• Defining policy information such as MTA-STS or TLS-RPT endpoints
• Providing metadata for network or application configuration

For example, a domain’s DMARC policy is defined entirely within a TXT record:

This record tells mail receivers how to handle messages that fail authentication and where to send aggregate reports.

Why DNS TXT Records Are Essential for Email Security

TXT records are at the core of email authentication. Protocols like SPF, DKIM, and DMARC all depend on them to communicate trust and policy across domains.

When properly configured:

• SPF TXT records declare which servers are authorized to send mail
• DKIM TXT records publish cryptographic public keys
• DMARC TXT records align the results of both to prevent spoofing

If a TXT record is missing or misconfigured, mail receivers can’t verify the authenticity of your messages. This leads to delivery issues, higher spam placement, or exposure to phishing attacks.

TXT records are also used by security frameworks such as DNSSEC, ensuring the authenticity of DNS responses.

DNS TXT Records and DMARCeye

DMARCeye continuously monitors and analyzes DNS TXT records across your domain’s authentication setup. By visualizing each component (SPF, DKIM, and DMARC) DMARCeye helps identify missing, conflicting, or outdated TXT entries before they impact deliverability.

Through real-time analysis, DMARCeye also verifies that your reporting URIs, DKIM selectors, and SPF includes are correctly published. This gives you full visibility into how your domain’s authentication data appears to the outside world, supporting both compliance and brand protection.

Sign up for a free trial of DMARCeye today and secure your email domain.

To learn more about DMARC and DMARC-related terms, explore the DMARCeye Glossary.