TXT Records in DNS: The “Notes” Field That Modern Services Rely On
At first glance, TXT records in DNS look a bit strange. They are just pieces of text attached to your domain, so it is easy to think they are optional or unimportant. In reality, TXT records are one of the most used tools in modern DNS. Email security, domain verification, and many third-party services depend on them every day.
You can think of a TXT record as a public note about your domain. Other systems on the internet read these notes to decide whether to trust your email, confirm that you own a domain, or enable certain features in cloud services.
What Is a TXT Record in DNS?
A TXT record is a DNS record type that stores arbitrary text. Originally it was meant for free-form information, but over time standards have grown around it. Today, most TXT records follow specific formats that machines can read and understand.
Some common uses for TXT records include:
- SPF – telling the world which servers are allowed to send email for your domain.
- DKIM – publishing public keys used to verify email signatures.
- DMARC – setting policies for how receivers should handle suspicious email.
- Domain verification – proving ownership to services like Google, Microsoft, and others.
- Custom service settings – feature flags or configuration values for specific providers.
From your side, a TXT record is just “name + value.” From the internet’s side, it is a powerful signal about what is allowed and what is not for your domain.
How a TXT Record Looks (Basic Syntax)
In a DNS zone file, TXT records look something like this:
example.com. TXT "v=spf1 include:_spf.example.net ~all"
_dmarc.example.com. TXT "v=DMARC1; p=quarantine; rua=mailto:[email protected]"
google-site-verification.example.com. TXT "some-long-verification-code"
Most modern TXT records follow a key=value style inside quotes. The DNS zone only cares that it is “text.” The meaning comes from the systems that read it (mail servers, cloud platforms, etc.).
Common Real-World Uses of TXT Records
1. SPF: Sender Policy Framework
SPF is one of the most common TXT record types. It describes which servers are allowed to send email for your domain.
An example SPF TXT record:
example.com. TXT "v=spf1 include:_spf.mailprovider.com -all"When a receiving mail server gets a message from [email protected], it can check this SPF TXT record to see whether the sending server is on the allowed list. This helps reduce spoofing and spam when combined with other checks.
2. DKIM: Publishing Public Keys
DKIM signs outgoing email with a private key. The matching public key is stored as a TXT record under a special selector subdomain.
Example:
selector1._domainkey.example.com. TXT
"v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A..."Mail providers use this TXT record to verify that the DKIM signature on incoming messages is valid and really belongs to your domain.
3. DMARC: Policy and Reporting
DMARC policies also live in TXT records, usually under _dmarc for your domain.
_dmarc.example.com. TXT "v=DMARC1; p=quarantine; rua=mailto:[email protected]"This tells mail receivers what to do with emails that fail SPF/DKIM checks (for example, quarantine or reject) and where to send reports.
4. Domain Ownership Verification
Many services ask you to “add a TXT record” to prove that you control a domain. For example, Google might provide something like:
google-site-verification=AbC123xyzVeryLongCodeYou add a TXT record with this value, and the service confirms it by doing a DNS lookup. If the code appears in your TXT records, they know you own the domain.
Where TXT Records Live: Name vs Value
Every TXT record has two main parts in your DNS panel:
- Name / Host – the subdomain (or
@for the root) where the TXT record is attached. - Value / Text – the actual text string.
Examples in a DNS control panel might look like:
Host: @
Type: TXT
Value: "v=spf1 include:_spf.mailprovider.com -all"
Host: _dmarc
Type: TXT
Value: "v=DMARC1; p=none; rua=mailto:[email protected]"
Host: google-site-verification
Type: TXT
Value: "google-site-verification=AbC123xyzVeryLongCode"
Many panels automatically append your domain name, so _dmarc becomes _dmarc.example.com in full. If you are unsure, check the provider’s help docs or examples.
How to Add a TXT Record Safely
Adding a TXT record is simple in theory, but a small mistake can break email authentication or verification. A careful approach helps avoid problems.
- Get the exact value from your provider. Copy it carefully, including all semicolons and equal signs.
- Open your DNS management panel. Find the domain and go to the DNS or “Zone” section.
- Add a new TXT record. Set the correct host name (for example,
@,_dmarc, or a specific verification name). - Paste the value exactly. Some panels wrap it in quotes for you; others need you to include them. If you see double quotes in the final zone, that is usually correct.
- Save and wait for DNS to update. Then use a verification or lookup tool to confirm the new TXT record is visible.
Whenever possible, avoid editing existing SPF or DMARC records by hand unless you are sure what you are doing. It is better to follow examples from your email provider or use their wizards.
Can You Have Multiple TXT Records?
Your domain can have many TXT records. This is normal, especially when combining SPF, DKIM, DMARC, and several verification codes.
However, there are a few good practices:
- One SPF policy per host. You should not have multiple full SPF policies on the same host (for example, two separate SPF TXT records at
example.com). Merge them into a single SPF record if possible. - Separate TXT records for different purposes. DKIM keys, DMARC policies, and verification codes usually each get their own TXT record at their own subdomain.
- Keep values readable. Long lines are fine, but try not to mix unrelated information into a single TXT record.
If you see more than one TXT record in a lookup, do not panic. The key is that each “type” of configuration is clear and valid.
Typical TXT Record Mistakes
A few small errors cause most TXT-related issues:
- Extra spaces or line breaks – some control panels wrap long values or add hidden characters. These can break SPF or DMARC parsing.
- Multiple SPF records at the same host – many receivers treat this as an invalid SPF configuration.
- Putting TXT on the wrong host – for example, putting a DMARC record at
dmarc.example.cominstead of_dmarc.example.com. - Missing quotes in raw zone files – zone files usually expect the TXT string to be inside quotes.
- Editing provider-managed records – changing values created by your email or DNS provider without understanding the impact.
When something does not work, doing a fresh DNS TXT lookup and comparing the result to the provider’s example is often the fastest way to spot the problem.
TXT Records and Email Deliverability
TXT records are central to email authentication. If they are misconfigured, your emails might land in spam or be rejected outright.
For good deliverability, your DNS usually needs:
- A correct SPF TXT record listing your sending services.
- Valid DKIM TXT records for each selector used by your provider.
- A DMARC TXT record defining your policy (even if it is initially relaxed, like
p=none).
Mail providers and spam filters use these TXT records together with other signals to decide whether your domain is trustworthy. Clean and consistent TXT records make it easier to build a good reputation over time.
Key Takeaways About TXT Records in DNS
- TXT records store text, but that text fuels SPF, DKIM, DMARC, and many verification systems.
- Most TXT values follow structured formats that machines can parse, even though they look like simple strings.
- One domain can have many TXT records, but SPF should usually be defined in a single record per host.
- Precise copying matters — small typos or formatting changes can break email authentication.
- Checking TXT records with external tools is essential whenever you change them.
FAQ About TXT Records in DNS
What is a TXT record used for in DNS?
A TXT record stores text information about your domain that other systems can read. It is commonly used for SPF, DKIM, DMARC, and domain verification. These records help email providers, cloud platforms, and security tools understand how your domain should behave.
Can I have multiple TXT records for my domain?
Yes. You can have multiple TXT records for one domain, and this is very common. The main rule is that you should not have more than one complete SPF TXT record for the same host, because that can cause SPF checks to fail. Other TXT records, like DKIM keys or verification codes, usually live on separate subdomains.
How do I check my current TXT records?
You can use free online DNS lookup tools or command-line utilities like dig and nslookup. For example, running dig TXT example.com will show the TXT records at the root of your domain, and dig TXT _dmarc.example.com will show your DMARC record if it exists.
How long do TXT record changes take to propagate?
TXT record changes follow the same DNS caching rules as other records. In many cases, updates start appearing within a few minutes, but some resolvers may cache the old value for up to the TTL you set, often up to a few hours. Setting a lower TTL before big changes can make updates feel faster.
Does a TXT record affect website performance?
TXT records themselves do not directly affect website speed or performance. They are read mainly by email servers and verification services. Indirectly, well-configured TXT records can improve email deliverability and security for your domain, which is important for user trust and communication.
Related DNS Topics to Explore Next
- SPF records: building a safe sending policy for your domain.
- DKIM records: how cryptographic signatures protect your brand in email.
- DMARC records: turning SPF and DKIM into a clear, actionable policy.
- MX records: understanding how mail is routed to your inboxes.
If you treat TXT records as structured notes about your domain and keep them clean and consistent, many other pieces — especially email and verification with external services — become easier to manage and far more reliable.
