Skip to main content
0
  1. Wiki/

Email Wiki: What is a TXT Record

Table of Contents

Alibaba Email - More Product Services

A TXT record (Text Record) is a type of resource record in the Domain Name System (DNS) used to store arbitrary text information associated with a domain name or hostname. TXT records were originally designed to carry short, human-readable text information, but over time, their use has expanded to include email verification, domain ownership confirmation, security policy declarations, and many other purposes.

In DNS, TXT records are numbered 16, and their structure allows for the storage of one or more strings, with each string limited to 255 characters. Multiple strings can be represented through multiple TXT records or by using multiple string entries.

Historical Background #

TXT records were first defined in RFC 1035, published in 1987, and were originally used to store human-readable text information such as system administrator contact details, network service descriptions, etc. As the internet evolved, the uses of TXT records gradually expanded, particularly in email systems and network security.

Structure and Format #

The basic structure of a TXT record is as follows:

<domain-name> IN TXT "<text-string>"

Where:

  • <domain-name> is the domain name.
  • IN indicates the Internet class.
  • TXT indicates that this is a text record.
  • <text-string> is the text content to be stored, which needs to be enclosed in quotation marks.

For example:

example.com IN TXT "v=spf1 ip4:192.0.2.0/24 -all"

A domain name can have multiple TXT records, and multiple string entries can be included in a single record:

example.com IN TXT "First string" "Second string"

Main Uses #

1. SPF Records (Sender Policy Framework) #

SPF (Sender Policy Framework) is an email authentication mechanism used to prevent email spoofing. SPF defines which mail servers are authorized to send emails from a specific domain name through TXT records or a dedicated SPF record type (now deprecated).

For example:

example.com IN TXT "v=spf1 mx ip4:192.0.2.1 ~all"

This record indicates that legitimate mail servers for the example.com domain include servers pointed to by its MX records and the IP address 192.0.2.1.

2. DKIM (DomainKeys Identified Mail) #

DKIM (DomainKeys Identified Mail) is an email authentication technique that adds digital signatures to email headers to verify the source and content integrity of emails. DKIM uses TXT records to store public keys, which receiving mail servers can query to verify signatures.

For example:

default._domainkey.example.com IN TXT "v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDc..."

3. DMARC (Domain-based Message Authentication, Reporting & Conformance) #

DMARC (Domain-based Message Authentication, Reporting & Conformance) is an email security protocol that combines SPF and DKIM technologies to provide email source verification and violation reporting mechanisms. DMARC policies are published through TXT records.

For example:

_dmarc.example.com IN TXT "v=DMARC1; p=reject; rua=mailto:dmarc-reports@example.com"

This record indicates that the example.com domain requires all emails to pass either SPF or DKIM verification, otherwise they will be rejected, and violation reports will be sent to the dmarc-reports@example.com mailbox.

4. Domain Ownership Verification #

Many cloud service providers (such as Google, Microsoft, Cloudflare, etc.) require users to add specific TXT records to verify domain ownership when adding custom domains. This method is simple, effective, and does not affect existing services.

For example:

example.com IN TXT "google-site-verification=abcdef1234567890"

5. Other Uses #

  • Certificate Authority Authorization Verification: Some CAs (Certificate Authorities) use TXT records to verify domain ownership before issuing SSL/TLS certificates.
  • Subdomain Ownership Verification: Used to prove control over subdomains.
  • Security Policy Declarations: Such as publishing security contact information or declaring security policies.
  • Application-Specific Uses: Some applications use TXT records to transmit configuration information or metadata.

Historical Evolution of TXT Records and SPF Records #

In the early days, SPF information was published through TXT records. To improve readability and avoid confusion with other TXT records, IETF defined a dedicated SPF record type (type number 99) in RFC 4408. However, due to compatibility issues and deployment difficulties, SPF records were not widely adopted, and most services still use TXT records to publish SPF policies.

Limitations and Considerations for TXT Records #

  • Length Limitation: Each string is limited to 255 characters. If longer content needs to be stored, it must be split into multiple strings or multiple TXT records.
  • Query Performance: Too many TXT records may affect DNS resolution performance.
  • Security Risks: Public TXT records may expose sensitive information such as verification tokens, public keys, etc., requiring careful management.
  • Record Conflicts: Conflicts may exist between multiple TXT records, requiring compatibility between record contents for different purposes.

How to Query TXT Records #

Various tools and commands can be used to query TXT records, including:

Using Command Line Tools #

Windows (using nslookup): #

nslookup -type=txt example.com

Linux/macOS (using dig): #

dig TXT example.com

Using Online Tools #

Common online DNS query tools include:

Using Programming Languages (Python Example) #

Querying TXT records using Python’s dnspython library:

import dns.resolver

answers = dns.resolver.resolve('example.com', 'TXT')
for rdata in answers:
    print(rdata.strings)

Summary #

As a basic resource record type in the DNS system, TXT records were initially designed to store simple text information, but their flexibility and versatility have made them an indispensable part of modern internet infrastructure. From email verification to domain ownership confirmation to security policy declarations, TXT records play an important role in ensuring network security and improving service manageability.

Understanding and correctly configuring TXT records is crucial for system administrators, website owners, and developers. As internet technology continues to evolve, the application scenarios for TXT records will continue to expand.

References #

  • RFC 1035 – Domain Names - Implementation and Specification
  • RFC 4408 – Sender Policy Framework (SPF) for Authorizing Use of Domains in E-Mail, Version 1
  • RFC 7489 – Domain-based Message Authentication, Reporting & Conformance (DMARC)
  • DKIM Core Specification (RFC 6376)
  • DNS TXT Record – Wikipedia
  • TXT Record Explained – DNSimple Documentation