DNS TXT Record

Last updated: May 14, 2025

What is a TXT Record?

This DNS record was created so that admins could write notes into their DNS zones, such as what the zone is used for and other helpful reminders.

The most common uses for a DNS TXT record currently, though, are to prevent email spam (often called an SPF TXT record) and to verify domain ownership.

SPF stands for Sender Policy Framework, which is a protocol for email authentication to prevent email spoofing. These DNS records help prevent malicious attacks from being used on your domain. You may only have one SPF TXT record per domain. It is similar to a DMARC record.

DMARC stands for Domain Based Message Authentication Reporting and Conformance and is also an email validation system to prevent phishing scams, email spoofing, and other kinds of email based attacks.

TXT record example:

How to create a TXT Record

This will depend on the DNS Management solution you are using (Microsoft, ISC, AWS Route53, Azure, or any other DNS or DDI solutions). Generally speaking, though, you will specify a:

  • DNS Record Name

  • Record Type: TXT

  • Structured or unstructured text as specified by RFC 1464

How to add a TXT record to my DNS

This will again be dependent on your DNS management solution. To add a TXT record in Micetro

  1. Click on the DNS tab
  2. Double-click on a zone
  3. Click on the Create button
  4. Specify a record name
  5. Select TXT as the Record Type
  6. Specify Time-to-live
  7. Add a text attribute
  8. Click Create Now or Add to Request depending on your permission level

Add Record Type

How do I verify a DNS TXT Record?

There are a couple ways to look up TXT record information. You may use the NSLOOKUP command from your client computer by typing the following in the command line terminal:

nslookup -q=txt menandmice.com

This will return any txt records that were found along with their attributes.

You may also use the Dig command either at the command line or via a browser tool, for example. Here’s what is returned when using the Dig tool.

We see below that Google is using several txt records for domain ownership verification and email spoofing prevention.

DIG

Domain ownership verification with TXT records is the same as setting up a regular TXT record, except in the text value field you need to copy in a key from your host or domain provider. As you can see in the above example, the syntax will look like this:

menandmice.com 60 IN TXT “google-site-verification=S7T3j1rHKEQ4J97FLhV6Ec5x8SvRgZgUsVCy2Qp9GMc”

You can secure emails by using SPF TXT records as defined above. Again, the process is similar to creating a normal TXT record, but as shown above the syntax will look like this:

Menandmice.com 60 IN TXT “v=spf1 ip4:217.151.171.250 ip4:82.221.12.65 ip4:212.30.230.100”

In this case, all email sent from these specified servers (217.151.171.250, 82.221.12.65, and 212.30.230.100) are authorized. In other words, these servers are permitted to send email from the menandmice.com domain. Then as people receive email from the menandmice.com domain, their email servers can check to see if the information matches. If not, these emails will generally get filtered into spam boxes. If the IP information does match, and all other criteria is met, then people will receive the emails in their inbox.

Attending Cisco Live in San Diego?

See how you can accelerate network transformation using Intelligent NetOps.

Book a meeting