TL;DR: A TXT record stores free-form text in your DNS. It's used for domain verification and, crucially, for your email security — SPF, DKIM and DMARC are all TXT records. Getting them right (and avoiding common formatting mistakes) is what keeps your domain from being spoofed. Scan your domain free to check yours.
What a TXT record is for
Originally TXT records held human notes, but today they're mostly machine-readable instructions. The big ones:
- SPF — a TXT record starting
v=spf1listing who may send your email. - DKIM — a TXT record at
selector._domainkeyholding your public signing key. - DMARC — a TXT record at
_dmarcsetting your anti-spoofing policy. - Verification — services (Google, Microsoft, etc.) ask you to add a TXT record to prove you own the domain.
How to add one
In your DNS, create a record of type TXT, set the host/name (e.g. @ for the
root, or _dmarc), and paste the value exactly as given. Save, then wait for
propagation.
Common TXT mistakes
- Extra quotes or spaces that break the value — paste it exactly.
- Two SPF TXT records — only one is allowed; merge them.
- Wrong host — DMARC must be at
_dmarc, DKIM at its selector, SPF at the root. - Long DKIM keys sometimes need splitting into chunks — most DNS providers do this automatically.
FAQ
Can I have multiple TXT records?
Yes — you can have many TXT records (DKIM, verification, DMARC on its subdomain). The exception is SPF: only one
v=spf1 record.
Are TXT records public?
Yes — anyone can read them, which is fine; SPF/DKIM/DMARC are meant to be public.
Why isn't my new TXT record working?
Usually propagation (give it time) or a formatting error (re-paste the value).
Not sure your TXT-based email security is right? Scan your domain, then reply to your report — we're developers and we'll get your SPF, DKIM and DMARC records correct for you.