DNS & Domain Guides

TXT Records: SPF, DKIM, DMARC and Beyond

Learn what TXT records are, how they are used for SPF, DKIM, DMARC and domain verification, and how to avoid common TXT record mistakes.

By CheckDomainHealth Editorial Team Reviewed by Dionis Ceban Updated Jun 28, 2026 8 min read Beginner

Introduction

TXT records are DNS records that store text values for a domain or subdomain. They are widely used for email authentication, domain verification, security policies and service configuration.

For many domain owners, TXT records become important when setting up SPF, DKIM, DMARC, Google Workspace, Microsoft 365, website builders, SSL validation or third-party SaaS platforms. A small TXT record mistake can cause email authentication failures, verification errors or deliverability problems.

Quick answer

Quick answer

A TXT record stores text-based information in DNS. Common TXT records include SPF records for allowed senders, DKIM public keys for email signatures, DMARC policies for email authentication handling, and verification records for services like Google, Microsoft, SSL providers and SaaS platforms.

What is a TXT record?

A TXT record is a DNS record that stores text data for a domain or subdomain. Other systems can read this text to verify ownership, check email authentication, or apply domain-related policies.

Example
example.com TXT "v=spf1 include:_spf.example.net ~all"

In this example, the TXT record contains an SPF policy that tells mail servers which systems are allowed to send email for the domain.

TXT records are flexible, but the value must match the exact format required by the service using it.

What TXT records are used for

SPF records

TXT records define which mail servers are allowed to send email for a domain.

DKIM records

TXT records store public keys used to verify signed outgoing email.

DMARC records

TXT records define a domain’s DMARC policy and reporting addresses.

Domain verification

TXT records prove domain ownership to services such as Google, Microsoft, SSL providers, SaaS tools and website platforms.

Security and policy records

Some security standards and provider features use TXT records for reporting, validation or policy discovery.

Service configuration

Third-party platforms may ask you to add TXT records to connect or verify a domain.

TXT records for SPF

SPF is published as a TXT record, usually at the root domain. It lists the servers or providers allowed to send email for the domain.

SPF example
example.com TXT "v=spf1 include:_spf.google.com ~all"

A domain should normally have only one SPF TXT record. Multiple SPF records can cause SPF validation to fail.

Do not copy this example directly unless your domain actually sends mail through that provider. SPF records must match your real sending services.

TXT records for DKIM

DKIM records store public keys used to verify that outgoing email was signed by an authorized mail system. DKIM records are usually published under a selector hostname.

DKIM example
selector1._domainkey.example.com TXT "v=DKIM1; k=rsa; p=PUBLIC_KEY_HERE"

Your email provider usually gives the DKIM selector and value. The selector may be named default, google, selector1, selector2, k1 or something provider-specific.

DKIM values can be long. Make sure the full key is saved correctly and not truncated by the DNS panel.

TXT records for DMARC

DMARC is published as a TXT record at _dmarc.yourdomain.com. It tells receiving mail servers how to handle messages that fail SPF or DKIM alignment.

DMARC example
_dmarc.example.com TXT "v=DMARC1; p=none; rua=mailto:dmarc@example.com"

A p=none policy is often used for monitoring. Stronger policies such as quarantine or reject should be applied carefully after reviewing legitimate mail sources.

TXT records for domain verification

Many services ask you to add a TXT record to prove that you control a domain. This is common for email providers, analytics tools, website builders, SSL validation and SaaS platforms.

Verification examples
google-site-verification=example_token
MS=ms12345678
provider-verification=example_token

Verification TXT records usually do not affect website routing or email delivery, but removing them too early can cause a connected service to lose verification.

Why this matters

Why this matters

TXT records matter because they are often used to prove domain ownership and protect email identity. Incorrect TXT records can cause SPF, DKIM or DMARC failures, prevent a provider from verifying your domain, or make email troubleshooting harder.

TXT records do not usually point a website to a server. Website routing is normally handled by A, AAAA or CNAME records.

How to check TXT records

Use DNS Lookup to see TXT records published for a domain or subdomain. For email authentication, use focused tools such as SPF Checker, DKIM Checker and DMARC Checker.

What to compare

When checking TXT records, compare these five values.

Hostname

The exact hostname where the TXT record should exist, such as example.com, _dmarc.example.com or selector1._domainkey.example.com.

Current TXT value

The text currently returned by public DNS.

Expected provider value

The exact value required by your email provider, SaaS platform or verification service.

Record purpose

Whether the TXT record is for SPF, DKIM, DMARC, verification or another service.

Active nameserver

The DNS provider currently controlling the live DNS zone.

If a TXT record is not visible publicly, first confirm that it was added at the active DNS provider and under the correct hostname.

Check TXT records now

Use DNS Lookup to inspect TXT records for your domain, SPF, DKIM, DMARC and verification setup.

Run DNS Lookup →

Common TXT record problems

Multiple SPF records

High

A domain should normally publish only one SPF record. Multiple SPF TXT records can cause SPF validation to fail.

Next step: Merge allowed senders into one valid SPF record.

TXT record added to the wrong hostname

High

The record may be added at example.com when it should be at _dmarc.example.com or selector._domainkey.example.com.

Next step: Check the exact hostname required by the provider.

DKIM key is missing or truncated

High

A DKIM public key may be incomplete, split incorrectly or not published under the expected selector.

Next step: Copy the full DKIM value from your email provider and verify the selector.

DMARC record missing

Medium

The domain does not publish a DMARC policy.

Next step: Add a DMARC TXT record at _dmarc.example.com and start with a monitoring policy if appropriate.

Verification record not found

Medium

A service cannot verify the domain because the TXT record is missing, incorrect or added at the wrong provider.

Next step: Compare the exact token with the provider instructions and check active nameservers.

SPF record too complex

Medium

SPF can fail if it exceeds DNS lookup limits or includes too many unnecessary providers.

Next step: Review includes and remove old sending services.

Old verification records remain

Low

Old TXT records from unused services may clutter the DNS zone and make audits harder.

Next step: Remove only records you are sure are no longer required.

Quotes or formatting are wrong

Medium

Some DNS panels handle quotes, line splitting or long TXT values differently.

Next step: Confirm the value saved in DNS matches what public DNS returns.

How to configure or fix TXT records

  1. Identify the record purpose

    Confirm whether the TXT record is for SPF, DKIM, DMARC, verification, SSL validation or another service.

  2. Confirm the exact hostname

    TXT records may be required at different hostnames, such as the root domain, _dmarc, or a DKIM selector under _domainkey.

    example.com
    _dmarc.example.com
    selector1._domainkey.example.com
  3. Copy the exact provider value

    Use the exact value from your email provider, SaaS platform or verification service. Do not rewrite tokens or keys manually.

  4. Confirm where DNS is hosted

    Check active nameservers and add the TXT record at the provider controlling the live DNS zone.

  5. Avoid duplicate SPF records

    If adding SPF, update the existing SPF TXT record instead of creating a second one.

  6. Save and verify publicly

    After saving the record, use DNS Lookup or the relevant checker to confirm that public DNS returns the expected value.

  7. Keep required verification records

    Do not remove verification records unless you are sure the connected service no longer needs them.

TXT record examples

SPF, DKIM, DMARC and verification
example.com.  3600  IN  TXT  "v=spf1 include:_spf.example.net ~all"

selector1._domainkey.example.com.  3600  IN  TXT  "v=DKIM1; k=rsa; p=PUBLIC_KEY_HERE"

_dmarc.example.com.  3600  IN  TXT  "v=DMARC1; p=none; rua=mailto:dmarc@example.com"

example.com.  3600  IN  TXT  "google-site-verification=example_token"
Check commands
dig example.com TXT
dig _dmarc.example.com TXT
dig selector1._domainkey.example.com TXT

These are examples only. Replace hostnames, providers, tokens and keys with values from your email or service provider.

TXT records and email deliverability

TXT records do not guarantee inbox placement, but they are a key part of email authentication. SPF, DKIM and DMARC help receiving mail servers understand whether a message is authorized and aligned with the sending domain.

If email delivery is poor, TXT records are only one part of the investigation. Also check MX records, reverse DNS, blacklist status, sending reputation, bounce messages and email content.

TXT records during migrations

TXT records are often forgotten during DNS and hosting migrations. A website may continue working after a migration, but email authentication or domain verification may fail if TXT records were not copied.

Before changing nameservers or moving DNS zones, copy:

  • SPF records
  • DKIM records
  • DMARC records
  • Google/Microsoft verification records
  • SSL validation records
  • SaaS verification records
  • any provider-specific TXT records still in use

After migration, compare the old DNS zone with the new live DNS zone.

Frequently asked questions

What is a TXT record used for?

TXT records store text values used for email authentication, domain verification, security policies and provider-specific configuration.

Can a domain have multiple TXT records?

Yes. A domain can have multiple TXT records for different purposes. However, it should normally have only one SPF record.

Is SPF a TXT record?

Yes. SPF is published as a TXT record, usually at the root domain.

Where is a DMARC TXT record added?

A DMARC record is added at _dmarc.yourdomain.com.

Where is a DKIM TXT record added?

A DKIM record is added at a selector hostname under _domainkey, such as selector1._domainkey.example.com.

Can TXT records break my website?

Usually no. Website routing is normally controlled by A, AAAA or CNAME records. However, wrong TXT records can affect email authentication or provider verification.

Why is my TXT record not found?

Common reasons include adding it at the wrong hostname, editing DNS at the wrong provider, waiting for cache propagation, or copying the value incorrectly.

Should I remove old TXT records?

Only remove TXT records when you are sure the related service is no longer used. Removing active verification or authentication records can break connected services.

Use these free tools to verify your configuration after applying changes.

Browse all DNS & Domain guides →

Need help applying this fix?

Send us your domain, report link or issue details. CheckDomainHealth will review the request and route it to the right technical team if hands-on support is needed.

Get Help Run Domain Health Check

Was this guide helpful?

Your feedback helps us improve our guides for everyone.