What Is a TXT Record?

TXT records store text data in DNS - used for SPF, DKIM, DMARC email authentication and domain ownership verification. Learn formats and real examples.

Last updated July 11, 2026

A TXT record stores arbitrary text in DNS. Originally meant for human-readable notes, TXT records are now the backbone of email authentication (SPF, DKIM, DMARC) and the standard way services verify that you own a domain.

What are TXT records used for?

  • SPF - declares which servers may send email for your domain.
  • DKIM - publishes the public key that verifies your outgoing mail's signature.
  • DMARC - tells receivers what to do when SPF/DKIM fail, and where to send reports.
  • Domain verification - Google Search Console, Microsoft 365, and most SaaS tools ask you to publish a unique token as a TXT record.
  • Miscellaneous policies - site verification, security contact info, BIMI, and more.

SPF example

Name:  @
Type:  TXT
Value: "v=spf1 include:_spf.google.com ~all"

This authorizes Google's servers to send mail for your domain and asks receivers to soft-fail anything else. A domain must have exactly one SPF record - if you use multiple senders (e.g., Google plus a newsletter tool), merge them into one string: v=spf1 include:_spf.google.com include:sendgrid.net ~all.

DKIM example

Name:  google._domainkey
Type:  TXT
Value: "v=DKIM1; k=rsa; p=MIIBIjANBgkq..."

Your mail provider generates this key and gives you the exact name (the selector) and value. Long keys are split into multiple 255-character strings - resolvers concatenate them automatically, so don't worry if your DNS panel shows the value in chunks.

DMARC example

Name:  _dmarc
Type:  TXT
Value: "v=DMARC1; p=quarantine; rua=mailto:dmarc@example.com"

Start with p=none to monitor reports, then tighten to quarantine or reject once you've confirmed all legitimate senders pass. Together with MX records for inbound mail, SPF + DKIM + DMARC complete your domain's email configuration.

How to verify domain ownership with a TXT record

  1. The service (e.g., Google Search Console) shows you a token like google-site-verification=abc123....
  2. Add a TXT record on the requested name (usually @) with the token as the value.
  3. Wait a few minutes for the record to propagate, then click Verify. The record must stay in place - services re-check periodically.

TXT record limits worth knowing

  • Each string is capped at 255 characters; a record may hold multiple strings that concatenate.
  • Multiple TXT records on the same name are fine (verification tokens + SPF coexist happily) - except SPF, which must be unique.
  • Quotes matter in some panels; ice.domains free DNS hosting handles quoting and splitting automatically.

Frequently Asked Questions

As many as you need - multiple TXT records on the same name are valid. The one exception is SPF: a domain must have only one SPF record, so merge multiple senders into a single v=spf1 string.

Each string within a TXT record is limited to 255 characters, but a record can contain multiple strings that resolvers concatenate. Long DKIM keys are split this way automatically.

Services like Google Search Console give you a unique string to publish as a TXT record on your domain. Add it in your DNS panel, wait a few minutes, then click verify.

Get free DNS hosting in minutes

Unlimited zones and records on a global anycast network. Works with domains registered anywhere. No credit card required.