What is a TXT Record?

The most important use of TXT records is email authentication — preventing email spoofing and phishing:

• SPF (Sender Policy Framework): A TXT record listing which mail servers are authorized to send email for your domain. Receiving servers check SPF to verify the sender
• DKIM (DomainKeys Identified Mail): A TXT record containing a public key used to verify that email messages were signed by the domain's mail server and haven't been modified in transit
• DMARC (Domain-based Message Authentication): A TXT record that tells receiving servers what to do when emails fail SPF or DKIM checks — quarantine, reject, or report

Together, SPF, DKIM, and DMARC form a defense against email spoofing — a critical complement to DNS security that protects against phishing attacks.

TXT records are widely used to prove domain ownership:

• Google Workspace: Add a TXT record to verify domain ownership for Gmail and Google services
• SSL certificates: Certificate authorities may require a TXT record to validate domain control before issuing TLS certificates
• SaaS integrations: Many services (analytics, CDN, email) use TXT records for domain verification
• Security scanning: Some security tools use TXT records to verify authorized scanning of a domain

TXT records are an authoritative DNS concept — they're configured by domain owners at their DNS hosting provider. Services like NOC.org manage authoritative DNS zones where TXT records (along with A, AAAA, MX, and other records) are created and maintained.

CleanBrowsing operates on the recursive resolver side — looking up DNS records on behalf of users. TXT record lookups pass through CleanBrowsing's resolver normally since they're essential for email authentication and domain verification. DNS content filtering focuses on blocking web content domains, not utility record types.