The TXT record is one of the most flexible record types in the DNS system. While other records have a strictly defined technical purpose โ A points to an IP, MX to a mail server โ TXT records store arbitrary text. This is why they have been used for years in many important scenarios, particularly around email security and domain ownership verification.
Technically a TXT record is just a text string in the DNS zone, with each segment limited to 255 characters. Longer values are split into multiple chunks that DNS servers concatenate in order. Understanding this matters when you place long DKIM keys or verification tokens.
SPF and email reputation
SPF (Sender Policy Framework) defines which servers are allowed to send mail on behalf of your domain. A misconfigured SPF record can send your messages to spam folders or cause outright rejection. SPF is published as a TXT record starting with "v=spf1".
A typical record looks like "v=spf1 include:_spf.google.com include:mail.sayt.uz ~all". The "include" directive permits third-party mail providers, and "~all" tells receivers to treat other sources as suspicious. You must publish only one SPF record per domain โ multiple SPF records break validation.
DKIM signatures and message integrity
DKIM (DomainKeys Identified Mail) proves that a message truly came from your server and was not altered in transit. The mechanism uses cryptographic keys: the private key stays on your mail server and signs outgoing messages, while the public key is published as a TXT record on the domain.
The DKIM record lives on the "selector._domainkey" host and contains a value formatted as "v=DKIM1; k=rsa; p=...". The selector is a name picked by the mail provider, such as "google" or "k1". A single domain can hold multiple DKIM keys if you use several mail services.
DMARC policy and reporting
DMARC builds on SPF and DKIM and instructs receivers what to do when messages fail authentication. DMARC is published as a TXT record on the "_dmarc" subdomain.
A starter DMARC policy is typically "v=DMARC1; p=none; rua=mailto:reports@sayt.uz". The "p=none" value asks receivers to take no action, only send aggregated reports. Once the setup proves stable you move to "p=quarantine" and then "p=reject" to fully block spoofed messages.
Ownership verification with TXT
External services such as Google Search Console, Microsoft 365 and Facebook Business Manager require proof of ownership. The most common method is publishing an issued token as a TXT record, formatted like "google-site-verification=abc123...".
Verification tokens propagate in 10 to 30 minutes but can take up to 24 hours. Do not remove the token after verification โ many services periodically recheck ownership and revoke access if the record disappears.
Sayt.uz practice
Among our customers 78 percent of active domains carry at least one TXT record, usually related to email or Google verification. The full SPF, DKIM and DMARC stack is configured on 34 percent of domains, and those customers see significantly lower spam folder placement โ on average under 2 percent.
Sayt.uz provides DNS management free of charge for every domain owner, with no extra fee for adding TXT records. A .uz domain costs 119 000 soum per year with basic DNS included. The full mail infrastructure setup including SPF, DKIM and DMARC is offered from 250 000 soum and covers ongoing report monitoring.