TXT record values

When you add a TXT record to your domain's DNS settings, you enter specific values depending on what you're using the TXT record for. Below are the values to use when configuring TXT records for various uses with Google services.

You enter these values at your domain host, not in your Google Admin console. Note also that some hosts use different labels for the name and value fields. 

Note: Time to Live (TTL) is the number of seconds before subsequent changes to the TXT record go into effect. This value is 3600 for all TXT records. Learn more

Use case Name/Host/Alias Record Type Value/Answer/Destination
Domain verification Blank or @ TXT Your unique security token provided in the Google Admin console's verification instructions.

The token is a 68-character string that begins with google-site-verification=, followed by 43 additional characters.

For example: google-site-verification=
rXOxyZounnZasA8Z7oaD3c14JdjS9aKSWvsR1EbUSIQ
Subdomain verification The name of your subdomain.
If your subdomain is sub.domain.com, write "sub" for the Host.
TXT Your unique security token provided in the Admin console's verification instructions.

The token is a 68-character string that begins with google-site-verification=, followed by 43 additional characters.

For example: google-site-verification=
rXOxyZounnZasA8Z7oaD3c14JdjS9aKSWvsR1EbUSIQ
SPF record Blank or @ TXT "v=spf1 include:_spf.google.com ~all"

to authorize Google mail servers.
To authorize an additional mail server, add the server's IP address before just before the ~all argument using the format ip4:address or ip6:address. (See Help prevent email spoofing with SPF records for more details on the SPF format.)
DKIM signing Text from the DNS Host name (TXT record name) field in the Google Admin console TXT Text from the TXT record value field in the Admin console.
DMARC authentication _dmarc TXT "v=DMARC1; p=quarantine\; pct=100\; rua=mailto:postmaster@your_domain.com"

To allow third-party recipients to monitor, quarantine, or reject all the messages that claim to be from "your_domain.com" and fail the DMARC checks. You must replace "your_domain.com" with your own domain name. Daily aggregate reports will be sent to "postmaster@your_domain.com" (You'll need to specify a valid email address to receive reports for your domain).
TLS reporting _smtp._tls TXT TXT record name: In the first field, under DNS Host name, enter:
_smtp._tls.domain.com

TXT record value: In the second field, enter:
v=TLSRPTv1; rua=mailto:tlsrpt@domain.com

rua: The email address you created to get reports. To get reports at multiple emails, separate the email addresses with commas:
v=TLSRPTv1; rua=mailto:tlsrpt@domain.com,mailto:mts-sts@domain.com

Note: Syntax for the HTTPS report delivery option is described in Report using HTTPS (RFC 8460)
MTA-STS reporting _mta-sts TXT TXT record name: In the first field, under DNS Host name, enter:
_mta-sts.domain.com

TXT record value: In the second field, enter:
v=STSv1; id=20190425085700

id: Must be 1–32 alphanumeric characters. The ID signals to external servers that your domain supports MTA-STS.

You must update the ID to a new, unique value every time you change your MTA-STS policy.

 

Was this helpful?
How can we improve it?