A brief history of TXT Records

txt
When the Domain Name System was designed thirty years ago the concept behind it was pretty simple. It’s mostly just a distributed database that lets you map hostname / query-type pairs to values.
If you want to know the IP address of cnn.com, you look up {cnn.com, A} and get back a couple of IP addresses. If you want to know where to send mail for aol.com users, you look up {aol.com, MX} and you get a set of four hostname / preference pairs back. If you want to know the hostname for the IP address 206.190.36.45 you look up {45.36.190.206.in-addr.arpa, PTR} and get a hostname back.
There’s a well-defined meaning to each of those query types  – A is for IP addresses, MX is for mailservers, PTR is for hostnames – and that was always the intent for how DNS should work.
When DNS was first standardized, though, there was one query type that didn’t really have any semantic meaning:

TXT RRs are used to hold descriptive text. The semantics of the text depends on the domain where it is found.

TXT records didn’t really have a use. Some domain owners used them to provide their contact information for the domain, and there were some funny messages scattered around, but that was about it.
Around the year 2000 email people started thinking about publishing data in the DNS. Email people are not the same as DNS people. To a DNS person the obviously correct way to do that would be to define a new query type, persuade people to agree on that definition and then make it a standard by publishing an RFC.
But email people have a long history of piling standards on top of other standards and deploying ad-hoc approaches (e.g. X-Headers, Uuencoding, PGP encapsulation and ascii armoring) without more than the bare minimum of agreement on the right way to do things. That approach helps with fast-yet-gradual deployment of new solutions, but also leads to a certain impatience with the bureaucracy of an actual standards development process.
Just stick it in a TXT record!” became the rallying cry.
SPF was the first widely deployed protocol to do that. There was an attempt to migrate SPF from using TXT records to using a dedicated SPF record type, but given the deployed base of users already using TXT records it was doomed to failure.
Whenever someone is rolling out a new protocol that needs a domain owner to publish something – whether it’s something fairly standardized or pretty much ad-hoc – they tend to reach for a TXT record.
Some more things you need to know about TXT records on Monday.

Related Posts

Four things to check before your next mailing

Like many bits of technology, email is often set-and-forget. Everything is checked and rechecked during setup, and then no one goes back and looks at it again. But mail programs are not static, and people make changes. These changes don’t really break things, but over time they can create their own set of problems.
Setting aside some time every quarter or even every year to check and make sure all the bits of mail are configured correctly is a good idea.

Read More

DMARC: an authentication framework

A new email industry group was announced this morning. DMARC is a group of industry participants, including large senders, large receivers and relevant intermediaries working on a framework to reduce the harm from phishing.
DMARC is working on a standard to allow senders to publish sending policies and receivers to act on those policies. Currently, senders who want receivers to not deliver unauthenticated email have to negotiate private agreements with the ISPs to make that happen. This is a way to expand the existing programs. Without a published standard, the overhead in managing individual agreements would quickly become prohibitive.
It is an anti-phishing technique built on top of current authentication processes. This is the “next step” in the process and one that most people involved in the authentication process were anticipating and planning for. I’m glad to see so many big players participating.
 

Read More

Authentication and Repudiation

Email Authentication lets you demonstrate that you sent a particular email.
Email Repudiation is a claim that you didn’t send a particular email.
 
SPF is only for email authentication1
DKIM is only for email authentication
DMARC is only for email repudiation
 
1 SPF was originally intended to provide repudiation, but it didn’t work reliably enough to be useful. Nobody uses it for that now.

Read More