TXT Record – (Text Record)

(SPF, DKIM, and DMARC for Plesk + Rebel Email)

🧩 What is a TXT Record?

A TXT record (Text record) is a DNS setting that stores readable instructions for email servers and other systems.

For email, TXT records are mostly used for authentication — confirming who is allowed to send email for a domain and preventing spam, spoofing, or rejection.

There are 3 major TXT records related to email:

TypeWhat it does
SPFSays who can send emails for the domain
DKIMAdds a digital signature to prove legitimacy
DMARCTells receivers what to do if SPF/DKIM fail

🔍 Real TXT Records for firstday.ca

Let’s break down your domain’s current setup:

✅ SPF – Who’s Allowed to Send

Type: TXT  
Host: firstday.ca  
Value: v=spf1 a mx include:relay.mailchannels.net -all

🔎 What it means:

  • v=spf1 = using SPF version 1
  • a = allow mail from the domain’s IP (A record)
  • mx = allow mail from mail servers in MX record
  • include:relay.mailchannels.net = allow Rebel’s third-party sender (MailChannels)
  • -all = reject anything not listed above

✅ This setup says:

Only servers associated with the domain’s A record, MX record, or MailChannels are allowed to send email for firstday.ca.

✅ DKIM – Email Signature Check

Type: TXT  
Host: default._domainkey.firstday.ca  
Value: v=DKIM1; p=MIIBIjANB... (long public key)

🔎 What it means:

  • DKIM (DomainKeys Identified Mail) signs outgoing email with a private key
  • The receiving mail server checks the signature against this public key
  • If it matches, the email is verified

✅ Your record uses Plesk’s default DKIM selector:

default._domainkey.firstday.ca

⚠️ If email is being sent through MailChannels, it also uses DKIM, and the signature is verified against this record.

✅ DMARC – What to Do with Failures

Type: TXT  
Host: _dmarc.firstday.ca  
Value: v=DMARC1; p=quarantine; adkim=s; aspf=s

🔎 What it means:

  • v=DMARC1 = DMARC is active
  • p=quarantine = if SPF & DKIM fail, treat mail as suspicious (spam folder)
  • adkim=s = strict DKIM alignment
  • aspf=s = strict SPF alignment

✅ This says:

If someone spoofs firstday.ca and fails both SPF & DKIM, the receiving server should quarantine the message (don’t accept it into inbox).

✅ Other TXT Records

Type: TXT  
Host: _domainkey.firstday.ca  
Value: o=-

This one is from an older DomainKeys system (pre-DKIM). It’s harmless and safe to leave.

🛠 How to Check or Add TXT Records in Plesk

  1. Log in to Plesk
  2. Go to Domains → DNS Settings
  3. Look for TXT records for:
    • @
    • _dmarc
    • default._domainkey
  4. To add a new one:
    • Click Add Record
    • Type: TXT
    • Domain: e.g. _dmarc or @
    • TXT record: (paste the value)

🟢 Safe for agents
🔴 Do not modify DKIM manually unless advised by the mail provider

🔧 Tools to Check TXT Records (No Login Needed)

ToolUse for…
MXToolbox TXT LookupSee all TXT records for a domain
Google DigSearch specific TXT (e.g., _dmarc)
Kloth.netRun DIG queries on TXT/SPF/DKIM
DNSChecker.orgSee global DNS for TXT

✋ Common Issues You Might See

ProblemLikely CauseFix
Emails go to spamMissing or bad SPF/DKIM/DMARCCheck & correct TXT records
Gmail shows “via mailchannels.net”SPF is OK but DKIM missing/failedEnsure DKIM is active in Plesk
Mail rejected by Microsoft or GmailDMARC policy too strict or misalignedUse p=none temporarily if testing
Customer moved email providersOld TXT records still presentUpdate SPF/DKIM/DMARC per new host

💡 What If the Customer Uses Gmail, Outlook, Zoho?

They’ll need new TXT records — usually:

  • SPF like:
    v=spf1 include:_spf.google.com ~all (for Gmail)
  • DKIM: generated from the Gmail/Outlook admin console
  • DMARC: same as before — optional, but recommended

📌 Agent Tip: Always ask:

“Where is your email hosted?”
“Are you using Webmail or a provider like Google or Microsoft?”

Then adjust records accordingly.

✅ Final Takeaways for Agents

  • TXT records = email trust and authentication
  • Plesk + Rebel email should use:
    • SPF: v=spf1 a mx include:relay.mailchannels.net -all
    • DKIM: auto-enabled with default._domainkey
    • DMARC: _dmarc with a policy like p=quarantine
  • Use tools like MXToolbox or DNSChecker to confirm outside
  • Don’t mix records from multiple providers unless instructed