DNS TXT records are usually added for email auth or vendor verification and rarely revisited. We scanned TXT records across Fortune 500 domains to see what they expose at scale, and found they consistently reveal email infrastructure, SaaS dependencies, legacy tooling, and long-lived operational artifacts. The analysis shows how much actionable security and intelligence context is visible through public DNS alone, without touching a single endpoint.
Bender•2w ago
I would also add that these dangling TXT records also build up into a amplification DDoS risk for recursive name servers. When running public recursive servers I have had to strip the TXT records for several domains including but not limited to 500px.com box.com ebay.com google.com hm.com lenovo.com nordstrom.com realtor.com tmz.com wired.com. Take a look:
for i in $(echo "500px.com box.com ebay.com google.com hm.com lenovo.com nordstrom.com realtor.com tmz.com wired.com");do dig +short +nocookie -t TXT "${i}";echo;done
My public name servers served a specific purpose for people and domains in a certain country being filtered so stripping such records were perfectly splendid as I was expecting a country to attack me.
shakauy•2w ago
Indeed! Good point, TXT records pile up fast with SPF, DKIM, DMARC, and vendor checks, which increases amplification risk for resolvers, and it's the same sprawl we’re seeing as long-lived infrastructure signals from the outside!
shakauy•2w ago
Bender•2w ago
shakauy•2w ago