Score:7

Base64 encoded MX records in TXT records

fr flag

A lot of domains hosted by Namecheap contain strange DNS TXT records that appear to be base64 encoded, that when decoded look like a weird kind of MX record - having the structure of both a priority and then a domain. What are these for? There does not appear to be any documentation anywhere regarding these. There are tens of thousands of examples of these, yet there is no clear purpose or documentation. Does anyone know what these are used for?

Some examples:

  • everythingforsight.org. has a TXT record of MAltYWlsLmV2ZXJ5dGhpbmdmb3JzaWdodC5vcmcuCg== which decodes to 0 mail.everythingforsight.org.
  • 1eyeworks.com. has a TXT record of MAltYWlsLjFleWV3b3Jrcy5jb20uCg== which decodes to 0 mail.1eyeworks.com.
Michael Hampton avatar
cz flag
What did Namecheap say about it?
Henry avatar
fr flag
They said it wasn't anything to do with them and that they had no idea what they were for.
user1686 avatar
fr flag
How did you retrieve these records? By looking at Namecheap's DNS management panel, or externally?
Henry avatar
fr flag
Externally, just by doing DNS lookups.
Patrick Mevzek avatar
cn flag
Yes, "authentication" is what makes more sense. However the content of the page linked too (regarding the `MX` records) do not match at all the 2 domains in question, but maybe they have changed their configuration and `TXT` records are often not cleaned up after the fact.
vn flag
Yeah, I'm guessing they did some migration with little/no cleanup after.
Henry avatar
fr flag
This could be it, however the 'alternate TXT record' format isn't specified so we can't be sure it is this.
Score:4
cn flag

You need to ask the owner of those zones as they are theoretically responsible for the content, not the DNS provider.

It may be for some sort of "authentication" as TXT records are often (ab)used for that, or just some bad tool. Or loose attempts at some sort of zone integrity checks.

Anyway, they don't "match". everythingforsight.org. has currently 3 MX records, none of them using mail.everythingforsight.org. as mail exchanger.

In fact, instead of asking Namecheap you should ask the company behind web-hosting.com as this is the base of the email exchangers used in the 2 domains you gave as example. Hum.... web-hosting.com seems to be Namecheap anyway too :-)

Henry avatar
fr flag
That was an observation I had made too, most of these domains with these records the domain in the encoded record is `mail.<domain>` and they do not match the actual MX records of the domain.
mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.