For security reasons, Phish Insight needs to make sure you have adequate permission to send phishing simulation or training emails in your organization by verifying the TXT Record of your domain.
TABLE OF CONTENTS
- What is a TXT Record?
- Why do I have to add a TXT Record?
- How it works?
- How to identify my domain host?
- Where can I get the unique DNS TXT Key for my account?
- How do I add the TXT Record?
- How do I know if I configured it correctly?
What is a TXT Record?
TXT record is a DNS record used to associate text information to confirm that your organization owns a specific DNS zone.
Why do I have to add a TXT Record?
Adding the TXT key record to your domain's DNS records allow Phish Insight to verify that you own and manage the domain.
NOTE: Adding the TXT record will not harm your website or DNS settings. TXT record changes requires up to 72 hours to propagate worldwide, although most often this happens in a matter of hours.
How it works?
Every Phish Insight account has a unique DNS TXT key. When you start a phishing simulation, Phish Insight will probe the domain server of the campaign recipients' email addresses. If it finds the corresponding TXT record, Phish Insight sends out the simulated phishing simulation emails. This is one of our security mechanisms to prevent abuse of our service. You will need to show basic ownership or the capability to contact the administrator of the recipients' email domain before you can start sending phishing simulation mails to your recipients.
How to identify my domain host?
A domain host is an internet service that manages your domain name. You can identify your domain host using the following options.
- Check your billing records
Your domain host is typically who you bought your domain name from. If you don't remember who your domain host is, search your email archives for billing records about registration or transfer of your domain name. - Use ICANN Lookup
The Internet Corporation for Assigned Names and Numbers (ICANN) is a non-profit organization that collects domain information. Use the ICANN Lookup tool to find your domain host. - Sign in to your third-party DNS host
Several third-party DNS hosting services, such as ClouDNS.net and FreeDNS, offer custom DNS hosting. If you use a third-party DNS host for your domain, the registrar listed in the ICANN Lookup is not where your domain records are managed.
Where can I get the unique DNS TXT Key for my account?
- Login to Phish Insight.
- Go to Settings > Verified Domains.
- Look for a 40 alpha-numeric characters.
Example: BHAPAUE0SG22Q8X1AZ6VFP1HZLA6YH5C2BFZ27V1
How do I add the TXT Record?
Note: You may get help from your IT administrator for you organization to access the DNS records of your domain.
- Open a web browser and sign into your domain host account.
- Go to the DNS Records for your domain (look for a page called DNS Management, Name Server Management, Control Panel, or Advanced Settings).
- Select the option to add a new record.
- Select TXT for the record type
- In the Name/Host/Alias field, type @ or leave it blank. Refer to your other DNS records to help you decide which one you should use.
- In the Time to Live(TTL) field, either enter 300 or do not change the default value.
- In the Value/Answer/Destination field, paste the TXT key provided by Phish Insight for your account.
- Save the record.
For the common domain service, we recommend follow these documents:
- Cpanel: Zone Editor
- Google Domains: Verify your domain with a TXT record
- GoDaddy: Add a TXT record
- Wix: Adding or Updating TXT Records in Your Wix Account
- CloudFlare: Managing DNS records in Cloudflare
Sample Email Template
You can follow the sample email template below to request your IT, or the team who manages your domain, to add the TXT record for you.
Greetings,
We are about to launch a phishing simulation / training campaign to selected employees. We'll use Trend Micro Phish Insight, a cloud-based service, in launching this campaign. As part of their security procedure, we would need to verify our domain as a proof that we have adequate permission in sending campaign emails. This verification requires us to add a TXT key to our DNS records. We would like to seek your help in performing this action. All the information can be found on the link below.
https://success.phishinsight.trendmicro.com/en/support/solutions/articles/61000269465-verify-an-email-domain
Thank you in advance.
Regards,
{{Name}}
{{Department}}
How do I know if I configured it correctly?
Phish Insight has an indicator to show you if all the domains of a recipient list have been authorized by DNS TXT verification. If warning message is found, kindly refer to the instructions provided and take the recommended action.
What if I have multiple email domains?
If you want to send to recipients with different email domains in one campaign, you need to ensure that the DNS servers of all the included email domains have the corresponding DNS TXT record registered.
Example: If your phishing simulation recipient list includes: [email protected]; [email protected]; and [email protected]; You must add the TXT key of your Phish Insight account to the DNS of both abc.com and xyz.com.