On 29 May 2025, at 20:48, John R Levine <[email protected]> wrote: > On Thu, 29 May 2025, Paul Hoffman wrote: >>> When I look at the TXT records on any large organization's DNS apex, I find >>> it hard to believe >>> that all of those records are just one time DCV that they forgot to remove. >> >> Correct: there's a good chance they left them there because they don't know >> if they're safe to remove, so why not just leave them it. Whoever told them >> to add the record didn't say when they should remove it. > > Some of them are but I'm fairly sure that some of them have to stay there as > long as you subscribe to the corresponding service. Either way we're > guessing, so I wouldn't want to make any strong assertions either wy.
I don't see great value in naming names, but I have certainly seen both behaviours. I have definitely received automated email telling me that my domain is about to be detached from a particular service because the TXT record had been removed. Other TXT records I have been removed in the interests of hygiene had no such effect. I agree that consistency would be better than this state of affairs. It also seems possible that there is a need for two signals: that a domain is authorised to onboard to a particular service, and that a domain is authorised to continue to be linked to a service. Joe _______________________________________________ DNSOP mailing list -- [email protected] To unsubscribe send an email to [email protected]
