Unknown DNS records – Heroku, DKIM, SPF

There are 3 TXT records we do not recognize in our account. Are these from Cloudflare or something we might of set up at some point and not realized/remembered? Looked suspicious. Thanks for any recommendations.

They 3 TXT records are:

  1. Heroku, which we have never used.
  2. DKIM private key (not sure what this is)
  3. SPF record (not sure what this is)

Cloudflare doesn’t automatically create DNS Records that would be visible in your dashboard without some action on your part. You could try reviewing Audit Logs: Review audit logs · Cloudflare Fundamentals docs, but these may have been created a while ago (or even imported from your old DNS host, if you migrated).

Probably for verification, someone created at some point

Important for Email, I wouldn’t touch them unless you know what you are doing, not suspicious:

Thanks @Chaika for your comments. I’m the only person who has ever had access to this DNS. We went ahead and deleted Heroku. I believe we should delete the other two as well. The only email sending we do is through Google Workspace and ConvertKit. I checked with CK and these are not for them. I can’t seem to find anything to support these being a part of our Google Workspace email either, but unsure. Any thoughts there?

I’m wondering if these were something I added a long time ago before we used Google Workspace. We also had some godaddy CNAME records in there that I know were pretty old and not needed anymore.

I did check audits and could not find matching logs for these.

1 Like

Unless you want email delivery problems, do not delete your DKIM or SPF records. Your DKIM contains a public, not a private key. Both are probably from your Google Workspace setup.


This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.