What can you exploit with a TXT header?

What is the name of the domain?

www.crew4748.rocks

What is the issue you’re encountering

We got an email ostensibly from Cloudflare asking us to add a TXT header to our DNS

What steps have you taken to resolve the issue?

We tried to validate the requested TXT value through our Cloudflare account, but could not.

What is the current SSL/TLS setting?

Full

What are the steps to reproduce the issue?

The email is immaculate, we even found similar “valid” emails in the Community (Thank you Community!) but the email was too perfect and the language was designed to build trust in the email. Cloudflare would know better than to send something like this through the mail.

Adding a TXT header to our DNS is something we do to prove ownership of our domain prior to a transfer, or link to tracking or advertising. This is especially scary because it is a very convincing email!

Screenshot of the error

The email you received pertains to the renewal validation certificate for your domain. Since your domain is currently using non-Cloudflare name servers, you’ll need to add the provided TXT record to your DNS zone. For assistance with updating the TXT record, please reach out to your DNS provider.

To verify the TXT certificate validation details in your Cloudflare account, navigate to Select your domain > SSL/TLS > Edge Certificates. You will see the certificate listed with a status of “pending.” Clicking on the certificate will provide additional information regarding its validation status.