Why do some sites have a TXT record with only a base64 hash code?

Solution 1:

It looks like an Exchange federation "proof record". More information here: http://www.expta.com/2011/07/how-to-configure-exchange-2010-sp1.html

Domain Proof records are TXT records created in your domain's external DNS zone. The purpose of these TXT records is to prove the identity of your domain for the trust with the Microsoft Federated Gateway (MFG) server.

Run the following cmdlets from the Exchange Management Shell (EMS) to generate the domain proof values:

Get-FederatedDomainProof -DomainName exchangedelegation.companyabc.com

Get-FederatedDomainProof -DomainName companyabc.com

Repeat the second cmdlet for additional SMTP domains you want to federate, if any.

Each cmdlet will generate a unique Proof value, based on a hash using the Exchange Delegation Federation self-signed certificate. If the MFG can read the domain proof value in an external DNS record and it matches the calculated value, it proves domain ownership and validates the trust.

MS documentation: http://technet.microsoft.com/en-us/library/dd335047.aspx

Anyway, we can use TXT records for anything, or at least that's what I understand reading "The semantics of the text depends on the domain where it is found." (RFC 1035)

Solution 2:

In fact, there are several TXT records. If you run dig microsoft.com TXT:

microsoft.com.      3600    IN  TXT "FbUF6DbkE+Aw1/wi9xgDi8KVrIIZus5v8L6tbIQZkGrQ/rVQKJi8CjQbBtWtE64ey4NJJwj5J65PIggVYNabdQ=="
microsoft.com.      3600    IN  TXT "v=spf1 include:_spf-a.microsoft.com include:_spf-b.microsoft.com include:_spf-c.microsoft.com include:_spf-ssg-a.microsoft.com ip4: ip4: ip4: ip4: ip4: ~all"

So there is standart SPF record available while an additional header that may have custom purpose e.g. anything the developers/domain managers wanted.