DNS tools

TXT record checker

Instantly look up and analyse all TXT records for a domain, SPF, DMARC, DKIM, and verification records classified automatically.

Look up and analyse all TXT records for a domain, SPF, DMARC, DKIM, and verification records classified automatically.

How to use the TXT record checker

Enter a domain name

Type a domain like example.com, the tool strips https:// and trailing paths automatically.

Choose a DNS resolver

Query records through Google, Cloudflare, or OpenDNS to see what different resolvers return.

Keep DKIM auto-detect on

We probe 15 common DKIM selectors in parallel and show any published keys, no need to know the selector name.

Filter and review

Every record is classified automatically (SPF, DMARC, DKIM, verification, other). Use the filter pills to isolate specific types.

TXT record tags, what each one means

SPF

Starts with v=spf1, defines which mail servers are authorized to send email for this domain. Key for deliverability and spoofing prevention.

DMARC

Starts with v=DMARC1, sets the policy for handling email that fails SPF or DKIM, and where to send reports.

DKIM

A public key used by receiving servers to verify your email signature. Published at selector._domainkey.yourdomain.

Verification & other

google-site-verification, MS=… and similar records prove domain ownership to SaaS platforms. Anything else shows as a plain TXT record.

What is a DNS TXT record?

A TXT record stores arbitrary text data against a domain. Originally meant for human-readable notes, TXT records are now the backbone of machine-readable verification and email authentication.

Email authentication

SPF, DKIM, and DMARC all use TXT records to publish policies that receiving mail servers check before delivering email.

Domain verification

Google, Microsoft, and other services ask you to add a TXT record to prove you own a domain before granting access.

Security policies

BIMI, MTA-STS, and TLS-RPT records are published as TXT records to strengthen your email transport security.

Third-party integrations

Many SaaS tools use TXT records to verify domain ownership when enabling custom sending domains or SSO.

Frequently asked questions

It queries the DNS for all text records published under a domain, the same records mail servers, security tools, and SaaS verifiers read to authenticate and authorize your domain.

Yes, most domains have several: one SPF, one DMARC, multiple verification records, and one DKIM key per selector. The only rule is that a domain must not publish more than one SPF record.

The record is not published at the expected location. Missing SPF or DMARC significantly hurts deliverability, use our SPF Generator to build a record, then publish it with your DNS provider.

DKIM keys live at <selector>._domainkey.<domain>, and the selector name is not discoverable from DNS alone. We probe 15 selectors commonly used by Google Workspace, Microsoft 365, and popular ESPs, and report every key we find.

Changes take effect after the record TTL expires in resolver caches, typically 5 minutes to an hour. Use our DNS Propagation Checker to watch a change roll out worldwide.

Try more email authentication tools

Strengthen your domain security with our free lookup tools.

Run this check once, or have it watched 24/7.

SenderSignal monitors these signals continuously: 48 blacklists, SPF, DKIM, DMARC, TLS and more, with alerts in Slack, email and signed webhooks.

Start monitoring free All free tools