Instantly look up and analyse all TXT records for a domain, SPF, DMARC, DKIM, and verification records classified automatically.
Type a domain like example.com, the tool strips https:// and trailing paths automatically.
Query records through Google, Cloudflare, or OpenDNS to see what different resolvers return.
We probe 15 common DKIM selectors in parallel and show any published keys, no need to know the selector name.
Every record is classified automatically (SPF, DMARC, DKIM, verification, other). Use the filter pills to isolate specific types.
Starts with v=spf1, defines which mail servers are authorized to send email for this domain. Key for deliverability and spoofing prevention.
Starts with v=DMARC1, sets the policy for handling email that fails SPF or DKIM, and where to send reports.
A public key used by receiving servers to verify your email signature. Published at selector._domainkey.yourdomain.
google-site-verification, MS=… and similar records prove domain ownership to SaaS platforms. Anything else shows as a plain TXT record.
A TXT record stores arbitrary text data against a domain. Originally meant for human-readable notes, TXT records are now the backbone of machine-readable verification and email authentication.
SPF, DKIM, and DMARC all use TXT records to publish policies that receiving mail servers check before delivering email.
Google, Microsoft, and other services ask you to add a TXT record to prove you own a domain before granting access.
BIMI, MTA-STS, and TLS-RPT records are published as TXT records to strengthen your email transport security.
Many SaaS tools use TXT records to verify domain ownership when enabling custom sending domains or SSO.
It queries the DNS for all text records published under a domain, the same records mail servers, security tools, and SaaS verifiers read to authenticate and authorize your domain.
Yes, most domains have several: one SPF, one DMARC, multiple verification records, and one DKIM key per selector. The only rule is that a domain must not publish more than one SPF record.
The record is not published at the expected location. Missing SPF or DMARC significantly hurts deliverability, use our SPF Generator to build a record, then publish it with your DNS provider.
DKIM keys live at <selector>._domainkey.<domain>, and the selector name is not discoverable from DNS alone. We probe 15 selectors commonly used by Google Workspace, Microsoft 365, and popular ESPs, and report every key we find.
Changes take effect after the record TTL expires in resolver caches, typically 5 minutes to an hour. Use our DNS Propagation Checker to watch a change roll out worldwide.
Strengthen your domain security with our free lookup tools.
SenderSignal monitors these signals continuously: 48 blacklists, SPF, DKIM, DMARC, TLS and more, with alerts in Slack, email and signed webhooks.