How this TXT record checker works
A TXT record holds free-form text in DNS. It is how a domain authenticates its email and proves ownership to outside services. Enter a domain and we read every TXT record at its apex (for example, example.com) in one query, then sort each one: your SPF policy, plus verification tokens for the likes of Google, Microsoft 365, Atlassian, Adobe and Stripe.
Next we probe the well-known names that sit below the apex: _dmarc (DMARC policy), _mta-sts (MTA-STS), _smtp._tls (TLS-RPT), default._bimi (BIMI), _acme-challenge, and ownership tokens such as _amazonses. Lookups go over DNS-over-HTTPS and fall back across several resolvers when one is blocked.
DKIM keys are TXT records too, but they sit under per-sender selectors (selector._domainkey), and a domain can have hundreds. We don't enumerate those here. For that, use the dedicated DKIM checker, which probes over 500 known selectors and checks key strength.
TXT Record Checker
Enter a domain to find every TXT record at the apex plus well-known locations like _dmarc, _mta-sts, _smtp._tls, BIMI and verification tokens.
Try an example: google.com · github.com · microsoft.com
Validation results
Frequently Asked Questions
Common questions about TXT records.
What is a TXT record?
A TXT record stores arbitrary text in DNS. Although it can hold any string, in practice it carries machine-readable values for email authentication (SPF, DMARC, DKIM policy, MTA-STS, TLS-RPT, BIMI) and for proving domain ownership to services like Google, Microsoft 365, Atlassian and Stripe. A single name can hold multiple TXT records at once.
Why are some TXT records not at the root of my domain?
Many email-related TXT records live under a prefixed name rather than the apex. DMARC sits at _dmarc.example.com, MTA-STS at _mta-sts.example.com, TLS-RPT at _smtp._tls.example.com and BIMI at default._bimi.example.com. This checker queries the apex and all of these well-known locations so you see them in one place.
Does this tool find DKIM records?
DKIM public keys are TXT records, but they're published under per-sender selectors such as google._domainkey.example.com, and a domain can have hundreds across different providers. We don't enumerate selectors here. Use our dedicated DKIM checker instead, which probes over 500 known selectors and reports the provider and key strength for each.
How many TXT records can I have?
DNS allows many TXT records at the same name, but some types must be unique. Publish only one SPF record (v=spf1) per name; a second one causes a permanent error. The same goes for DMARC at _dmarc. Verification tokens are safe to stack, and several can sit at the apex together.