TXT Record Lookup: SPF, DKIM, and Other DNS Text Records

What TXT Records Are

TXT records store arbitrary text data in DNS. Originally defined in RFC 1035 as a general-purpose record type, TXT records have become the primary mechanism for publishing email authentication policies, domain verification tokens, and other machine-readable metadata. A single domain can have many TXT records — it is common to see five or more at the apex of an actively used domain.

What TXT Records Are Used For

Email Authentication

The three major email authentication protocols all use TXT records:

• SPF — Published at the domain apex (e.g., example.com). Starts with v=spf1 and lists which servers are authorized to send email for the domain. Use the SPF Checker for protocol-aware validation including lookup counting.

• DKIM — Published at selector-specific subdomains (e.g., s1._domainkey.example.com). Contains the public key used to verify DKIM signatures on outbound mail. Use the DKIM Checker to verify key presence and strength.

• DMARC — Published at _dmarc.example.com. Defines the domain's DMARC policy: how receivers should handle messages that fail SPF or DKIM alignment. Use the DMARC Checker to validate your policy.

For a complete overview of how these protocols work together, see the Email Authentication Guide.

Domain Verification

Cloud services use TXT records to prove domain ownership. Google Workspace, Microsoft 365, AWS SES, and dozens of other services ask you to publish a TXT record with a unique token (e.g., google-site-verification=abc123...). Once the service detects the record, ownership is confirmed. Whether these verification records can be removed depends on the provider — many must remain published for ongoing service functionality or feature access.

Other Uses

TXT records also appear in BIMI (Brand Indicators for Message Identification), TLS-RPT reporting policies (_smtp._tls), MTA-STS declarations (_mta-sts), and custom application-specific data. Any system that needs to store a small piece of machine-readable data at a domain name can use a TXT record.

Reading TXT Records

When you query TXT records for a busy domain, expect multiple results. Each record serves a different purpose, and they are distinguished by their content, not by any DNS-level labeling. An SPF record starts with v=spf1, a DMARC record starts with v=DMARC1, and verification tokens follow provider-specific formats.

Warning: Some domain administrators accidentally publish multiple SPF records (two TXT records starting with v=spf1). Per RFC 7208, a domain must have at most one SPF record. Multiple SPF records cause a PermError, and many receivers treat this as a complete SPF failure. The SPF Checker detects this automatically.

Checking TXT Records

Use the mxio TXT Lookup to see every TXT record published for a domain. For protocol-specific analysis — lookup counting, policy validation, key verification — use the dedicated SPF Checker, DKIM Checker, or DMARC Checker. The TXT Lookup shows you everything that is published; the specialized tools tell you whether it is correct.

Look up TXT records for your domain