TXT records, SPF, verification
DNS & Records
DNS Lookup Every DNS record for any domain A Record Lookup IPv4 addresses for a domain AAAA Record Lookup IPv6 addresses for a domain MX Lookup Mail servers for a domain NS Lookup Authoritative name servers TXT Lookup TXT records, SPF, verification CNAME Lookup Canonical name (alias) records SOA Lookup Start of Authority record SRV Lookup Service location records CAA Lookup Which CAs may issue certificates Reverse DNS (PTR) IP address to hostname DNSSEC Check Is the domain signed and validated? DNS Health Check A full delegation & DNS report cardEmail Deliverability
SPF Check Validate your Sender Policy Framework record DMARC Check Inspect and grade your DMARC policy DKIM Check Find and validate your DKIM public key Blacklist Check Check an IP against email blocklists (DNSBLs) SMTP Test Connect to a mail server and check STARTTLS MTA-STS Check Enforced TLS policy for inbound mail BIMI Check Brand logo record for email TLS-RPT Check SMTP TLS reporting policyNetwork & Web
SSL Certificate Check Inspect a site's TLS certificate and expiry HTTP Header Check Inspect response headers, redirects and security Ping (TCP) Reachability and latency over TCP Port Check Which common ports are openDomain
WHOIS Lookup Registration data for domains, IPs and ASNsA TXT record holds arbitrary text in DNS and is widely used for email authentication (SPF), domain-ownership verification and service configuration. A single domain can publish many TXT records at once. Because they are flexible and easy to add, TXT records have become the standard way to attach machine-readable policy and proof to a domain.
Originally meant for free-form notes, TXT records now carry structured data that other systems read. SPF policies list which servers may send mail for the domain. DKIM and DMARC records, published as TXT, authenticate and report on email. Verification strings from Google, Microsoft, Atlassian and countless SaaS tools prove you control the domain. You may also see TXT records for site verification, BIMI or custom application settings. Each serves a different consumer, so a busy domain accumulates many over time.
IPeek returns every TXT record on the domain, each as a quoted string. Identify them by their prefixes: v=spf1 marks an SPF policy, v=DMARC1 a DMARC policy (usually on the _dmarc subdomain), and google-site-verification or similar tokens mark ownership proofs. A long string split across quoted chunks is one logical record concatenated by the resolver. Watch for two SPF records on the same name, which is invalid, and for stale verification tokens from services you no longer use that can safely be cleaned up.
SPF, DKIM and DMARC all live in TXT records and work together to stop spoofing. SPF (v=spf1) declares which IPs and hosts may send mail for your domain; receivers reject or flag anything else. DKIM publishes a public key so receivers can verify a cryptographic signature on each message. DMARC (v=DMARC1, on _dmarc) ties the two together and tells receivers what to do with failures, plus where to send reports. A domain should have exactly one SPF record but can hold many other TXT records alongside it.
Yes, a domain can publish many TXT records simultaneously, and most active domains do. Verification tokens, DMARC policies and application settings often coexist on the same name. The one important exception is SPF: a domain must have only a single SPF (v=spf1) record, because multiple SPF records are invalid and break authentication.
An SPF record is a TXT record beginning with v=spf1 that lists the servers authorized to send email for your domain. Receiving servers check it to decide whether incoming mail genuinely comes from you. It is stored as a normal TXT record on the domain's root name, and a domain must have exactly one.
Many services ask you to add a TXT record containing a unique token they provide, then check DNS for it to confirm you control the domain. Google, Microsoft and most SaaS platforms use this method. Once verified, the token can usually stay or be removed; cleaning up unused tokens keeps your DNS tidy.
DNS limits a single TXT string to 255 characters, so longer values are split into several quoted chunks within one record. Resolvers and IPeek concatenate these chunks back into one logical value. This is normal and expected for long DKIM keys or detailed SPF policies; the split has no effect on how the record is read.
All three are email-authentication mechanisms published as TXT records. SPF lists which servers may send for your domain, DKIM adds a cryptographic signature receivers can verify with a published key, and DMARC sets policy for handling failures and requests reports. Used together they make spoofing your domain far harder.