TXT Record Checker

Check DNS TXT records for SPF, DKIM, and DMARC email authentication configuration.

What does TXT Record Checker do?

TXT Record Checker retrieves and analyzes DNS TXT records for one or more domains. It validates SPF (Sender Policy Framework), DMARC (Domain-based Message Authentication, Reporting and Conformance), and DKIM (DomainKeys Identified Mail) configuration. It also identifies domain verification records for services like Google, Facebook, Microsoft, and Apple. Any configuration issues found are reported in the issues array.

Use it for email security auditing, deliverability analysis, compliance monitoring, or vendor assessment across any number of domains. The structured output parses SPF includes, DMARC policies, and verification entries so you do not need to manually read raw DNS records.

Who is it for?

• 🔧 System administrators — verifying TXT records for domain ownership and service configurations
• 🛡️ Security auditors — checking for SPF, DKIM, and DMARC entries in TXT records
• 📧 Email administrators — troubleshooting email authentication via DNS TXT records
• 🏢 Managed service providers — monitoring TXT record configurations for client domains
• 📋 IT consultants — documenting DNS TXT entries during infrastructure reviews

Use cases

• Email administrators verifying that SPF, DKIM, and DMARC are properly configured across all company domains
• Marketing teams auditing email authentication before launching campaigns to maximize inbox delivery rates
• Security analysts checking the email security posture of third-party vendors and business partners
• Compliance officers ensuring domains meet organizational or regulatory email security standards
• MSP/IT consultants reviewing TXT records across multiple client domains in a single batch

Why use TXT Record Checker?

• Complete email auth analysis — checks SPF, DKIM, and DMARC in a single run
• Issue detection — identifies configuration problems like missing records or weak policies
• Verification record identification — detects Google, Facebook, Microsoft, and Apple domain verification entries
• Batch processing — check hundreds of domains at once instead of querying them one by one
• Structured output — parsed SPF includes, DMARC policies, and record counts ready for analysis
• Pay-per-event pricing — costs scale with actual usage, just $0.001 per domain checked

Input parameters

Parameter	Type	Required	Default	Description
domains	string[]	Yes	—	List of domains to check TXT records for. Enter bare domain names (e.g., google.com).

Example input

{
    "domains": [
        "google.com",
        "github.com",
        "example.com"
    ]
}

Output example

Each domain produces one result object with TXT record count, parsed SPF and DMARC data, DKIM presence, verification records, and any issues detected.

Field	Description
domain	The queried domain name
txtRecordCount	Total number of TXT records found
spf	Parsed SPF record (found, record text, includes, policy)
dmarc	Parsed DMARC record (found, policy, report URI)
hasDkim	Whether DKIM records were detected
verificationRecords	Domain verification entries (Google, Facebook, etc.)
issues	Array of detected configuration problems
error	Error message if check failed
checkedAt	ISO timestamp of the check

{
    "domain": "google.com",
    "txtRecordCount": 12,
    "spf": {
        "found": true,
        "record": "v=spf1 include:_spf.google.com ~all",
        "includes": ["_spf.google.com"],
        "policy": "~all"
    },
    "dmarc": {
        "found": true,
        "policy": "reject",
        "reportUri": "mailto:mailauth-reports@google.com"
    },
    "hasDkim": true,
    "verificationRecords": ["google-site-verification=..."],
    "issues": [],
    "error": null,
    "checkedAt": "2026-03-01T12:00:00.000Z"
}

How to check TXT records for a domain

1. Open TXT Record Checker in Apify Console.
2. Enter one or more domain names (e.g., google.com, github.com).
3. Click Start to run the checker.
4. Review results in the Dataset tab — each domain shows SPF, DKIM, DMARC status and any issues found.
5. Download results as JSON, CSV, or Excel for further analysis.

How much does it cost to check TXT records?

TXT Record Checker uses Apify's pay-per-event pricing:

Event	Price	Description
Start	$0.035	One-time per run
Domain checked	$0.001	Per domain checked

Examples:

• 10 domains: $0.035 + 10 x $0.001 = $0.045
• 100 domains: $0.035 + 100 x $0.001 = $0.135
• 1,000 domains: $0.035 + 1,000 x $0.001 = $1.035

Using the Apify API

The Apify API lets you control TXT Record Checker programmatically. Schedule runs, read datasets, manage webhooks, and more. See the Apify API reference for details.

Node.js

import { ApifyClient } from 'apify-client';

const client = new ApifyClient({ token: '<YOUR_API_TOKEN>' });
const run = await client.actor('automation-lab/txt-record-checker').call({
    domains: ['google.com', 'github.com'],
});
const { items } = await client.dataset(run.defaultDatasetId).listItems();
console.log(items);

Python

from apify_client import ApifyClient

client = ApifyClient('<YOUR_API_TOKEN>')
run = client.actor('automation-lab/txt-record-checker').call(run_input={
    'domains': ['google.com', 'github.com'],
})
items = client.dataset(run['defaultDatasetId']).list_items().items
print(items)

cURL

curl "https://api.apify.com/v2/acts/automation-lab~txt-record-checker/run-sync-get-dataset-items?token=YOUR_TOKEN" \
  -X POST \
  -H "Content-Type: application/json" \
  -d '{"domains": ["google.com", "github.com"]}'

Use with AI agents via MCP

TXT Record Checker is available as a tool for AI assistants via the Model Context Protocol (MCP).

Setup for Claude Code

$claude mcp add --transport http apify "https://mcp.apify.com"

Setup for Claude Desktop, Cursor, or VS Code

{
    "mcpServers": {
        "apify": {
            "url": "https://mcp.apify.com"
        }
    }
}

Example prompts

• "Get all TXT records for example.com"
• "Check domain verification TXT records for these domains"
• "Audit SPF, DKIM, and DMARC configuration for our sending domains"

Learn more in the Apify MCP documentation.

Integrations

Connect TXT Record Checker with other apps and services using Apify integrations. You can integrate with Make, Zapier, Slack, Google Sheets, Google Drive, n8n, and many more. Set up a webhook to get a Slack notification when issues are detected in email authentication records, or push results to Google Sheets for a compliance dashboard across all your domains.

Tips and best practices

• Check all sending domains — if your organization uses multiple domains for email, check every one to ensure consistent authentication
• Look at the issues array — the issues field highlights specific configuration problems; an empty array means no issues were found
• Compare before and after — run the checker before and after making DNS changes to verify your updates took effect
• Use with SPF and DMARC actors — for deeper analysis of SPF or DMARC records, use the dedicated SPF Record Checker or DMARC Record Checker actors
• Schedule weekly audits — email authentication records can be accidentally modified; periodic checks catch regressions early

Legality

This tool analyzes publicly accessible web content. Automated analysis of public web resources is standard practice in SEO and web development. Always respect robots.txt directives and rate limits when analyzing third-party websites. For personal data processing, ensure compliance with applicable privacy regulations.

FAQ

What is the difference between TXT Record Checker and the dedicated SPF/DMARC checkers? TXT Record Checker provides a broad overview of all TXT records including SPF, DKIM, DMARC, and verification entries. The dedicated SPF Record Checker and DMARC Record Checker provide deeper parsing of their respective record types (e.g., individual mechanisms, alignment settings).

Can it detect DKIM records? The actor checks for the presence of DKIM by looking for common DKIM selectors. The hasDkim field indicates whether DKIM records were found. For full DKIM validation, you would need to know the specific selector used by the email provider.

What services can the verification records identify? The actor recognizes domain verification records for Google, Facebook, Microsoft, and Apple. Other service-specific TXT records are included in the raw output but may not be explicitly labeled.

What kind of issues does the actor detect? The issues array reports problems such as missing SPF records, missing DMARC records, multiple SPF records (which violates the SPF spec), weak DMARC policies (e.g., p=none), and other common misconfigurations. An empty issues array means no problems were found.

The issues array reports "Missing SPF record" but I have one. What is wrong? Double-check that your SPF record starts with exactly v=spf1 (with no leading spaces or typos). Some DNS providers add invisible characters or split long TXT records into multiple strings. Also confirm the record is published on the correct domain -- SPF records must be on the sending domain itself, not a subdomain.

hasDkim is false but I configured DKIM with my email provider. Why? DKIM records are published under a specific selector (e.g., selector1._domainkey.example.com). The actor checks a set of common selectors, but your provider may use a custom one. Check with your email provider for the exact selector name, then verify it with a DNS lookup for <selector>._domainkey.yourdomain.com.

Other DNS tools

• DNS Lookup -- resolve A, AAAA, MX, NS, CNAME, and TXT records for any domain
• AAAA Record Checker -- check IPv6 AAAA records for domains
• CNAME Record Checker -- look up CNAME records and alias chains
• MX Record Checker -- check mail server MX records
• NS Record Checker -- look up authoritative nameservers
• SPF Record Checker -- deep SPF record parsing and validation
• DMARC Record Checker -- detailed DMARC policy analysis