The auth layer, not the routing layer
MX says where mail goes. SPF, DKIM, and DMARC say who is allowed to send it. All three live in TXT records, and DNSTimeMachine keeps each edit dated and separate from the MX history.
SPF & DKIM history
See a domain's past SPF and DKIM records.
Email authentication breaks silently. An SPF include is removed, a DKIM selector rotates, a DMARC policy tightens, and good mail starts failing. DNSTimeMachine keeps a domain's past SPF, DKIM, and DMARC records, the TXT layer that proves who is allowed to send, so you can see exactly which auth value changed and when.
For anyone searching SPF record history, old DKIM record, historical TXT records, past DMARC policy, or when did SPF change.
How the history reads.
One domain, every record, each value stamped with the day it first appeared. That is the whole product: the past DNS you cannot get from a live lookup.
Catch the change that broke DKIM
A removed SPF include or a rotated DKIM selector breaks authentication with no error of its own. The dated trail shows the exact value that changed, so a deliverability drop stops being a mystery.
DMARC policy over time
See when a domain moved from p=none to quarantine or reject. Useful for explaining a sudden spam-folder problem, or for an investigation into messages spoofed under an older, weaker policy.
When teams reach for this.
- DMARC reports show failures and you need the old SPF value
- DKIM verification broke after a key rotation
- Good mail started landing in spam after an SPF edit
- Investigating a spoofed message against past auth records
"What did this point to before?"
The question current lookups cannot answer. Enter a domain above and we will keep its history for you.
Look up a domain