← DomainIntel

I scanned 39 AI companies' DNS records — here's who's verified with Anthropic, who's deploying MCP keys, and whose email you can spoof

May 20, 2026 · John Leslie · All data independently verifiable with dig
17/39
Anthropic verified
6
MCPv1 deployers
23%
Weak email security
12
Microsoft MCP keys

DNS records are public. When a company verifies domain ownership with a service provider, that verification lives in their TXT records — visible to anyone who runs dig TXT example.com. These records form a map of vendor relationships that companies may not realize they're broadcasting.

I queried the DNS, SSL, WHOIS, and HTTP headers for 39 AI-adjacent domains — labs, safety orgs, tooling companies, prediction markets. Here's what's actually in there, verified with independent dig queries.

Anthropic domain verification: who's completed it

17 out of 39 domains contain an anthropic-domain-verification TXT record:

$ dig +short TXT meta.com | grep anthropic "anthropic-domain-verification-vb762t=ezl2XXGyq8tXMTx0oArON1hm7" $ dig +short TXT stripe.com | grep anthropic "anthropic-domain-verification-zk7x9c=QfN52ECybLPUWh51R9pKF0QO3"
Meta Microsoft NVIDIA Midjourney Perplexity Fireworks AI Modal Aleph Alpha Hugging Face Vercel Cursor Sourcegraph Pinecone Stripe Open Philanthropy Polymarket Jasper AI

What this means: these companies completed Anthropic's domain verification process — likely part of Claude API enterprise onboarding. It doesn't prove an enterprise contract, but someone at these organizations generated a verification token and added it to their DNS.

Notable absences:

OpenAI Google Apple Amazon xAI

Cursor verification shows a similar pattern. 14 domains have cursor-domain-verification records, including Anthropic itself. Companies like Hugging Face, Modal, Fireworks, Pinecone, Vercel, Sourcegraph, and Stripe appear in both Anthropic's and Cursor's verification lists.

MCPv1 DNS records: cryptographic MCP server identity

This one surprised me. Multiple companies have v=MCPv1 TXT records containing public keys:

$ dig +short TXT microsoft.com | grep MCPv1 | wc -l 12 $ dig +short TXT microsoft.com | grep MCPv1 | head -3 "v=MCPv1; k=ecdsap384; p=A/Mf6IKdZzcHfBvpiVz9rkdPTIcCP5IbR..." "v=MCPv1; k=ecdsap384; p=AqXeTHJ/1FCYeuvJ8dc1B+X3uHaa7m2W0..." "v=MCPv1; k=ecdsap384; p=AoHTKEi2W8L2P8cf9CoDicIxYiuttTkwtI..." $ dig +short TXT stripe.com | grep MCPv1 "v=MCPv1; k=ed25519; p=WMeka0C1fIH9HQLMtsSM9DD9cM6Bz6Wz34mHnK86UcM="
CompanyKeysAlgorithm
Microsoft12ecdsap384
Stripe1ed25519
Perplexity1ed25519
Hugging Face1ed25519
Vercel1ed25519
Sourcegraph1ed25519

The record format (v=MCPv1; k=<algorithm>; p=<public-key>) resembles DKIM's DNS key structure. This appears to be a DNS-based identity verification mechanism for MCP (Model Context Protocol) servers — allowing clients to verify that an MCP endpoint is actually operated by the domain owner.

I couldn't find a public specification for this record format. Microsoft's investment of 12 separate key pairs suggests multiple verified MCP services. The ecosystem is early — only 6 of 39 domains have these records.

Email security: who's vulnerable to spoofing

DMARC tells receiving mail servers what to do with messages that fail authentication. p=reject blocks spoofed messages. p=none lets them through.

No DMARC record at all
Alignment Forum Manifold Markets

Alignment Forum also has no SPF record — zero email authentication.

DMARC monitoring-only (p=none — spoofed emails delivered)
MIRI Hugging Face Inflection AI xAI Aleph Alpha Qdrant Metaculus

MIRI also has no SPF record. xAI sends DMARC reports to Alibaba Cloud.

That's 9 out of 39 domains (23%) with weak or absent email authentication. For AI safety organizations handling sensitive research — MIRI and Alignment Forum — this is more concerning, given the sophistication of potential adversaries.

The strong side: Anthropic (p=reject), OpenAI (p=reject), Stripe (p=reject), and Cloudflare (p=reject) all have strict policies.

SPF softfail: the policy that doesn't protect

HN user sybercecurity asked a good question: how many companies use ~all (softfail) in their SPF records? Softfail tells receiving servers "this message probably isn't from us, but deliver it anyway." It's the default for many email setups, and it barely enforces anything.

26/39
SPF softfail (~all)
10/39
SPF hardfail (-all)
3/39
No SPF at all

Two-thirds of AI companies use softfail. Including Anthropic, Google, Apple, NVIDIA, Hugging Face, Perplexity, Scale AI, Cohere, Stability AI, and Mistral. Only OpenAI, Microsoft, Amazon, Palantir, x.ai, Pinecone, Jasper, and Runway use hardfail (-all).

Three domains have no SPF at all: Meta (relies on other mechanisms), Tesla, and Alignment Forum.

Largest approved sender lists
CompanyIncludesIP RangesSPF Policy
Jasper70-all
Cohere60~all
Weaviate60~all
Scale AI50~all
Qdrant50~all
OpenAI50-all
Microsoft50-all
Character.ai23~all
Tesla013?all

Cohere's combination — 6 approved senders (Google, Proofpoint, Outlook, Salesforce, Marketo, Amazon SES) plus softfail — is the widest attack surface. Tesla uses 13 IP ranges with ?all (neutral), functionally equivalent to no enforcement.

The practical implication: if you receive an email "from" most AI companies, your mail server won't definitively reject it even if it's spoofed. The ~all softfail tells your server to accept it but maybe flag it. Combined with weak DMARC (as we saw above), this means email impersonation is technically feasible against the majority of companies in this dataset.

Check any domain's email security

Enter a domain below for a combined spoofability assessment. Unlike checking SPF or DMARC in isolation, this weighs all three layers together — SPF policy, DMARC enforcement, and DKIM presence — because a domain with SPF softfail but strict DMARC + DKIM alignment is still well-protected. Data pulled live from public DNS records via DomainIntel.

Smaller findings

xAI's unusual infrastructure

SSL certificate from a Chinese issuer (Guangdong Baota Security Technology). DMARC reports to Alibaba Cloud. Domain registered in 1994 (32 years before xAI was founded). Response time: 660ms.

Market share

Email: Google Workspace 74% (29/39), Microsoft 365 8% (3/39).
Hosting: Cloudflare 46%, Vercel 28%.
SSL: Let's Encrypt + Google Trust Services 72%.
Response times: 14ms (Claude.ai) to 5.8s (Meta).

Methodology

Data collected May 20, 2026. All sources are public — DNS records, SSL certificates (Certificate Transparency), WHOIS registration, HTTP headers. To verify any claim:

dig +short TXT <domain> # TXT records (verification, SPF) dig +short TXT _dmarc.<domain> # DMARC policy dig +short MX <domain> # Mail servers echo | openssl s_client -connect <domain>:443 2>/dev/null | openssl x509 -noout -issuer -dates

Data was collected using DomainIntel, which combines DNS, SSL, WHOIS, and tech detection into one call. During this analysis I found and fixed two bugs in its DMARC detection. All DMARC claims were independently verified with dig.

Run your own domain analysis — free, no API key needed.

Try DomainIntel →