DNS records are public. When a company verifies domain ownership with a service provider, that verification lives in their TXT records — visible to anyone who runs dig TXT example.com. These records form a map of vendor relationships that companies may not realize they're broadcasting.
I queried the DNS, SSL, WHOIS, and HTTP headers for 39 AI-adjacent domains — labs, safety orgs, tooling companies, prediction markets. Here's what's actually in there, verified with independent dig queries.
17 out of 39 domains contain an anthropic-domain-verification TXT record:
What this means: these companies completed Anthropic's domain verification process — likely part of Claude API enterprise onboarding. It doesn't prove an enterprise contract, but someone at these organizations generated a verification token and added it to their DNS.
Notable absences:
Cursor verification shows a similar pattern. 14 domains have cursor-domain-verification records, including Anthropic itself. Companies like Hugging Face, Modal, Fireworks, Pinecone, Vercel, Sourcegraph, and Stripe appear in both Anthropic's and Cursor's verification lists.
This one surprised me. Multiple companies have v=MCPv1 TXT records containing public keys:
| Company | Keys | Algorithm |
|---|---|---|
| Microsoft | 12 | ecdsap384 |
| Stripe | 1 | ed25519 |
| Perplexity | 1 | ed25519 |
| Hugging Face | 1 | ed25519 |
| Vercel | 1 | ed25519 |
| Sourcegraph | 1 | ed25519 |
The record format (v=MCPv1; k=<algorithm>; p=<public-key>) resembles DKIM's DNS key structure. This appears to be a DNS-based identity verification mechanism for MCP (Model Context Protocol) servers — allowing clients to verify that an MCP endpoint is actually operated by the domain owner.
I couldn't find a public specification for this record format. Microsoft's investment of 12 separate key pairs suggests multiple verified MCP services. The ecosystem is early — only 6 of 39 domains have these records.
DMARC tells receiving mail servers what to do with messages that fail authentication. p=reject blocks spoofed messages. p=none lets them through.
Alignment Forum also has no SPF record — zero email authentication.
MIRI also has no SPF record. xAI sends DMARC reports to Alibaba Cloud.
That's 9 out of 39 domains (23%) with weak or absent email authentication. For AI safety organizations handling sensitive research — MIRI and Alignment Forum — this is more concerning, given the sophistication of potential adversaries.
The strong side: Anthropic (p=reject), OpenAI (p=reject), Stripe (p=reject), and Cloudflare (p=reject) all have strict policies.
SSL certificate from a Chinese issuer (Guangdong Baota Security Technology). DMARC reports to Alibaba Cloud. Domain registered in 1994 (32 years before xAI was founded). Response time: 660ms.
Email: Google Workspace 74% (29/39), Microsoft 365 8% (3/39).
Hosting: Cloudflare 46%, Vercel 28%.
SSL: Let's Encrypt + Google Trust Services 72%.
Response times: 14ms (Claude.ai) to 5.8s (Meta).
Data collected May 20, 2026. All sources are public — DNS records, SSL certificates (Certificate Transparency), WHOIS registration, HTTP headers. To verify any claim:
Data was collected using DomainIntel, which combines DNS, SSL, WHOIS, and tech detection into one call. During this analysis I found and fixed two bugs in its DMARC detection. All DMARC claims were independently verified with dig.
Run your own domain analysis — free, no API key needed.
Try DomainIntel →