Domain verifications leak information that they shouldn't - it should be "random key.domain.com in TXT randomkey"