change.org

Authentication

DNSSEC

DNSSEC provides a way to ensure that the DNS answers a client is receiving from a DNS resolver are correct and have not been tampered with. DNSSEC must be configured at the domain's registrar and nameservers.

Learn more about DNSSEC.

DNSSEC is not enabled on this domain.

SPF

Sender Policy Framework (SPF) authenticates email by checking the sending email server IP address against a list of domains provided by the SPF record of the envelope from domain. The SPF record can include other records, with up to 10 DNS lookups.

Learn more about SPF.

This domain has a valid SPF record.

Record: v=spf1 include:_spf.google.com include:amazonses.com include:_spf.zimpel.de ~all
all: softfail

DNS Lookups

DNS lookups used: 5/10
Void lookups: 0/2

SPF mechanisms that require DNS lookups
Mechanism	Lookups
include:_spf.google.com	3
include:amazonses.com	1
include:_spf.zimpel.de	1

DMARC

Domain-based Message Authentication, Reporting, and Conformance (DMARC) ensures that the SPF and DKIM authentication mechanisms actually authenticate against the same base domain that the end user sees.

Learn more about DMARC.

This domain has a reject DMARC policy.

Record: v=DMARC1; p=reject; rua=mailto:[email protected],mailto:[email protected]; ruf=mailto:[email protected],mailto:[email protected]; pct=100
Location: change.org

DMARC record tag values
Tag	Value
p	reject
rua	[email protected] [email protected]
ruf	[email protected] [email protected]
pct	100

BIMI

Brand Indicators for Message Identification (BIMI) is an emerging email specification that allows brand images such as logos to appear in the inbox and/or next to the from address in supporting mailbox providers.

Learn more about BIMI.

This domain has a valid BIMI record, image, and certificate at the default selector.

Record: v=BIMI1; l=https://static.change.org/emails-bimi/change_org_pbc_1248670873.svg; a=https://static.change.org/emails-bimi/change_org_pbc_1248670873.pem
Location: change.org

BIMI record tag values
Tag	Value
l	https://static.change.org/emails-bimi/change_org_pbc_1248670873.svg
a	https://static.change.org/emails-bimi/change_org_pbc_1248670873.pem

Image

Image metadata
svg_version	1.2
base_profile	tiny-ps
title	Change.org
width	96.0
height	96.0
filesize	2.596 KB
sha256	5bff95e1ab6e0a2d7644e99c6b2b38fd8383c30eb4432ed4cec0c568a4d69b7e

Certificate

Issuer

Certificate issuer metadata
countryName	US
organizationName	DigiCert, Inc.
commonName	DigiCert Verified Mark RSA4096 SHA256 2021 CA1

Subject

Certificate subject metadata
jurisdictionOfIncorporationCountryName	US
jurisdictionOfIncorporationStateOrProvinceName	Delaware
businessCategory	Private Organization
serialNumber	4215439
countryName	US
stateOrProvinceName	California
localityName	San Francisco
streetAddress	548 Market Street #29993
organizationName	Change.org, PBC
commonName	Change.org, PBC
markType	Registered Mark
trademarkCountryOrRegionName	US
trademarkIdentifier	7215883
logoTypeSHA256	5bff95e1ab6e0a2d7644e99c6b2b38fd8383c30eb4432ed4cec0c568a4d69b7e

Email Infrastructure

Mail servers

Preference	1
Hostname	aspmx.l.google.com
Addresses	142.251.179.26 2607:f8b0:4004:c08::1b
DNSSEC	False
TLSA	False

Preference	5
Hostname	alt1.aspmx.l.google.com
Addresses	172.253.116.27 2a00:1450:400b:c02::1a
DNSSEC	False
TLSA	False

Preference	5
Hostname	alt2.aspmx.l.google.com
Addresses	173.194.76.26 2a00:1450:400c:c00::1a
DNSSEC	False
TLSA	False

Preference	10
Hostname	aspmx2.googlemail.com
Addresses	172.253.116.27 2a00:1450:400b:c02::1b
DNSSEC	False
TLSA	False

Preference	10
Hostname	aspmx3.googlemail.com
Addresses	173.194.76.27 2a00:1450:400c:c00::1b
DNSSEC	False
TLSA	False

Preference	10
Hostname	aspmx4.googlemail.com
Addresses	142.250.102.27 2a00:1450:4025:402::1a
DNSSEC	False
TLSA	False

Preference	10
Hostname	aspmx5.googlemail.com
Addresses	192.178.213.26 2a00:1450:4013:c1e::1a
DNSSEC	False
TLSA	False

MTA-STS

SMTP MTA Strict Transport Security (MTA-STS) provides a way for domain owners to tell email services that they should only send email to the domain over a verified TLS connection to specific email servers. This prevents man-in-the-middle attacks when the sending email server supports it.

Learn more about MTA-STS.

An MTA-STS DNS record does not exist.

TLSRPT

SMTP TLS Reporting (TLSRPT) is a mechanism for sending email servers to provide statistics to domain owners about failures to establish TLS connections for SMTP. This allows domain owners to proactively identify TLS misconfigurations and man-in-the-middle attacks.

Learn more about TLSRPT.

An SMTP TLS Reporting record does not exist.

DNS Infrastructure

SOA

Record: ns-1808.awsdns-34.co.uk. awsdns-hostmaster.amazon.com. 1 7200 900 1209600 86400

SOA record values
Primary nameserver	ns-1808.awsdns-34.co.uk
Rname email address	[email protected]
Serial	1
Refresh	7200
Retry	900
Expire	1209600
Minimum	86400

Nameservers

ns-1500.awsdns-59.org
ns-1808.awsdns-34.co.uk
ns-33.awsdns-04.com
ns-828.awsdns-39.net