crowdstrike.com

Authentication

DNSSEC

DNSSEC provides a way to ensure that the DNS answers a client is receiving from a DNS resolver are correct and have not been tampered with. DNSSEC must be configured at the domain's registrar and nameservers.

Learn more about DNSSEC.

DNSSEC is enabled on this domain.

SPF

Sender Policy Framework (SPF) authenticates email by checking the sending email server IP address against a list of domains provided by the SPF record of the envelope from domain. The SPF record can include other records, with up to 10 DNS lookups.

Learn more about SPF.

This domain has a valid SPF record.

The SPF record for crowdstrike.com is > 512 bytes (1076 bytes). This likely exceeds the reliable UDP response size; some verifiers may ignore or fail it (RFC 7208 § 3.4).

Record: v=spf1 include:mktomail.com include:amazonses.com include:spf-00206402.pphosted.com include:_spf.salesforce.com a:spf.servicenowservices.com include:_netblocks.google.com include:_netblocks2.google.com include:_netblocks3.google.com ip4:208.42.226.9/32 ip4:208.42.226.8/32 ip4:50.112.131.18/32 ip4:54.191.184.169/32 ip4:50.112.181.63/32 ip4:148.163.152.21/32 ip4:148.163.148.21/32 ip4:64.79.155.0/24 ip4:207.218.90.0/24 ip4:192.254.118.63 ip4:54.240.34.17 ip4:54.240.34.18 ip4:54.240.34.19 ip4:54.240.34.204 ip4:54.240.34.205 ip4:54.240.34.206 ip4:54.240.34.207 ip4:54.240.59.90 ip4:54.240.59.92 ip4:54.240.59.93 ip4:35.171.200.76 ip4:54.183.25.1 ip4:52.52.102.47 ip4:192.174.90.242 ip4:52.8.44.174 ip4:139.60.152.0/22 ip4:64.69.212.0/24 ip4:162.247.216.0/22 ip4:52.26.233.205/32 ip4:44.236.4.51/32 ip4:208.42.231.60/32 ip4:54.240.59.91 ip4:98.97.248.0/21 ip4:54.186.193.102/32 ip4:52.222.73.120/32 ip4:52.222.73.83 ip4:52.222.62.51 ip4:52.222.75.85 ip4:52.222.89.228 ip4:52.222.89.228 ip4:160.1.62.192 ip4:52.61.91.9 ip4:15.200.21.50 ip4:15.200.201.185 ip4:15.200.44.248 ~all
all: softfail

DNS Lookups

DNS lookups used: 9/10
Void lookups: 0/2

SPF mechanisms that require DNS lookups
Mechanism	Lookups
include:mktomail.com	1
include:amazonses.com	1
include:spf-00206402.pphosted.com	1
include:_spf.salesforce.com	2
a:spf.servicenowservices.com	1
include:_netblocks.google.com	1
include:_netblocks2.google.com	1
include:_netblocks3.google.com	1

DMARC

Domain-based Message Authentication, Reporting, and Conformance (DMARC) ensures that the SPF and DKIM authentication mechanisms actually authenticate against the same base domain that the end user sees.

Learn more about DMARC.

This domain has a reject DMARC policy.

Record: v=DMARC1; p=reject; fo=1; ri=3600; rua=mailto:[email protected],mailto:[email protected]; ruf=mailto:[email protected],mailto:[email protected]
Location: crowdstrike.com

DMARC record tag values
Tag	Value
p	reject
fo	1
ri	3600
rua	[email protected] [email protected]
ruf	[email protected] [email protected]

BIMI

Brand Indicators for Message Identification (BIMI) is an emerging email specification that allows brand images such as logos to appear in the inbox and/or next to the from address in supporting mailbox providers.

Learn more about BIMI.

This domain has a valid BIMI record, image, and certificate at the default selector.

Record: v=BIMI1; l=https://www.crowdstrike.com/logos/crowdstrike_inc_227202014.svg; a=https://www.crowdstrike.com/logos/crowdstrike_inc_227202014.pem
Location: crowdstrike.com

BIMI record tag values
Tag	Value
l	https://www.crowdstrike.com/logos/crowdstrike_inc_227202014.svg
a	https://www.crowdstrike.com/logos/crowdstrike_inc_227202014.pem

Image

Image metadata
svg_version	1.2
base_profile	tiny-ps
title	CrowdStrike
width	491.6
height	491.6
filesize	1.964 KB
sha256	ccdc3bf42aa67ba8c60bd684975d95df51874b26631e8064ddec457d77cac15e

Certificate

Issuer

Certificate issuer metadata
countryName	US
organizationName	DigiCert, Inc.
commonName	DigiCert Verified Mark RSA4096 SHA256 2021 CA1

Subject

Certificate subject metadata
jurisdictionOfIncorporationCountryName	US
jurisdictionOfIncorporationStateOrProvinceName	Delaware
businessCategory	Private Organization
serialNumber	5030737
countryName	US
stateOrProvinceName	California
localityName	Irvine
streetAddress	15441 Laguna Canyon Rd, Ste 260
organizationName	CrowdStrike, Inc.
commonName	CrowdStrike, Inc.
markType	Registered Mark
trademarkCountryOrRegionName	US
trademarkIdentifier	4732154
logoTypeSHA256	ccdc3bf42aa67ba8c60bd684975d95df51874b26631e8064ddec457d77cac15e

Email Infrastructure

Mail servers

Preference	10
Hostname	mxa-00206402.gslb.pphosted.com
Addresses	148.163.148.77
DNSSEC	False
TLSA	False

Preference	10
Hostname	mxb-00206402.gslb.pphosted.com
Addresses	148.163.148.77
DNSSEC	False
TLSA	False

MTA-STS

SMTP MTA Strict Transport Security (MTA-STS) provides a way for domain owners to tell email services that they should only send email to the domain over a verified TLS connection to specific email servers. This prevents man-in-the-middle attacks when the sending email server supports it.

Learn more about MTA-STS.

This domain has an enforce MTA-STS policy.

MTA-STS configuration
id	20230727T162100
mode	enforce
max age	86400
mx	mxa-00206402.gslb.pphosted.com mxb-00206402.gslb.pphosted.com

TLSRPT

SMTP TLS Reporting (TLSRPT) is a mechanism for sending email servers to provide statistics to domain owners about failures to establish TLS connections for SMTP. This allows domain owners to proactively identify TLS misconfigurations and man-in-the-middle attacks.

Learn more about TLSRPT.

This domain has a valid TLSRPT record.

SMTP TLS reporting tags
Tag	Value
rua	mailto:[email protected]

DNS Infrastructure

SOA

Record: blue.foundationdns.com. dns.cloudflare.com. 2387409736 10000 2400 604800 1800

SOA record values
Primary nameserver	blue.foundationdns.com
Rname email address	[email protected]
Serial	2387409736
Refresh	10000
Retry	2400
Expire	604800
Minimum	1800

Nameservers

blue.foundationdns.com
blue.foundationdns.net
blue.foundationdns.org