gmail.com

Authentication

DNSSEC

DNSSEC provides a way to ensure that the DNS answers a client is receiving from a DNS resolver are correct and have not been tampered with. DNSSEC must be configured at the domain's registrar and nameservers.

Learn more about DNSSEC.

DNSSEC is not enabled on this domain.

SPF

Sender Policy Framework (SPF) authenticates email by checking the sending email server IP address against a list of domains provided by the SPF record of the envelope from domain. The SPF record can include other records, with up to 10 DNS lookups.

Learn more about SPF.

This domain has a valid SPF record.

Record: v=spf1 redirect=_spf.google.com
all: softfail

DNS Lookups

DNS lookups used: 3/10
Void lookups: 0/2

SPF mechanisms that require DNS lookups
Mechanism	Lookups
redirect:_spf.google.com	1
include:_netblocks.google.com	1
include:_netblocks2.google.com	1

DMARC

Domain-based Message Authentication, Reporting, and Conformance (DMARC) ensures that the SPF and DKIM authentication mechanisms actually authenticate against the same base domain that the end user sees.

Learn more about DMARC.

A p tag value of none makes DMARC unenforced on email sent as gmail.com.

Record: v=DMARC1; p=none; sp=quarantine; rua=mailto:[email protected]
Location: gmail.com

DMARC record tag values
Tag	Value
p	none
sp	quarantine
rua	[email protected]

BIMI

Brand Indicators for Message Identification (BIMI) is an emerging email specification that allows brand images such as logos to appear in the inbox and/or next to the from address in supporting mailbox providers.

Learn more about BIMI.

A BIMI record does not exist at the default selector.

Email Infrastructure

Mail servers

Preference	5
Hostname	gmail-smtp-in.l.google.com
Addresses	2607:f8b0:4004:c21::1a 64.233.180.26
DNSSEC	False
TLSA	False

Preference	10
Hostname	alt1.gmail-smtp-in.l.google.com
Addresses	172.253.116.27 2a00:1450:400b:c02::1a
DNSSEC	False
TLSA	False

Preference	20
Hostname	alt2.gmail-smtp-in.l.google.com
Addresses	173.194.76.27 2a00:1450:400c:c00::1a
DNSSEC	False
TLSA	False

Preference	30
Hostname	alt3.gmail-smtp-in.l.google.com
Addresses	142.250.102.27 2a00:1450:4025:402::1a
DNSSEC	False
TLSA	False

Preference	40
Hostname	alt4.gmail-smtp-in.l.google.com
Addresses	192.178.213.26 2a00:1450:4013:c1e::1b
DNSSEC	False
TLSA	False

MTA-STS

SMTP MTA Strict Transport Security (MTA-STS) provides a way for domain owners to tell email services that they should only send email to the domain over a verified TLS connection to specific email servers. This prevents man-in-the-middle attacks when the sending email server supports it.

Learn more about MTA-STS.

This domain has an enforce MTA-STS policy.

MTA-STS configuration
id	20190429T010101
mode	enforce
max age	86400
mx	gmail-smtp-in.l.google.com *.gmail-smtp-in.l.google.com

TLSRPT

SMTP TLS Reporting (TLSRPT) is a mechanism for sending email servers to provide statistics to domain owners about failures to establish TLS connections for SMTP. This allows domain owners to proactively identify TLS misconfigurations and man-in-the-middle attacks.

Learn more about TLSRPT.

This domain has a valid TLSRPT record.

SMTP TLS reporting tags
Tag	Value
rua	mailto:[email protected]

DNS Infrastructure

SOA

Record: ns1.google.com. dns-admin.google.com. 826808877 900 900 1800 60

SOA record values
Primary nameserver	ns1.google.com
Rname email address	[email protected]
Serial	826808877
Refresh	900
Retry	900
Expire	1800
Minimum	60

Nameservers

ns2.google.com
ns3.google.com
ns1.google.com
ns4.google.com