Email authentication check

craigslist.org

This check reviews the domain's email authentication setup to help protect against spoofing and phishing.

All data is public, sourced from DNS Last checked 1 day ago
Well protected

Outbound authentication is fully configured. 1 optional improvement remains.

craigslist.org publishes strong public DNS records for email authentication and transport security.

102 out of 110
3 of 4 checks passed
DMARC 42 / 50 · Optional SPF 30 / 30 · Passed BIMI 20 / 20 · Passed TLS 10 / 10 · Passed
Last checked 1 day ago
Compare with other domains
DMARC SPF BIMI TLS

DMARC

Optional

Domain-based Message Authentication

42 / 50

Quarantine policy enabled

DMARC record is valid and configured correctly.

_dmarc.craigslist.org TXT
v=DMARC1; p=quarantine; pct=100; rua=mailto:[email protected]; ruf=mailto:[email protected],mailto:[email protected];

Score breakdown

  • DMARC record published +10
  • Syntax valid +5
  • Quarantine policy +12
  • Aggregate reporting (rua) configured and verified +10
  • Failure reporting (ruf) configured +5

Configuration

Policy (p)
quarantine
DKIM alignment (adkim)
Relaxed (default)
SPF alignment (aspf)
Relaxed (default)
Subdomain policy (sp)
Inherits p=quarantine

Reporting (RUA / RUF)

Aggregate reports Passed
mailto:[email protected]
External domain verification successful
Failure reports Passed
mailto:[email protected],mailto:[email protected]
External domain verification successful
Record uses tags removed by RFC 9989
RFC 9989 (May 2026) removed the pct tag. Use t=y for staged rollouts instead.

SPF

Passed

Sender Policy Framework

30 / 30

Hard-fail policy, within lookup limits

SPF record is valid and complies with RFC 7208.

craigslist.org TXT
v=spf1 ip4:208.82.237.96/29 ip4:208.82.237.104/31 ip4:208.82.238.96/29 ip4:208.82.238.104/31 -all

Score breakdown

  • SPF record published +10
  • Syntax valid +5
  • Hard fail policy (-all) +10
  • No configuration warnings +5

Configuration

Default policy
-all (hard fail)
DNS lookups
0 / 10 max
Void lookups
0 / 2 max
Syntax check
OK

Authorized IP addresses

craigslist.org

208.82.237.96/29 208.82.237.104/31 208.82.238.96/29 208.82.238.104/31

BIMI

Passed

Brand Indicators for Message Identification

20 / 20

Verified logo configured

BIMI record validated

default._bimi.craigslist.org TXT
v=BIMI1;l=https://www.craigslist.org/craigslist_bimi.svg;a=https://www.craigslist.org/craigslist_inc.pem

Score breakdown

  • BIMI record published +5
  • BIMI record valid +5
  • Logo URL accessible and valid SVG +5
  • Verified Mark Certificate (VMC) valid +5

Configuration

Logo (l)
image/svg+xml
Mark certificate (a)
Valid PEM detected
Selector
default
Note
SVG content is not parsed, for safety

Assets

Logo URL
https://www.craigslist.org/craigslist_bimi.svg
Valid
Mark certificate
https://www.craigslist.org/craigslist_inc.pem
Valid

TLS

Passed

Transport security · MTA-STS & TLS-RPT

10 / 10

Inbound transport protection configured

craigslist.org publishes both TLS-RPT reporting and MTA-STS policy records.

Score breakdown

  • TLS-RPT record configured +5
  • MTA-STS policy configured +5

Configuration

TLS-RPT
Configured
MTA-STS
Configured
TLS-RPT reporting URIs
mailto:[email protected]
MTA-STS policy ID
20241030080000Z

Transport checks

TLS-RPT (reporting) Configured
v=TLSRPTv1;rua=mailto:[email protected]

TLS-RPT record is valid and configured correctly.

MTA-STS (policy) Configured
v=STSv1; id=20241030080000Z

MTA-STS record is valid and configured correctly.

craigslist.org has a DMARC quarantine policy, directing unauthenticated emails to spam. SPF is correctly configured with a strict policy (-all), specifying which servers may send on its behalf. Overall, craigslist.org demonstrates strong email authentication practices.

Keep craigslist.org protected automatically

This check is a snapshot. DNS records drift when providers change, teams edit records, or unauthorized changes slip in. DMARCTrust watches the same authentication layer continuously and tells you when something moves.

DMARC report processing

Aggregate and failure DMARC reports are received, parsed, and turned into sender visibility without manual XML handling.

DNS change alerts

DNS checks run every 5 minutes for monitored domains, with email alerts when DMARC, SPF, BIMI, TLS-RPT, or MTA-STS records change.

Receiver Shield for inbound

Deploy, host, and safely enforce MTA-STS and TLS-RPT when this checker finds an inbound transport gap.

Start monitoring craigslist.org View plans First checked 5 months ago

Check another domain

Run a free email authentication check: DMARC, SPF, BIMI, TLS-RPT, and MTA-STS.

Try a popular example: google.com, amazon.com, booking.com
Explore

How other domains configure email authentication

Showing domains checked by our users. All data is from public DNS records.

Popular domains

Frequently checked

Well configured

Reject policy + valid SPF

Same policy

Also using quarantine

What we check

DMARC policy and alignment, SPF record and includes, BIMI logo and certificate, and inbound transport security with MTA-STS and TLS-RPT.

Why it matters

Healthy authentication improves delivery and blocks spoofing. Major inbox providers increasingly expect DMARC and aligned SPF or DKIM from senders.

What you get

Syntax, policy, reporting validation, include analysis, alignment interpretation, and clear setup guidance for every result.