Authentication Records Check for

paypal.com

Instant checks for DMARC, SPF, and BIMI with clear, actionable guidance.

DMARC SPF BIMI

All data displayed is public and provided by the DNS system. Use of this website is subject to our Terms of Service.

Last checked about 9 hours ago

0 out of 100
Very Good

Domain Health Score

Your domain has strong email authentication. A few improvements can get you to a perfect score.

SPF
Sender Policy Framework
26 / 30
DMARC
Domain-based Message Authentication
50 / 50
BIMI
Brand Indicators for Message Identification
20 / 20

Top Recommendation

+4

Upgrade to -all (hard fail) for maximum protection

SPF improvement

0

DMARC Check Results

50 / 50 points

Score Breakdown

DMARC record published
+10
Syntax valid
+5
Reject policy (maximum protection)
+20
Aggregate reporting (rua) configured and verified
+10
Forensic reporting (ruf) configured
+5

DMARC Check Passed: Properly Configured

DMARC record is valid and configured correctly.

_dmarc.paypal.com TXT Entry:

v=DMARC1; p=reject; rua=mailto:[email protected]; ruf=mailto:[email protected]

Policy (p)

reject

DKIM Alignment (adkim)

Relaxed (default)

SPF Alignment (aspf)

Relaxed (default)

Reporting (RUA/RUF)

Aggregate Reports

Configured
[email protected]
External Domain Verification
[email protected]

Verification successful

Learn more about aggregate reports →

Forensic Reports

Configured
[email protected]
External Domain Verification
[email protected]

Verification successful

Learn more about forensic reports →

Add Our Monitoring System

You can add our monitoring system alongside your existing setup. DMARC supports multiple mailto: addresses, giving you additional visibility and backup reporting.

  • Automated DMARC report processing every 5 minutes
  • Clear insights and actionable recommendations
  • Track all sending sources and authentication results
Get Started
0

BIMI Check (default selector)

20 / 20 points

Score Breakdown

BIMI record published
+5
BIMI record valid
+5
Logo URL accessible and valid SVG
+5
Verified Mark Certificate (VMC) valid
+5

BIMI Record Found and Looks Good

Current BIMI Entry:

v=BIMI1; l=https://www.paypalobjects.com/marketing/web/logos/paypal_ppe.svg; a=https://www.paypalobjects.com/marketing/web/logos/PPE_UK_DE_paypal_inc.pem

Logo URL

https://www.paypalobjects.com/marketing/web/logos/paypal_ppe.svg

image/svg+xml

Note: We do not parse SVG content for safety.

Mark Certificate

https://www.paypalobjects.com/marketing/web/logos/PPE_UK_DE_paypal_inc.pem

Valid PEM detected

0

SPF Record Check Results

26 / 30 points

Score Breakdown

SPF record published
+10
Syntax valid
+5
Soft fail policy (~all)
+6 / 10
No configuration warnings
+5

SPF record is valid.

paypal.com TXT SPF Entry:

v=spf1 include:pp._spf.paypal.com include:3ph1._spf.paypal.com include:3ph2._spf.paypal.com include:3ph3._spf.paypal.com include:3ph4._spf.paypal.com include:sendgrid.net include:aspmx.pardot.com ~all

Syntax Check

OK

DNS Lookup Count

9 / 10 max

Close to RFC limit!

Root-level mechanisms requiring DNS queries: 7.

Void Lookups

0 / 2 max

Default Policy

~all

Soft fail: Mark emails from unauthorized servers as suspicious but don't reject

All Authorized IP Addresses

Grouped by DNS record source (includes and sub-includes)

include:pp._spf.paypal.com
173.0.84.224/27
66.211.170.85/30
66.211.170.88/29
173.224.165.0/26
173.0.94.244/30
173.224.161.128/25
173.0.84.0/29
include:3ph1._spf.paypal.com
208.201.241.163
67.72.99.26
206.165.246.80/29
64.127.115.252
194.64.234.129
65.110.161.77
204.13.11.48/29
63.80.14.0/23
208.64.132.0/22
81.223.46.0/27
216.136.168.80/28
129.41.77.70
include:3ph2._spf.paypal.com
208.85.50.137
157.151.208.65
208.40.232.70
12.130.86.238
198.178.234.57
67.221.168.65
216.136.162.120/29
216.136.162.65
74.112.67.243
204.92.114.187
65.212.180.36
8.20.114.31
include:3ph3._spf.paypal.com
8.20.114.31
108.175.18.45
108.175.30.45
54.244.242.0/24
209.67.98.46
206.25.247.143
209.46.117.179
54.241.16.209
209.67.98.59
54.214.39.184
209.46.117.168
206.25.247.155
198.61.254.231
include:3ph4._spf.paypal.com
182.50.78.64/28
204.14.232.64/28
96.43.148.64/28
96.43.144.64/28
96.43.151.64/28
204.14.232.64/28
204.14.234.64/28
208.185.229.45
66.170.126.97
216.128.126.97
216.66.217.240/29
208.72.249.240/29
include:sendgrid.net | SendGrid
167.89.0.0/17
208.117.48.0/20
50.31.32.0/19
198.37.144.0/20
198.21.0.0/21
192.254.112.0/20
168.245.0.0/17
149.72.0.0/16
159.183.0.0/16
134.128.64.0/19
134.128.96.0/19

This record also contains:

include:ab.sendgrid.net - SendGrid
include:ab.sendgrid.net | SendGrid
223.165.113.0/24
223.165.115.0/24
223.165.118.0/23
223.165.120.0/23
include:et._spf.pardot.com
198.245.81.0/24
136.147.176.0/24
13.111.0.0/16
136.147.182.0/24
136.147.135.0/24
199.122.123.0/24

DNS Lookup Details

1
include:
pp._spf.paypal.com
Valid

SPF record found

Lookup cost: 0
Included by paypal.com

TXT Record

v=spf1 ip4:173.0.84.224/27 ip4:66.211.170.85/30 ip4:66.211.170.88/29 ip4:173.224.165.0/26 ip4:173.0.94.244/30 ip4:173.224.161.128/25 ip4:173.0.84.0/29 -all

Processed recursively per RFC 7208

2
include:
3ph1._spf.paypal.com
Valid

SPF record found

Lookup cost: 0
Included by paypal.com

TXT Record

v=spf1 ip4:208.201.241.163 ip4:67.72.99.26 ip4:206.165.246.80/29 ip4:64.127.115.252 ip4:194.64.234.129 ip4:65.110.161.77 ip4:204.13.11.48/29 ip4:63.80.14.0/23 ip4:208.64.132.0/22 ip4:81.223.46.0/27 ip4:216.136.168.80/28 ip4:129.41.77.70 ~all

Processed recursively per RFC 7208

3
include:
3ph2._spf.paypal.com
Valid

SPF record found

Lookup cost: 0
Included by paypal.com

TXT Record

v=spf1 ip4:208.85.50.137 ip4:157.151.208.65 ip4:208.40.232.70 ip4:12.130.86.238 ip4:198.178.234.57 ip4:67.221.168.65 ip4:216.136.162.120/29 ip4:216.136.162.65 ip4:74.112.67.243 ip4:204.92.114.187 ip4:65.212.180.36 ip4:8.20.114.31 ~all

Processed recursively per RFC 7208

4
include:
3ph3._spf.paypal.com
Valid

SPF record found

Lookup cost: 0
Included by paypal.com

TXT Record

v=spf1 ip4:8.20.114.31 ip4:108.175.18.45 ip4:108.175.30.45 ip4:54.244.242.0/24 ip4:209.67.98.46 ip4:206.25.247.143 ip4:209.46.117.179 ip4:54.241.16.209 ip4:209.67.98.59 ip4:54.214.39.184 ip4:209.46.117.168 ip4:206.25.247.155 ip4:198.61.254.231 ~all

Processed recursively per RFC 7208

5
include:
3ph4._spf.paypal.com
Valid

SPF record found

Lookup cost: 0
Included by paypal.com

TXT Record

v=spf1 ip4:182.50.78.64/28 ip4:204.14.232.64/28 ip4:96.43.148.64/28 ip4:96.43.144.64/28 ip4:96.43.151.64/28 ip4:204.14.232.64/28 ip4:204.14.234.64/28 ip4:208.185.229.45 ip4:66.170.126.97 ip4:216.128.126.97 ip4:216.66.217.240/29 ip4:208.72.249.240/29 ~all

Processed recursively per RFC 7208

6
include:
sendgrid.net | SendGrid
Valid

SPF record found

Lookup cost: 1
Included by paypal.com

TXT Record

v=spf1 ip4:167.89.0.0/17 ip4:208.117.48.0/20 ip4:50.31.32.0/19 ip4:198.37.144.0/20 ip4:198.21.0.0/21 ip4:192.254.112.0/20 ip4:168.245.0.0/17 ip4:149.72.0.0/16 ip4:159.183.0.0/16 ip4:134.128.64.0/19 ip4:134.128.96.0/19 include:ab.sendgrid.net ~all

Processed recursively per RFC 7208

7
include:
ab.sendgrid.net | SendGrid
Valid

SPF record found

Lookup cost: 0
Included by sendgrid.net

TXT Record

v=spf1 ip4:223.165.113.0/24 ip4:223.165.115.0/24 ip4:223.165.118.0/23 ip4:223.165.120.0/23 ~all

Processed recursively per RFC 7208

8
include:
aspmx.pardot.com
Valid

SPF record found

Lookup cost: 1
Included by paypal.com

TXT Record

v=spf1 include:et._spf.pardot.com -all

Processed recursively per RFC 7208

9
include:
et._spf.pardot.com
Valid

SPF record found

Lookup cost: 0
Included by aspmx.pardot.com

TXT Record

v=spf1 ip4:198.245.81.0/24 ip4:136.147.176.0/24 ip4:13.111.0.0/16 ip4:136.147.182.0/24 ip4:136.147.135.0/24 ip4:199.122.123.0/24 -all

Processed recursively per RFC 7208

Email Security Configuration

How paypal.com configures email authentication

DMARC Domain Policy
Configured
v=DMARC1; p=reject; rua=mailto:[email protected]; ruf=mailto:[email protected]
p=reject DKIM: relaxed SPF: relaxed Reports enabled
SPF Sender Authorization
Configured
v=spf1 include:pp._spf.paypal.com include:3ph1._spf.paypal.com include:3ph2._spf.paypal.com include:3ph3._spf.paypal.com include:3ph4._spf.paypal.com include:sendgrid.net include:aspmx.pardot.com ~all
~all 7 includes
BIMI Brand Indicator
Configured
v=BIMI1; l=https://www.paypalobjects.com/marketing/web/logos/paypal_ppe.svg; a=https://www.paypalobjects.com/marketing/web/logos/PPE_UK_DE_paypal_inc.pem
Logo configured VMC certificate

Change History

Monitoring started January 10, 2026

Configuration changes will appear here when detected

Check Another Domain

Run a free email authentication check (DMARC, SPF, BIMI).

We will generate a shareable URL for your domain.

Try popular examples: google.com, amazon.com, booking.com

Explore Other Domains

Discover how other organizations configure their email authentication

Popular Domains

Frequently checked

Well-Configured

Reject policy + valid SPF

Same Policy

Also using reject

Showing domains checked by our users. All data is from public DNS records.

About This Checker

What we check

We analyze your domain's email authentication: DMARC policy and alignment, SPF record and includes, and BIMI logo/CV when present.

Why it matters

Healthy authentication improves delivery and blocks spoofing. Major inbox providers increasingly require DMARC and robust SPF/DKIM practices for senders.

Included features

  • DMARC syntax, policy, and reporting validation
  • SPF record evaluation and include analysis
  • DKIM/SPF alignment interpretation
  • BIMI record and VMC detection
  • Clear setup and remediation guidance

Related Tools

Free DMARC Record Generator
State of DMARC: Top 100 Domains
Check Another Domain

The Best Way to Monitor Your DMARC Performance

Don't rely on snapshots. Get the most accurate, real-time insights into your email delivery and reputation with DMARCTrust.

Start Monitoring Now View Plans