All data shown is public and sourced from DNS.
Last checked about 5 hours ago
zoom.us domain score
Your domain has strong email authentication. A few improvements can get you to a perfect score.
Top Recommendation
Upgrade to -all (hard fail) for maximum protection
SPF improvement
zoom.us enforces a strict DMARC reject policy, instructing receivers to block unauthenticated emails. SPF is published with a soft fail policy (~all), flagging unauthorized senders without blocking them. Overall, zoom.us has solid email authentication with room for minor improvements.
Curious how this compares? See the DMARC posture of the top 100 domains.
DMARC Check Results
45 / 50 points
Score Breakdown
DMARC check passed: properly configured
DMARC record is valid and configured correctly.
_dmarc.zoom.us TXT Entry:
v=DMARC1;p=reject;ri=3600;rua=mailto:[email protected],mailto:[email protected];
Policy (p)
reject
DKIM Alignment (adkim)
Relaxed (default)
SPF Alignment (aspf)
Relaxed (default)
Reporting (RUA/RUF)
Aggregate Reports
External Domain Verification
Verification successful
Add Our Monitoring System
You can add our monitoring system alongside your existing setup. DMARC supports multiple mailto: addresses, giving you additional visibility and backup reporting.
- Automated DMARC report processing every 5 minutes
- Track all sending sources and authentication results
- Email alerts when your DNS records change
BIMI Check (default selector)
20 / 20 points
Score Breakdown
BIMI Record Found and Looks Good
Current BIMI Entry:
v=BIMI1; l=https://explore.zoom.us/media/zoom-icon-bimi.svg; a=https://explore.zoom.us/docs/zoom_video_communications_inc.pem;
Logo URL
https://explore.zoom.us/media/zoom-icon-bimi.svg
image/svg+xml
Note: We do not parse SVG content for safety.
SPF Record Check Results
26 / 30 points
Score Breakdown
SPF record is valid.
zoom.us TXT SPF Entry:
v=spf1 include:%{ir}.%{v}.%{d}.spf.has.pphosted.com include:_spf.google.com include:amazonses.com ip4:52.38.191.241 include:servers.mcsv.net include:_spf.salesforce.com include:spf.mandrillapp.com ip4:13.110.78.0/24 ~all
Syntax Check
OK
DNS Lookup Count
7 / 10 max
Root-level mechanisms requiring DNS queries: 6.
Void Lookups
0 / 2 max
Default Policy
~allSoft fail: Mark emails from unauthorized servers as suspicious but don't reject
All Authorized IP Addresses
Grouped by DNS record source (includes and sub-includes)
zoom.us (Root SPF Record)
This record also contains:
include:_spf.google.com | Google
include:amazonses.com | Amazon SES
include:servers.mcsv.net | Mailchimp
include:spf.mandrillapp.com | Mailchimp Transactional
DNS Lookup Details
include:
%{ir}.%{v}.%{d}.spf.has.pphosted.com
| Proofpoint
Dynamic SPF macro - counts as 1 potential lookup when evaluated at delivery time
SPF Macro Variables:
%{ir} = reversed sender IP address, %{v} = IP version (in-addr/ip6), %{d} = current domain
This mechanism uses SPF macros that are expanded when an email is received. The actual domain queried depends on the sender's IP address and other connection details.
zoom.us
include:
_spf.google.com
| Google
SPF record found
zoom.us
TXT Record
v=spf1 ip4:74.125.0.0/16 ip4:209.85.128.0/17 ip6:2001:4860:4864::/56 ip6:2404:6800:4864::/56 ip6:2607:f8b0:4864::/56 ip6:2800:3f0:4864::/56 ip6:2a00:1450:4864::/56 ip6:2c0f:fb50:4864::/56 ~all
Processed recursively per RFC 7208
include:
amazonses.com
| Amazon SES
SPF record found
zoom.us
TXT Record
v=spf1 ip4:199.255.192.0/22 ip4:199.127.232.0/22 ip4:54.240.0.0/18 ip4:69.169.224.0/20 ip4:23.249.208.0/20 ip4:23.251.224.0/19 ip4:76.223.176.0/20 ip4:54.240.64.0/18 ip4:76.223.128.0/19 ip4:216.221.160.0/19 ip4:206.55.144.0/20 ip4:24.110.64.0/18 -all
Processed recursively per RFC 7208
include:
servers.mcsv.net
| Mailchimp
SPF record found
zoom.us
TXT Record
v=spf1 ip4:205.201.128.0/20 ip4:198.2.128.0/18 ip4:148.105.0.0/16 -all
Processed recursively per RFC 7208
include:
_spf.salesforce.com
SPF record found
zoom.us
TXT Record
v=spf1 exists:%{i}._spf.mta.salesforce.com -all
Processed recursively per RFC 7208
exists:
%{i}._spf.mta.salesforce.com
Dynamic SPF macro - counts as 1 potential lookup when evaluated at delivery time
SPF Macro Variables:
%{i} = sender IP address
This mechanism uses SPF macros that are expanded when an email is received. The actual domain queried depends on the sender's IP address and other connection details.
include:
spf.mandrillapp.com
| Mailchimp Transactional
SPF record found
zoom.us
TXT Record
v=spf1 ip4:198.2.128.0/24 ip4:198.2.132.0/22 ip4:198.2.136.0/23 ip4:198.2.145.0/24 ip4:198.2.186.0/23 ip4:205.201.131.0/24 ip4:205.201.134.128/25 ip4:205.201.136.0/23 ip4:205.201.139.0/24 ip4:198.2.177.0/24 ip4:198.2.178.0/23 ip4:198.2.180.0/24 ~all
Processed recursively per RFC 7208
TLS Security
0 / 10 points
Score Breakdown
TLS-RPT (Reporting)
TLS-RPT Not Configured
Publish a TXT record at _smtp._tls.zoom.us with v=TLSRPTv1 and reporting URI (rua=).
MTA-STS (Policy)
MTA-STS Not Configured
Publish a TXT record at _mta-sts.zoom.us with v=STSv1 and policy ID (id=).
Protect inbound transport
You've checked your outbound authentication. But without MTA-STS and TLS-RPT, mail delivered to zoom.us isn't protected against transport downgrade attacks. Receiver Shield helps you deploy, monitor, and safely enforce transport security.
Know when your DNS records change
The check you just ran shows your current configuration. But DNS records change, sometimes without you knowing. A well-meaning IT change, a third-party provider update, or an unauthorized modification can break your email delivery overnight.
Configuration Drift
IT changes that accidentally break authentication
Provider Updates
Third-party services changing their SPF includes
Unauthorized Changes
Attackers modifying records to send as you
DMARCTrust monitors your DNS records continuously. When something changes, you get an email alert with exactly what changed and why it matters. No more surprises when customers complain their emails bounced.
Email Security Configuration
How zoom.us configures email authentication
v=DMARC1;p=reject;ri=3600;rua=mailto:[email protected],mailto:[email protected];
v=spf1 include:%{ir}.%{v}.%{d}.spf.has.pphosted.com include:_spf.google.com include:amazonses.com ip4:52.38.191.241 include:servers.mcsv.net include:_spf.salesforce.com include:spf.mandrillapp.com ip4:13.110.78.0/24 ~all
v=BIMI1; l=https://explore.zoom.us/media/zoom-icon-bimi.svg; a=https://explore.zoom.us/docs/zoom_video_communications_inc.pem;
Change History
Configuration changes will appear here when detected
Check Another Domain
Run a free email authentication check (DMARC, SPF, BIMI).
We will generate a shareable URL for your domain.
Try popular examples: google.com, amazon.com, booking.com
Explore other domains
Discover how other organizations configure their email authentication
Popular Domains
Frequently checked
Well-Configured
Reject policy + valid SPF
Same Policy
Also using reject
Showing domains checked by our users. All data is from public DNS records.
About This Checker
What we check
We analyze your domain's email authentication: DMARC policy and alignment, SPF record and includes, and BIMI logo and certificate status when present.
Why it matters
Healthy authentication improves delivery and blocks spoofing. Major inbox providers increasingly expect DMARC and aligned SPF/DKIM from senders.
Included features
- DMARC syntax, policy, and reporting validation
- SPF record evaluation and include analysis
- DKIM/SPF alignment interpretation
- BIMI record and VMC detection
- Clear setup and remediation guidance
Monitor your email authentication 24/7
This check shows a snapshot. With DMARCTrust, you get continuous monitoring of your DMARC reports and DNS records, with instant alerts when something changes.