us.hsbc.com Lookup - SPF-Record

Evaluation for the domain us.hsbc.com

Nameserverset:

ns21.hsbc.net
ns2.hsbc.us
ns20.hsbc.net
ns21.hsbc.uk
ns1.hsbc.us
ns20.hsbc.uk

Determined SPF record:

v=spf1 include:spf.us.hsbc.com include:spf1.us.hsbc.com include:spf-00299f02.pphosted.com ~all

v=spf1  include:spf.us.hsbc.com  include:spf1.us.hsbc.com include:spf-00299f02.pphosted.com ~all

SPF Send

Legitimated IP addresses:

45 IP addresses found

IP	Provider / ASN	DNSBL-Check
43.228.187.7	Arelion Sweden AB	blacklist
193.108.76.55	HSBC Bank plc	blacklist
91.214.7.40	HSBC Bank plc	blacklist
205.214.190.1	HSBC-COM	blacklist
205.214.191.1	HSBC-COM	blacklist
161.113.20.116	HSBC-COM	blacklist
161.113.20.117	HSBC-COM	blacklist
161.113.20.118	HSBC-COM	blacklist
161.113.20.119	HSBC-COM	blacklist
161.113.11.72	HSBC-COM	blacklist
161.113.11.73	HSBC-COM	blacklist
91.207.212.252	Proofpoint, Inc.	blacklist
91.207.212.252	Proofpoint, Inc.	blacklist
204.178.86.20	HSBC	blacklist
205.214.180.192	HSBC	blacklist
205.214.190.35	HSBC-COM	blacklist
208.93.26.27	FDCSGNET	blacklist
166.73.7.16	FDCSGNET	blacklist
166.73.7.20	FDCSGNET	blacklist
166.73.14.61	FDCSGNET	blacklist
166.73.14.63	FDCSGNET	blacklist
166.73.92.61	FDCSGNET	blacklist
166.73.92.63	FDCSGNET	blacklist
166.73.92.60	FDCSGNET	blacklist
208.235.248.20	FDCSGNET	blacklist
50.58.9.15	FDCSGNET	blacklist
204.95.150.215	FDCSGNET	blacklist
208.66.22.33	FDCSGNET	blacklist
12.108.255.69	INS-AS	blacklist
148.163.140.179	PROOFPOINT-ASN-US-EAST	blacklist
148.163.144.176	PROOFPOINT-ASN-US-WEST	blacklist
205.220.167.111	PROOFPOINT-ASN-US-WEST	blacklist
205.220.177.241	PROOFPOINT-ASN-US-EAST	blacklist
205.220.183.227	PROOFPOINT-ASN-US-EAST	blacklist
205.220.183.228	PROOFPOINT-ASN-US-EAST	blacklist
205.220.183.229	PROOFPOINT-ASN-US-EAST	blacklist
205.220.183.230	PROOFPOINT-ASN-US-EAST	blacklist
205.220.183.231	PROOFPOINT-ASN-US-EAST	blacklist
205.220.171.227	PROOFPOINT-ASN-US-WEST	blacklist
205.220.171.228	PROOFPOINT-ASN-US-WEST	blacklist
205.220.171.229	PROOFPOINT-ASN-US-WEST	blacklist
205.220.171.230	PROOFPOINT-ASN-US-WEST	blacklist
205.220.171.231	PROOFPOINT-ASN-US-WEST	blacklist
185.132.180.25	Proofpoint, Inc.	blacklist
91.207.212.252	Proofpoint, Inc.	blacklist

SPF-Syntax Check:

Syntax check passed: 0 error

(us.hsbc.com → spf-00299f02.pphosted.com) Mechanisms of SPF-Record are valid

OK for 'v' -> 'spf1'

OK for 'ip4' -> '185.132.180.25'

OK for 'ip4' -> '91.207.212.252'

(us.hsbc.com → spf-00299f02.pphosted.com) The SPF consists of a permissible character set.

The SPF record of spf-00299f02.pphosted.com contains valid characters.

(us.hsbc.com → spf.us.hsbc.com) Mechanisms of SPF-Record are valid

OK for 'v' -> 'spf1'

OK for 'ip4' -> '43.228.187.7'

OK for 'ip4' -> '193.108.76.55'

OK for 'ip4' -> '91.214.7.40'

OK for 'ip4' -> '205.214.190.1'

OK for 'ip4' -> '205.214.191.1'

OK for 'ip4' -> '161.113.20.116'

OK for 'ip4' -> '161.113.20.117'

OK for 'ip4' -> '161.113.20.118'

OK for 'ip4' -> '161.113.20.119'

OK for 'ip4' -> '161.113.11.72'

OK for 'ip4' -> '161.113.11.73'

OK for 'all' -> '~'

(us.hsbc.com → spf.us.hsbc.com) The SPF consists of a permissible character set.

The SPF record of spf.us.hsbc.com contains valid characters.

(us.hsbc.com → spf1.us.hsbc.com → spf.cashedge.com) Mechanisms of SPF-Record are valid

OK for 'v' -> 'spf1'

OK for 'ip4' -> '148.163.144.176'

OK for 'ip4' -> '205.220.171.231'

OK for 'ip4' -> '205.220.171.230'

OK for 'ip4' -> '205.220.171.229'

OK for 'ip4' -> '205.220.171.228'

OK for 'ip4' -> '205.220.171.227'

OK for 'ip4' -> '205.220.183.231'

OK for 'ip4' -> '205.220.183.230'

OK for 'ip4' -> '205.220.183.229'

OK for 'ip4' -> '205.220.183.228'

OK for 'ip4' -> '205.220.183.227'

OK for 'ip4' -> '205.220.177.241'

OK for 'ip4' -> '205.220.167.111'

OK for 'ip4' -> '148.163.140.179'

OK for 'ip4' -> '208.93.26.27'

OK for 'ip4' -> '12.108.255.69'

OK for 'ip4' -> '208.66.22.33'

OK for 'ip4' -> '204.95.150.215'

OK for 'ip4' -> '50.58.9.15'

OK for 'ip4' -> '208.235.248.20'

OK for 'ip4' -> '166.73.92.60'

OK for 'ip4' -> '166.73.92.63'

OK for 'ip4' -> '166.73.92.61'

OK for 'ip4' -> '166.73.14.63'

OK for 'ip4' -> '166.73.14.61'

OK for 'ip4' -> '166.73.7.20'

OK for 'ip4' -> '166.73.7.16'

OK for 'all' -> '~'

(us.hsbc.com → spf1.us.hsbc.com → spf.cashedge.com) The SPF consists of a permissible character set.

The SPF record of spf.cashedge.com contains valid characters.

(us.hsbc.com → spf1.us.hsbc.com) Mechanisms of SPF-Record are valid

OK for 'v' -> 'spf1'

OK for 'mx'

OK for 'a' -> 'nyiron3.us.hsbc.com:'

OK for 'a' -> 'njiron3.us.hsbc.com:'

OK for 'a' -> 'vhiron3.us.hsbc.com:'

OK for 'include' -> 'spf.cashedge.com'

OK for 'all' -> '~'

(us.hsbc.com → spf1.us.hsbc.com) The SPF consists of a permissible character set.

The SPF record of spf1.us.hsbc.com contains valid characters.

(us.hsbc.com) Mechanisms of SPF-Record are valid

OK for 'v' -> 'spf1'

OK for 'include' -> 'spf.us.hsbc.com'

OK for 'include' -> 'spf1.us.hsbc.com'

OK for 'include' -> 'spf-00299f02.pphosted.com'

OK for 'all' -> '~'

(us.hsbc.com) The DNS lookup limit was not exceeded.

The limit was not exceeded:

1: us.hsbc.com include:spf.us.hsbc.com
2: us.hsbc.com include:spf1.us.hsbc.com
3: us.hsbc.com include:spf1.us.hsbc.com - MX
4: us.hsbc.com include:spf1.us.hsbc.com - A
5: us.hsbc.com include:spf1.us.hsbc.com - A
6: us.hsbc.com include:spf1.us.hsbc.com - A
7: us.hsbc.com include:spf1.us.hsbc.com include:spf.cashedge.com
8: us.hsbc.com include:spf-00299f02.pphosted.com

(us.hsbc.com) The SPF consists of a permissible character set.

The SPF record of us.hsbc.com contains valid characters.

Analysis result of the SPF record for the domain: us.hsbc.com

SPF record available?

We found an SPF record for the domain.

v=spf1

Additional external SPF records

We could find other records authorized in the SPF record

➥

include:spf.us.hsbc.com

v=spf1 ip4:43.228.187.7 ip4:193.108.76.55 ip4:91.214.7.40 ip4:205.214.190.1 ip4:205.214.191.1 ip4:161.113.20.116 ip4:161.113.20.117 ip4:161.113.20.118 ip4:161.113.20.119 ip4:161.113.11.72 ip4:161.113.11.73 ~all

ipv4:

43.228.187.7

ipv4:

193.108.76.55

ipv4:

91.214.7.40

ipv4:

205.214.190.1

ipv4:

205.214.191.1

ipv4:

161.113.20.116

ipv4:

161.113.20.117

ipv4:

161.113.20.118

ipv4:

161.113.20.119

ipv4:

161.113.11.72

ipv4:

161.113.11.73

➥

include:spf1.us.hsbc.com

v=spf1 mx a:nyiron3.us.hsbc.com a:njiron3.us.hsbc.com a:vhiron3.us.hsbc.com include:spf.cashedge.com ~all

mx:

mxa-00299f02.gslb.pphosted.com

mx:

mxb-00299f02.gslb.pphosted.com

➥

include:spf.cashedge.com

v=spf1 ip4:208.93.26.27 ip4:166.73.7.16 ip4:166.73.7.20 ip4:166.73.14.61 ip4:166.73.14.63 ip4:166.73.92.61 ip4:166.73.92.63 ip4:166.73.92.60 ip4:208.235.248.20 ip4:50.58.9.15 ip4:204.95.150.215 ip4:208.66.22.33 ip4:12.108.255.69 ip4:148.163.140.179 ip4:148.163.144.176 ip4:205.220.167.111 ip4:205.220.177.241 ip4:205.220.183.227 ip4:205.220.183.228 ip4:205.220.183.229 ip4:205.220.183.230 ip4:205.220.183.231 ip4:205.220.171.227 ip4:205.220.171.228 ip4:205.220.171.229 ip4:205.220.171.230 ip4:205.220.171.231 ~all

ipv4:

208.93.26.27

ipv4:

166.73.7.16

ipv4:

166.73.7.20

ipv4:

166.73.14.61

ipv4:

166.73.14.63

ipv4:

166.73.92.61

ipv4:

166.73.92.63

ipv4:

166.73.92.60

ipv4:

208.235.248.20

ipv4:

50.58.9.15

ipv4:

204.95.150.215

ipv4:

208.66.22.33

ipv4:

12.108.255.69

ipv4:

148.163.140.179

ipv4:

148.163.144.176

ipv4:

205.220.167.111

ipv4:

205.220.177.241

ipv4:

205.220.183.227

ipv4:

205.220.183.228

ipv4:

205.220.183.229

ipv4:

205.220.183.230

ipv4:

205.220.183.231

ipv4:

205.220.171.227

ipv4:

205.220.171.228

ipv4:

205.220.171.229

ipv4:

205.220.171.230

ipv4:

205.220.171.231

➥

include:spf-00299f02.pphosted.com

v=spf1 ip4:185.132.180.25 ip4:91.207.212.252

ipv4:

185.132.180.25

ipv4:

91.207.212.252

E-Mail handling

How should the checkHost() function of the e-mail server handle the e-mail? (syntax )

~all
SoftFail (non-compliant e-mails are accepted but marked)

Unknown mechanisms

Unknown mechanisms were found in the SPF record

Will be forwarded to another SPF record?

There is no reference to any other SPF record

Are the server addresses allowed to send e-mails?

In the SPF entry the mechanism 'a' has not been set.

Additionally authorized A-records?

In addition to the A-Records stored in the DNS, we could not find any other records authorized in the SPF-Record.

Are the registered mail servers allowed to send e-mails?

In the SPF entry the mechanism 'mx' has not been set

Additionally authorized MX records

We could not find any other records authorized in the SPF record besides the MX records stored in the DNS

Additionally authorized IPv4 addresses

No explicit IPv4 addresses in the SPF record have been authorised to send

Additionally authorized IPv6 addresses

No explicit IPv6 addresses in the SPF record have been authorised to send

How is the sender informed?

The exp mechanism acts as a return to the sender if the IP address was not authorized to send and notify them. None was found.

PTR (obsolete mechanism)

The ptr mechanism is deprecated, slow and insecure and should not be used

PTR:

The ptr mechanism is deprecated, slow and insecure and should not be used

Authorize IP addresses with markers

When SPF is evaluated, macros can specifically authorize Ip addresses based on the request or connection of the user or client (RFC7208 )

Receiver address

analysis.ra-missing

Amount of reports

analysis.rp-missing

Report selection

analysis.rr-missing

SPF Check:
us.hsbc.com

1. Specify domain name

2. Specify IP address (optional)

What is the SPF lookup for?

SPF check passed

Evaluation for the domain us.hsbc.com

Recently performed SPF lookups

How secure is your domain?

SPF Check: us.hsbc.com

1. Specify domain name

2. Specify IP address (optional)

What is the SPF lookup for?

SPF check passed

Evaluation for the domain us.hsbc.com

Recently performed SPF lookups

How secure is your domain?

SPF Check:
us.hsbc.com