MX, SPF, DMARC are all set. Mail appears to be handled by Google Workspace. DKIM keys found at selectors `google`, `s1`, `s2`, `mandrill`.
stripe.com has 5 MX records, pointing at aspmx.l.google.com, alt1.aspmx.l.google.com, alt2.aspmx.l.google.com, aspmx2.googlemail.com, aspmx3.googlemail.com. That hostname pattern matches Google Workspace.
v=spf1 ip4:198.2.180.60/32 ip4:13.111.2.227/32 include:spf1.stripe.com include:greenhouse-outbound-mail.stripe.com include:_spf.qualtrics.com ~all
stripe.com publishes an SPF record ending in ~all, which is a soft-fail policy — mail from senders outside the listed mechanisms is allowed through but marked as suspicious. It consumes 7 of the 10 DNS lookups allowed by RFC 7208 §4.6.4 (SPF treats include:, redirect=, a, mx, ptr, and exists: as lookups that count against the limit).
DKIM keys were found at 4 selectors: `google`, `s1`, `s2`, `mandrill`. Multiple selectors usually indicates key rotation or multiple sending sources (e.g. one for transactional mail, one for marketing). Mail from this domain is signed cryptographically.
v=DMARC1; p=reject; pct=100; fo=1; rua=mailto:dmarc-reports@stripe.com; ruf=mailto:dmarc-forensics@stripe.com;
stripe.com publishes a DMARC record with policy `p=reject` — mail that fails DMARC alignment should be rejected outright by receivers. Aggregate reports are being sent to 1 address (rua), which is how the domain owner sees who's authenticating against this domain.
/tools/email-dns-checker/stripe.com.md · .json Last checked Jun 21, 2026, 1:58 AM Recheck A quieter alternative to MXToolbox.
Also check SSL & domain expiry for this domain →