CONTINUOUS INTERNET TELEMETRY24H DRIFT1,903 material changesacross 1,719 domains · -648 vs yesterdayDNS DRIFT13 domains changed DNS providertop destination afternic.com · -3 vs yesterdayEMAIL DRIFT6 domains switched email providertop destination google.com · +1 vs yesterdayCERT DRIFT1 domains switched issuing CA24h · -4 vs yesterdayNOW3,407 curated domains not answeringlast probe, steadyERRORS10,892 responded with an errorlast probe · 5xx / 404 / 429 / 40324H DRIFT1,903 material changesacross 1,719 domains · -648 vs yesterdayDNS DRIFT13 domains changed DNS providertop destination afternic.com · -3 vs yesterdayEMAIL DRIFT6 domains switched email providertop destination google.com · +1 vs yesterdayCERT DRIFT1 domains switched issuing CA24h · -4 vs yesterdayNOW3,407 curated domains not answeringlast probe, steadyERRORS10,892 responded with an errorlast probe · 5xx / 404 / 429 / 403

mail.com

Observed 2026-07-13T22:11:47.087Z (17h ago). Every field below was attested with an Ed25519 signature at scan time.

Up right now
Runs onCloudflare
Registered withWorld4You Internet Services GmbH
Also usesGoogle Search ConsoleFacebook/Meta
12 subdomains · tranco_5k
Every line above is a signed observation. Check the math at the bottom of the page.
INFRASTRUCTURE MAPwhat mail.com actually stands on - every host below is a signed observation
mail.com
A / AAAA
217.72.199.4
Cloudflareserves the site
NS
ns-gmx.ui-dns.orgns-gmx.ui-dns.dens-gmx.ui-dns.bizns-gmx.ui-dns.com
ui-dns.org + ui-dns.de + moreanswers its DNS
MX
mx00.mail.commx01.mail.com
mail.comreceives its email

HTTPS probe

redirect Redirecting (3xx) 301 → https://www.mail.com/
HTTP status301
Servercloudflare
TLS protocolHTTP/2
TLS issuernot observed
Behind Cloudflareyes
Response time715 ms
DNS resolutionNOERROR
Redirect chain
https://www.mail.com/

Every field above is part of the same signed observation as the records below. Blank means not observed, never "none".

DNS Records

A 1

  • 217.72.199.4

MX 2

  • 10mx00.mail.com
  • 10mx01.mail.com

TXT 12

  • tpverification20190725
  • google-site-verification=uKluyr2DCMEw-x6xj83XKnu0IKR3AqUJ1qZcWyAZRDk
  • plnw801jhnynl9yjq06byqmfhjw58vh2
  • facebook-domain-verification=1tfo5yk9c82lmx9liuspqxjs4pflqh
  • 6l6jlm3slqmj6p36q5ml3klr3y26fdf8
  • google-site-verification=q1HG15Gz1NxldgaHm8L0IMUI1rx-lcr7b3GdhzQD38M
  • google-site-verification=YymMa2Q1A1HdQ6ZSXlCEjvK-0cm9pYYHyK9jLlaZO_Q
  • google-site-verification=Kf3yXNbla6wH4iBd4VLGWn_8tSmFpAVTsDakfLRx5fI
  • v=spf1 redirect=_spf.mail.com
  • v=DMARC1; p=quarantine; rua=mailto:dmarcreport@mail.com

NS 4

  • ns-gmx.ui-dns.org
  • ns-gmx.ui-dns.de
  • ns-gmx.ui-dns.biz
  • ns-gmx.ui-dns.com

SOA 1

  • ns-gmx.ui-dns.com hostmaster.gmx.net

CAA 6

  • issue telesec.de
  • issue sectigo.com
  • issue Digicert.com
  • issuewild digicert.com
  • issuewild sectigo.com
  • issuewild telesec.de

TLS Certificates (0)

None.

Subdomains (12)

The proof

Signed at scan time. Check the math yourself. Every line above is part of one signed observation. Re-hash it and check the Ed25519 signature in your own browser; nothing leaves your machine.

Verify this receipt

Put the receipt on your own site. A live badge showing what DomainDrift observes and signs for mail.com. It updates itself. It attests a signed observation - not that the site is safe.

DomainDrift signed-observation badge for mail.com <a href="https://domaindrift.io/t/mail.com"> <img src="https://domaindrift.io/badge/mail.com.svg" width="300" height="64" alt="DomainDrift signed observations for mail.com"> </a>

Ed25519 Receipt

Receipt ID
7f2a1525-3f48-4640-838e-64602fbca07f
Output Hash
ba5ffb67dcd8e82e0639e64646693baff59c47234ee809f0414e09132b1c4ebb
Signature
ed25519:1bad976ad17362af4c479bc7367e8f9334f49248f7152a5cba800a7c97cc62159c58c35b2795daa9e1c5d321732e16e933537fd3d1d34e709b53c86913df0207
Public Key
ed25519:d610d74ef18f683e5beb859d241d5e67dff0c122e8928b06bec1c2476f4ba27b
Parent
(genesis)
Plane
fast
Verify this in your browser