CONTINUOUS INTERNET TELEMETRY24H DRIFT3,014 material changesacross 2,703 domains · -384 vs yesterdayDNS DRIFT23 domains changed DNS providertop destination cloudflare.com · -4 vs yesterdayEMAIL DRIFT3 domains switched email providertop destination h-email.net · -3 vs yesterdayCERT DRIFT7 domains switched issuing CA24hNOW3,311 curated domains not answering-6,407 vs yesterdayERRORS10,955 responded with an errorlast probe · 5xx / 404 / 429 / 40324H DRIFT3,014 material changesacross 2,703 domains · -384 vs yesterdayDNS DRIFT23 domains changed DNS providertop destination cloudflare.com · -4 vs yesterdayEMAIL DRIFT3 domains switched email providertop destination h-email.net · -3 vs yesterdayCERT DRIFT7 domains switched issuing CA24hNOW3,311 curated domains not answering-6,407 vs yesterdayERRORS10,955 responded with an errorlast probe · 5xx / 404 / 429 / 403

mail.de

Observed 2026-07-12T14:36:08.635Z (22h ago). Every field below was attested with an Ed25519 signature at scan time.

Up right now
Runs onCloudflare
Secured byLet's Encrypt
Also usesGoogle Search Console
IPv6 · 97 subdomains · tranco_40k
Every line above is a signed observation. Check the math at the bottom of the page.
INFRASTRUCTURE MAPwhat mail.de actually stands on - every host below is a signed observation
mail.de
A / AAAA
62.201.172.82001:868:100:600::200
Cloudflareserves the site
NS
anycast2.irondns.netanycast1.irondns.netsec1.rcode0.netsec2.rcode0.net
irondns.net + rcode0.netanswers its DNS
MX
mx02.mail.demx01.mail.de
mail.dereceives its email
TLS
mail.de
Let's Encryptissued its certificate

HTTPS probe

redirect Redirecting (3xx) 302 → /de/
HTTP status302
Servercloudflare
TLS protocolHTTP/2
TLS issuernot observed
Behind Cloudflareyes
Response time606 ms
DNS resolutionNOERROR
Redirect chain
/de/

Every field above is part of the same signed observation as the records below. Blank means not observed, never "none".

DNS Records

A 1

  • 62.201.172.8

AAAA 1

  • 2001:868:100:600::200

MX 2

  • 10mx02.mail.de
  • 10mx01.mail.de

TXT 5

  • google-site-verification=sl9KWG5m93CAT_QCIN1hq9Ryle8rp_9wNCd0_JvX2mA
  • v=spf1 ip4:62.201.172.0/27 ip4:62.201.172.32/27 ip6:2001:0868:0100:0600::/64 ip4:194.113.42.0/26 ip6:2a0f:f640::/56 ~all
  • v=DMARC1; p=quarantine; rua=mailto:dmarc-rua@mail.de
  • v=STSv1; id=0000002;
  • v=DNSSEC1; (detected)

NS 4

  • anycast2.irondns.net
  • anycast1.irondns.net
  • sec1.rcode0.net
  • sec2.rcode0.net

SOA 1

  • anycast1.irondns.net dnsmaster.irondns.net

CAA 7

  • issue digicert.com
  • issue letsencrypt.org
  • issuewild comodoca.com
  • issue comodoca.com
  • issuewild letsencrypt.org
  • issuewild digicert.com
  • iodef mailto:hostmaster@mail.de

TLS Certificates (0)

None.

Subdomains (97)

The proof

Signed at scan time. Check the math yourself. Every line above is part of one signed observation. Re-hash it and check the Ed25519 signature in your own browser; nothing leaves your machine.

Verify this receipt

Put the receipt on your own site. A live badge showing what DomainDrift observes and signs for mail.de. It updates itself. It attests a signed observation - not that the site is safe.

DomainDrift signed-observation badge for mail.de <a href="https://domaindrift.io/t/mail.de"> <img src="https://domaindrift.io/badge/mail.de.svg" width="300" height="64" alt="DomainDrift signed observations for mail.de"> </a>

Ed25519 Receipt

Receipt ID
8d6419aa-ff6e-4a3a-bfe9-3db82b457ae5
Output Hash
fd9a5687b68a45b63d0f237b12f6be05872815b90d5b9899118a7cab0e4cb35b
Signature
ed25519:c19294ab586011ca794db4e4d2e1324f3140dad348761aa000f60239ef2c990fcbbcdad0fa808918dd7fb4dc3c1e031e580394109cb199e8bdfb64c2c5b0a300
Public Key
ed25519:d610d74ef18f683e5beb859d241d5e67dff0c122e8928b06bec1c2476f4ba27b
Parent
(genesis)
Plane
fast
Verify this in your browser