citi.com email security: SPF, DKIM & DMARC
Is citi.com spoofable? See citi.com's SPF, DKIM, DMARC and MTA-STS records and find out if this domain is protected against email spoofing.
Last updated: June 3, 2026
SPF
Warningv=spf1 a:1._spf.citigroup.com a:2._spf.citigroup.com a:mailir.citi.com include:spf-00123c01.pphosted.com include:_spf.lwo.locaweb.com.br redirect=ext1._spf.citigroup.comRead the guideDKIM
OKSelectors: s1, s2DMARC
OKv=DMARC1; p=reject; rua=mailto:dmarc_rua@emaildefense.proofpoint.com,mailto:dmarc.reports.rua@citi.comMX
OKmx-a.mail.citi.com, mx-b.mail.citi.comRecommendations
1Add MTA-STS to enforce TLS encryption for incoming emails
Without MTA-STS, an attacker performing a man-in-the-middle attack can downgrade the connection between mail servers to plaintext, intercepting emails in transit. MTA-STS tells sending servers to only deliver via TLS with a valid certificate, preventing downgrade attacks.
Run a live analysis
The results above are updated daily. For an instant check of citi.com, run a live analysis.
Analyze citi.com liveFrequently asked questions about citi.com
Is citi.com spoofable?
No. citi.com is protected against email spoofing with a robust configuration. Email security score: 75/100 (grade B).
Does citi.com have an SPF record?
Yes, citi.com publishes an SPF record.
What is citi.com's DMARC record?
citi.com publishes a DMARC record (_dmarc.citi.com) with a p=reject policy.
Does citi.com use DKIM?
Yes, DKIM signatures were detected for citi.com.
Want to test another domain? Run a free email spoofing test.
Guides to understand these results
SPF Guide
Understand how SPF defines which servers are authorized to send emails for a domain.
DKIM Guide
Discover how DKIM cryptographically signs your emails to guarantee their authenticity.
DMARC Guide
Learn how DMARC orchestrates SPF and DKIM to protect your domain.
MTA-STS Guide
Learn how MTA-STS enforces TLS encryption to protect your emails in transit.
SPF vs DKIM vs DMARC
Compare the three protocols and understand how they work together.