Email Security Analysis of clipify.us

Complete verification of clipify.us's SPF, DKIM, DMARC, and MTA-STS records. Find out if this domain is protected against email spoofing.

Last updated: April 15, 2026

58C

This domain is vulnerable to spoofing

SPF

Warning

v=spf1 include:_spf.purelymail.com ~all

Read the guide

DKIM

OK

Selectors: google, default, selector1, selector2, k1, mandrill, dkim, mail, smtp, s1, s2, protonmail, protonmail2, protonmail3, zendesk1, zendesk2, resend, everlytickey1, cm, mxvault, zoho, zmail, fm1, fm2, fm3

DMARC

Warning

v=DMARC1; p=none;

Read the guide

MX

OK

mailserver.purelymail.com

MTA-STS

Missing

No record found

Read the guide

Recommendations

1Change your DMARC policy from p=none to p=reject to block spoofing
With p=none, your DMARC record only monitors — it doesn't actually block spoofed emails. Attackers can still send emails as your domain and they'll be delivered normally. Switching to p=reject instructs receiving servers to drop fraudulent messages before they reach the inbox.
2Add rua=mailto:dmarc@yourdomain to your DMARC to receive reports
Without DMARC reporting (rua=), you have no visibility into who is sending email on behalf of your domain. Aggregate reports let you detect spoofing attempts, identify misconfigured legitimate senders, and confidently tighten your policy over time.
3Harden your SPF by replacing ~all with -all (hardfail)
With ~all (softfail), unauthorized senders are flagged but emails are usually still delivered. Switching to -all (hardfail) explicitly tells receiving servers to reject emails from unauthorized sources, providing much stronger protection against spoofing.
4Add MTA-STS to enforce TLS encryption for incoming emails
Without MTA-STS, an attacker performing a man-in-the-middle attack can downgrade the connection between mail servers to plaintext, intercepting emails in transit. MTA-STS tells sending servers to only deliver via TLS with a valid certificate, preventing downgrade attacks.