gitlab.com email security: SPF, DKIM & DMARC

Is gitlab.com spoofable? See gitlab.com's SPF, DKIM, DMARC and MTA-STS records and find out if this domain is protected against email spoofing.

Last updated: June 3, 2026

90A

This domain is protected against spoofing

SPF

v=spf1 include:mail.zendesk.com include:_spf.google.com include:mktomail.com include:_spf.salesforce.com include:_spf-ip.gitlab.com a:zgateway.zuora.com include:mailgun.org include:_spf.sendergen.com ip4:35.80.141.6/32 ip4:44.229.121.55/32 -all

DKIM

Selectors: google, k1, mail, zendesk1, zendesk2

DMARC

v=DMARC1; p=reject; pct=100; rua=mailto:dmarc_agg@vali.email;

MX

aspmx.l.google.com, alt1.aspmx.l.google.com, alt2.aspmx.l.google.com, alt3.aspmx.l.google.com, alt4.aspmx.l.google.com

MTA-STS

Missing

No record found

Read the guide

Recommendations

1Add MTA-STS to enforce TLS encryption for incoming emails
Without MTA-STS, an attacker performing a man-in-the-middle attack can downgrade the connection between mail servers to plaintext, intercepting emails in transit. MTA-STS tells sending servers to only deliver via TLS with a valid certificate, preventing downgrade attacks.