hm.com email security: SPF, DKIM & DMARC
Is hm.com spoofable? See hm.com's SPF, DKIM, DMARC and MTA-STS records and find out if this domain is protected against email spoofing.
Last updated: June 3, 2026
SPF
OKv=spf1 include:spf.protection.outlook.com include:%{i}._ip.%{h}._ehlo.%{d}._spf.vali.email ~allDKIM
OKSelectors: selector1, s1, s2DMARC
OKv=DMARC1; p=reject; rua=mailto:dmarc_agg@vali.emailMX
OKhm-com.mail.protection.outlook.comRecommendations
1Add MTA-STS to enforce TLS encryption for incoming emails
Without MTA-STS, an attacker performing a man-in-the-middle attack can downgrade the connection between mail servers to plaintext, intercepting emails in transit. MTA-STS tells sending servers to only deliver via TLS with a valid certificate, preventing downgrade attacks.
Run a live analysis
The results above are updated daily. For an instant check of hm.com, run a live analysis.
Analyze hm.com liveFrequently asked questions about hm.com
Is hm.com spoofable?
No. hm.com is protected against email spoofing with a robust configuration. Email security score: 90/100 (grade A).
Does hm.com have an SPF record?
Yes, hm.com publishes an SPF record (~all qualifier).
What is hm.com's DMARC record?
hm.com publishes a DMARC record (_dmarc.hm.com) with a p=reject policy.
Does hm.com use DKIM?
Yes, DKIM signatures were detected for hm.com.
Want to test another domain? Run a free email spoofing test.
Guides to understand these results
SPF Guide
Understand how SPF defines which servers are authorized to send emails for a domain.
DKIM Guide
Discover how DKIM cryptographically signs your emails to guarantee their authenticity.
DMARC Guide
Learn how DMARC orchestrates SPF and DKIM to protect your domain.
MTA-STS Guide
Learn how MTA-STS enforces TLS encryption to protect your emails in transit.
SPF vs DKIM vs DMARC
Compare the three protocols and understand how they work together.