What is an MX record and why is it important?

An MX (Mail Exchange) record is a type of DNS record that specifies the mail server responsible for accepting email messages on behalf of a domain. When you send an email, the sending server queries the recipient's domain for its MX records to know where to deliver the email.

What is an SPF record and how does it help?

An SPF (Sender Policy Framework) record is a DNS TXT record that lists all authorized mail servers allowed to send email on behalf of a domain. It helps prevent email spoofing by allowing recipient servers to verify the sender's legitimacy.

What are white-label email services?

White-label services host email for a domain but use their own generic hostnames in the MX records, obscuring the actual provider. This means the MX record won't directly show a familiar name like 'google.com' or 'yahoo.com'.

Can a company use Gmail under the hood even if their MX records don't say Gmail?

Even if MX records don't explicitly show Gmail , a company could still be using Google Workspace. You might find clues in their SPF records (e.g., include:_spf.google.com ) or by checking their mail server's IP ownership.

Is it possible for a company to use different providers for sending and receiving emails?

Yes, some companies use one provider for inbound email (receiving) and another for outbound email (sending). MX records indicate the receiving server, while SPF records and email headers provide clues about the sending infrastructure.

How can I determine if a company's email is using Gmail or Yahoo under the hood? - Technical - Email deliverability - Knowledge base

When you receive an email from a company, it often appears to come from their custom domain, like info@yourcompany.com. However, the infrastructure actually sending or receiving that email might be provided by a large service such as

Gmail (Google Workspace) or

Yahoo. Identifying the underlying provider is crucial for various reasons, from troubleshooting deliverability issues to understanding a company's security posture.

Knowing who handles a company's email can significantly impact how you interact with them, especially in terms of email campaigns or security assessments. For instance, Gmail's new protections and Yahoo's inbox requirements require specific authentication standards, which are easier to manage if you know the email service provider (ESP) involved.

We'll explore several methods, from simple DNS lookups to more advanced investigative techniques, to help you uncover the true host of a company's email infrastructure. Each approach provides different levels of insight into who is managing their email services.

Understanding how email routing works

Email communication relies heavily on DNS records to determine where messages should go. When you send an email, your mail server performs a lookup to find the recipient's mail exchange (MX) record. This record tells the sending server which mail server is responsible for accepting emails for that domain.

Alongside MX records, Sender Policy Framework (SPF) records are vital. An SPF record is a TXT record that lists which mail servers are authorized to send email on behalf of a domain. It helps prevent email spoofing and phishing by allowing receiving mail servers to verify that an email claiming to come from a specific domain is actually sent from an IP address authorized by that domain's administrators.

These DNS records, particularly MX records, often contain clues about the underlying email provider. If a company uses a third-party service like Gmail or Yahoo, their MX records will typically point to mail servers owned by those providers. Understanding these records is the first step in determining who hosts a company's email.

DNS lookup commandsbash

dig MX example.com
dig TXT example.com

Checking MX and SPF records

The most straightforward way to identify an email provider is by performing a DNS MX record lookup. Many online tools allow you to do this by simply entering the domain name. For example, if a company uses

Google Workspace, their MX records will typically point to Google's mail servers, such as gmail-smtp-in.l.google.com.

Similarly, SPF records can reveal the sending infrastructure. These records often include directives like include:spf.protection.outlook.com for

Microsoft 365 or include:_spf.google.com for Google Workspace. These include mechanisms explicitly state which third-party services are authorized to send email on behalf of the domain, offering a clear indication of their email provider.

Keep in mind that while MX records primarily indicate the receiving mail server, SPF records are more indicative of the sending infrastructure. Often, companies use the same provider for both, but it's not a strict rule. Using a trusted ISP list can further help in identifying the provider from the record results.

For a quick check, you can use online DNS lookup tools. Many provide detailed breakdowns of MX and SPF records, highlighting the associated mail hosts. This can give you an immediate answer if the company uses a well-known service like Gmail,

Outlook, or Yahoo Mail.

Provider	Common MX record pattern	Common SPF record pattern
Gmail (Google Workspace)	*-smtp-in.l.google.com	include:_spf.google.com
Yahoo Mail	mx.mail.yahoo.com	include:spf.mail.yahoo.com
Outlook (Microsoft 365)	*-protection.outlook.com	include:spf.protection.outlook.com

Navigating complexities and deeper dives

Sometimes, simply checking MX or SPF records isn't enough. Some companies use white-label services where the MX records point to generic hostnames, masking the true underlying provider. In such cases, a deeper investigation is required. This might involve looking up the IP addresses of the MX hosts and then performing reverse DNS lookups or checking IP block ownership.

Advanced techniques include connecting directly to the mail server on port 25 (SMTP) and observing the server banner. The banner often contains information about the mail server software and potentially the provider. Additionally, examining the server's TLS certificate can sometimes reveal the true host. These steps are more technical and may not always yield definitive results, especially with highly customized or self-hosted setups.

This granular investigation is part of how you determine an email sending platform. However, in some complex scenarios, even these methods may not provide a clear answer, and you might have to accept that the underlying provider remains opaque. Identifying whether an email address is a Google Workspace account can sometimes also be tricky due to custom configurations.

Direct clues

MX records: Directly point to provider's mail servers (e.g., google.com). This is the most common and often quickest indicator.
SPF records: Explicitly list authorized sending IPs or include directives for third-party services.

Deeper investigation

Reverse DNS and IP ownership: Look up IPs from MX records to see who owns the IP block.
SMTP banner and TLS certificates: Connect to the mail server to check introductory messages and certificate details for clues.

Impact on email deliverability and security

Understanding a company's underlying email provider is not just a technical exercise, it has significant implications for email deliverability and security. Knowing which provider handles their mail helps you anticipate potential deliverability challenges. For instance, if they use

Yahoo, you might consult guides on Yahoo's blacklists (or blocklists) to understand specific requirements.

The major providers, like

Gmail and

Yahoo, frequently update their sending requirements and spam filtering algorithms. If you know a company is relying on one of these, you can better understand their email authentication practices and how their messages might be judged by these systems. This insight helps prevent your emails from going to spam.

From a security perspective, knowing the provider can help in identifying phishing attempts. For example, if an email claims to be from a company that uses

Google Workspace but the email headers indicate a different sending service, it's a red flag. This knowledge is an essential part of verifying the identity of an email.

Why understanding the email provider matters

Deliverability: Different providers have unique spam filters and reputation metrics (e.g., Google Postmaster Tools).
Compliance: Essential for adhering to provider-specific sending policies and DMARC reporting changes.
Security: Helps in identifying suspicious emails or potential phishing attempts based on expected infrastructure.

Views from the trenches

Best practices

Always verify MX records first, as they are the primary indicator of the inbound mail server.

Cross-reference MX records with SPF records to get a full picture of both inbound and outbound mail handling.

Use multiple lookup tools to confirm findings and account for potential DNS propagation delays.

Be aware that companies may use different providers for sending and receiving emails.

Common pitfalls

Relying solely on generic IP block ownership without checking specific mail server banners or TLS certificates.

Mistaking a marketing ESP's SPF include for the primary mail provider.

Not considering white-label services that obscure the true underlying provider.

Assuming self-hosted email if MX records point to internal-looking hostnames without further investigation.

Expert tips

For complex cases, connect via telnet to port 25 of the mail server and observe the SMTP banner.

Investigate the reverse DNS (PTR record) of the MX server's IP address for provider clues.

Examine the Subject Alternative Name (SAN) fields in the mail server's TLS certificate.

Look for CNAME records that might point to a provider's domain for other services, hinting at their email provider.

Expert view

Expert from Email Geeks says checking the MX record is the most effective initial step, as it directly indicates the email receiving infrastructure.

2023-09-15 - Email Geeks

Marketer view

Marketer from Email Geeks says they found success by also reviewing SPF records, as these often reveal third-party sending services that aren't immediately obvious from MX records alone.

2024-01-20 - Email Geeks

Summary: identifying email infrastructure

Determining if a company's email is powered by

Gmail,

Yahoo, or another provider is a multi-step process. It starts with simple DNS lookups, primarily MX and SPF records, which often provide clear indications of the underlying infrastructure. For more complex cases, such as those involving white-label services or self-hosted solutions, a deeper dive into IP addresses, reverse DNS, and even direct server communication may be necessary.

This insight is crucial for maintaining good email deliverability, especially with the evolving requirements from major mailbox providers. It also plays a significant role in identifying and mitigating security threats like phishing, by allowing you to cross-verify the authenticity of an email's origin.

By applying these methods, you can gain a clearer understanding of how companies manage their email communications, which ultimately helps you ensure your messages reach their intended recipients and that you're interacting with legitimate senders. Tools for identifying a mailbox provider are readily available to assist in this process.