id: mx-service-detector info: name: E-mail service detector author: binaryfigments severity: info description: Check the email service or spam filter that is used for a domain. tags: dns dns: - name: "{{FQDN}}" type: MX matchers-condition: or matchers: - type: word name: "Office 365" words: - "mail.protection.outlook.com" - type: word name: "Google Apps" words: - "aspmx2.googlemail.com" - "aspmx3.googlemail.com" - "alt1.aspmx.l.google.com" - "alt2.aspmx.l.google.com" - "aspmx.l.google.com" - type: word name: "ProtonMail" words: - "mail.protonmail.ch" - "mailsec.protonmail.ch" - type: word name: "Zoho Mail" words: - "mx.zoho.eu" - "mx2.zoho.eu" - "mx3.zoho.eu" - type: word name: "ForcePoint Email Security" words: - "in.mailcontrol.com" - type: word name: "E-Zorg NL" words: - "spamfilter02.ezorg.nl" - "spamfilter01.ezorg.nl" - "spamfilter.ezorg.nl" - "spamfilter03.ezorg.nl" - type: word name: "Kerio Cloud EU" words: - "mx1.eu1.kerio.cloud" - "mx2.eu1.kerio.cloud" - type: word name: "Kerio Cloud US" words: - "mx1.us1.kerio.cloud" - "mx2.us1.kerio.cloud" - "mx3.us1.kerio.cloud" - type: word name: "Proofpoint EU" words: - "mx1-eu1.ppe-hosted.com" - "mx2-eu1.ppe-hosted.com" - type: word name: "Proofpoint US" words: - "mx1-us1.ppe-hosted.com" - "mx2-us1.ppe-hosted.com"