Skip to main content
DNS Tool
Executive's DNS Intelligence Brief
Generated 27 May 2026, 21:48 UTC
Duration 60.5s
Version v26.48.10
Integrity 3a28352c3ade883c2c00b891f853f6734fa4847aed7600050c67e4826f93d44431b7e60cb42a678e970653e17f37200678ce5685f1b1ff63dba1eb27aa87bc96
Subject Domain
paubox.com

Executive's DNS Intelligence Brief

Board-level domain security assessment — paubox.com

27 May 2026, 21:48 UTC · 60.5s · SHA-3-512: 3a28✱✱✱✱ Verify ·Archived
Engineer
DNS Security & Trust Posture
Risk Level: Low Risk
6 protocols configured, 3 not configured
Analysis Confidence
MODERATE
Resolver agreement is inconsistent for some protocols, limiting confidence. Data currency and system maturity are adequate.
Email Spoofing
Protected
Brand Impersonation
Basic
DNS Tampering
Enterprise
Certificate Control
Configured
What Requires Attention
No urgent actions detected. Domain security posture is well-maintained.
The BIG Questions
Can this domain be impersonated by email? No SPF and DMARC reject policy enforced
Can DNS itself be tampered with? Possible DNSSEC is not deployed, DNS responses are not cryptographically verified
Can this brand be convincingly faked? No DMARC reject policy enforced (RFC 7489 §6.3), BIMI brand verification active (BIMI Spec), and certificate issuance restricted by CAA (RFC 8659 §4) — all three brand-faking vectors addressed
Is mail transport encryption enforced? Partially TLS reporting is configured but no transport enforcement policy is active
Is certificate issuance controlled? Yes CAA records restrict which certificate authorities may issue certificates
Does this domain publish AI agent instructions? Yes llms.txt published — AI models receive structured context about this domain
Is AI crawling of our content controlled? No robots.txt present but does not block AI crawlers — content may be freely scraped
Has someone manipulated AI recommendations about us? No No indicators of AI recommendation manipulation found
Are there hidden AI prompts on our site? No No hidden prompt artifacts found in page source
Domain Overview
Registrar Amazon Registrar, Inc.
Email Provider Self-hosted
Web Hosting Unknown
DNS Hosting Amazon Route 53

Technical Findings

Email Authentication
Can this domain be impersonated by email? No — SPF and DMARC reject policy enforced
SPF (Sender Policy) Configured
DMARC (Policy) Configured Policy: reject
DKIM (Signatures) Configured
Mail Posture Strongly Protected
Mail Transport Security
Is mail transport encryption enforced? Partially — TLS reporting is configured but no transport enforcement policy is active
MTA-STS Partial
DANE / TLSA Hosted Provider No DANE/TLSA records found (checked 1 MX host)
TLS-RPT (Reporting) Configured
Mail Transport Monitoring Policy-assessed 2 probes
DNS Security
Can DNS itself be tampered with? Possible — DNSSEC is not deployed, DNS responses are not cryptographically verified
DNSSEC Partial
DNSSEC not configured - DNS responses are unsigned
NS Delegation Healthy Managed DNS
Delegation Consistency 1 Issue
NS Fleet Health Healthy Diversity: Fair
Brand & Certificate Controls
Can this brand be convincingly faked? No — DMARC reject policy enforced (RFC 7489 §6.3), BIMI brand verification active (BIMI Spec), and certificate issuance restricted by CAA (RFC 8659 §4) — all three brand-faking vectors addressed
Is certificate issuance controlled? Yes — CAA records restrict which certificate authorities may issue certificates
BIMI (Brand Logo) Configured
CAA (Certificate) Configured
AI Surface Scanner Governance Active
Does this domain publish AI agent instructions? Yes — llms.txt published — AI models receive structured context about this domain
Is AI crawling of our content controlled? No — robots.txt present but does not block AI crawlers — content may be freely scraped
Has someone manipulated AI recommendations about us? No — No indicators of AI recommendation manipulation found
Are there hidden AI prompts on our site? No — No hidden prompt artifacts found in page source
LLM Context File llms.txt Found Domain provides structured context for AI models
AI Crawler Governance Not Blocking No AI crawler restrictions found in robots.txt
Poisoning Indicators None Found No AI recommendation poisoning indicators detected
Hidden Prompt Artifacts None Found No hidden prompt artifacts detected
Public Exposure Clear No secrets detected in publicly accessible source
Priority Actions 2 total Achievable: Secure
Medium Enable DNSSEC

DNSSEC is not enabled for this domain. DNSSEC provides cryptographic authentication of DNS responses, preventing cache poisoning and DNS spoofing attacks.

Low Deploy MTA-STS

MTA-STS enforces TLS encryption for inbound mail delivery, preventing downgrade attacks on your mail transport.

Appendix — Additional Resources

Full technical details including raw DNS records, DKIM public keys, IP/ASN mappings, resolver consensus evidence, and verification commands are available in the Engineer's DNS Intelligence Report.

View Engineer's DNS Intelligence Report

Appendix — What AIs Are Being Told About This Organization What do AI systems see when they query this domain?

The following content is served to AI systems (ChatGPT, Gemini, Claude, Perplexity, and others) when they visit this domain. This is the organization's machine-readable narrative — it shapes how AI models describe, recommend, and represent this brand in conversations worldwide.

llms.txt (https://paubox.com/llms.txt)
# Paubox

> Paubox is a leader in HIPAA compliant email security for healthcare organizations across the United States. Trusted by more than 8,000 organizations, Paubox works with your existing platform to secure every email sent and received — no portals, passwords, or plugins required. The product suite includes Paubox Email Suite (outbound encryption, inbound threat protection, archiving, and DLP), Paubox Marketing (HIPAA compliant email campaigns), Paubox Forms (secure patient data collection), and the Paubox Email API for developers. Paubox is HITRUST certified and holds multiple patents on its email encryption approach. This file contains product documentation, developer API references, and Paubox's original research database on healthcare email security.

Paubox Email Suite is the core HIPAA compliant email product for healthcare organizations — works inside Gmail and Microsoft Outlook with no plugins, portals, or passwords required. Three plans: Standard (outbound encryption, SPF/DKIM/DMARC, calendar invites, forms, BAA, 99.99% SLA), Plus (adds AI-powered inbound threat protection: phishing, BEC, malware, QR code scanning, ExecProtect+, voicemail transcription), Premium (adds archiving and DLP). HITRUST certified. Customers include mental health practices, specialty clinics, hospitals, home health agencies, pharmaceutical companies, and medical device companies.

Paubox Marketing is a HIPAA compliant email marketing platform allowing healthcare providers to send personalized campaigns using PHI directly to patient inboxes. Features include drag-and-drop builder, audience segmentation, drip campaigns, campaign analytics, and BAA. Paubox Forms is a HIPAA compliant online form builder included free with any paid Paubox subscription — supports intake forms, consent forms, file uploads up to 50MB, and e-signatures.

Paubox APIs allow developers to programmatically send HIPAA compliant encrypted email without recipient portals or passwords. The Email API supports REST and SMTP (host: smtp.paubox.com, port 587), token-based auth, free tier of 300 emails/month, and SDKs for C#, Java, Python 3, PHP, Ruby, Rails, Node.js, and Perl. The Marketing API covers subscribers, lists, campaigns, drip sequences, and analytics.

Paubox publishes monthly original research reports on healthcare email security and HIPAA compliance, derived from primary surveys of healthcare IT leaders. Key statistics: 170 email-related breaches in healthcare in 2025 (20% increase from 2024), affecting 2.5 million individuals. 60% of healthcare orgs admit email security is inadequate. 89% of IT leaders say AI is critical for threat detection but only 44% use it. 85% suspect staff use unauthorized AI tools but only 26% have visibility. Average healthcare data breach cost: $10.93 million. Machine-readable research database: https://www.paubox.com/hubfs/Report%20Assets/paubox-research-db.json

## Paubox Email Suite

- [Product overview](https://www.paubox.com/products/paubox-email-suite): Full product details for Paubox Email Suite including plans, features, and how it works
- [Inbound email security](https://www.paubox.com/products/inbound-security): AI-powered protection against phishing, BEC, malware, and impersonation attacks
- [Email archiving](https://www.paubox.com/archiving): Secure, searchable email archive for compliance, e-discovery, and retention
- [Data loss prevention](https://www.paubox.com/products/dlp): DLP policies that detect and block risky outbound and inbound messages
- [Pricing](https://www.paubox.com/pricing/paubox-email-suite): Standard, Plus, and Premium plan pricing
- [Blog and knowledge base](https://www.paubox.com/blog): HIPAA compliance guides, email security articles, and product updates
- [Customer stories](https://www.paubox.com/customer-stories): Case studies from healthcare organizations using Paubox

## Paubox Marketing

- [Product page](https://www.paubox.com/products/paubox-marketing): HIPAA compliant email marketing platform overview and features
- [Pricing](https://www.paubox.com/pricing/paubox-marketing): Paubox Marketing plan pricing

## Paubox Forms

- [Product page](https://www.paubox.com/products/paubox-forms): HIPAA compliant online forms — drag-and-drop builder, file uploads, e-signatures

## Paubox Email API

- [Quickstart Guide](https://docs.paubox.com/paubox_email_api/docs/quickstart): Get started sending HIPAA compliant email via the REST API
- [General Information](https://docs.paubox.com/paubox_email_api/docs/introduction): Authentication, base URL, and HTTP response codes
- [SMTP API](https://docs.paubox.com/paubox_email_api/docs/smtp-api): SMTP configuration — host smtp.paubox.com, port 587, username apikey
- [Webhooks](https://docs.paubox.com/paubox_email_api/docs/webhooks): Event types — delivered, opened, temporary failure, permanent failure
- [Limits and Overage Rates](https://docs.paubox.com/paubox_email_api/docs/limits-and-overage-rates): Email volume tiers and overage pricing

## Paubox Marketing API

- [General Information](https://docs.paubox.com/paubox_marketing_api/docs/general-information): Authentication and base URL for the Marketing API
- [Analytics](https://docs.paubox.com/docs/paubox_marketing_api/analytics/): Campaign stats — delivered, viewed, clicked, bounced
- [Campaign Mailings](https://docs.paubox.com/docs/paubox_marketing_api/campaign_mailings/): GET and POST campaign emails
- [Drip Campaigns](https://docs.paubox.com/docs/paubox_marketing_api/drip_campaigns/): Create and manage automated drip sequences
- [Subscribers](https://docs.paubox.com/docs/paubox_marketing_api/subscribers/): GET, POST, and PATCH subscriber records
- [Subscription Lists](https://docs.paubox.com/docs/paubox_marketing_api/subscription_lists/): Create and manage lists and memberships
- [Tracking Links](https://docs.paubox.com/docs/paubox_marketing_api/tracking_links/): Link tracking configuration

## Research Reports

- [The Healthcare Email Security Report (March 2025)](https://www.paubox.com/hubfs/Report%20Assets/20250307_REPORT_StateofSecurity.pdf): Email security, phishing, breach causes, encryption, HIPAA
- [Healthcare Email Security Report — Executive Summary (March 2025)](https://www.paubox.com/hubfs/Report%20Assets/20250307_REPORT_StateofSecurity_Exec.pdf): Executive summary of the March 2025 report
- [60% of Healthcare Orgs Admit Email Security Failure (April 2025)](https://www.paubox.com/hubfs/Report%20Assets/IT%20Survey%20Report/20250331_REPORT_The%20hidden%20cost%20of%20inaction-3.pdf): Email security inadequacy, PHI exposure, IT infrastructure, operational burden
- [60% Report — Executive Summary (April 2025)](https://www.paubox.com/hubfs/Report%20Assets/IT%20Survey%20Report/20250331_REPORT_The%20hidden%20cost%20of%20inaction_ES.pdf): Executive summary of the April 2025 report
- [Healthcare IT Is Dangerously Overconfident About Email Security (June 2025)](https://www.paubox.com/hubfs/Report%20Assets/Healthcare%20IT%20is%20dangerously%20overconfident%20about%20email%20security%20Report/PAUBOX%20REPORT%20Healthcare%20IT%20is%20dangerously%20overconfident%20about%20email%20security.pdf): AI adoption gap, security budget, HIPAA, overconfidence in security posture
- [Overconfident IT Report — Executive Summary (June 2025)](https://www.paubox.com/hubfs/Report%20Assets/Healthcare%20IT%20is%20dangerously%20overconfident%20about%20email%20security%20Report/ES%20Healthcare%20IT%20is%20dangerously%20overconfident%20about%20email%20security.pdf): Executive summary of the June 2025 overconfidence report
- [How Microsoft and Google Put PHI at Risk (June 2025)](https://www.paubox.com/hubfs/Report%20Assets/How%20Microsoft%20and%20Google%20put%20PHI%20at%20risk/REPORT%20How%20Microsoft%20and%20Google%20put%20PHI%20at%20risk.pdf): Microsoft 365, Google Workspace, TLS encryption, PHI exposure, shared responsibility model
- [Microsoft and Google PHI Risk — Executive Summary (June 2025)](https://www.paubox.com/hubfs/Report%20Assets/How%20Microsoft%20and%20Google%20put%20PHI%20at%20risk/ES%20How%20Microsoft%20and%20Google%20put%20PHI%20at%20risk.pdf): Executive summary of the Microsoft and Google PHI risk report
- [Rural Healthcare Left Vulnerable to Cyber Attacks (July 2025)](https://www.paubox.com/hubfs/Report%20Assets/RPT.202507.RuralHealthcareAtRisk/RPT.202507.RuralHealthcare.pdf): Rural healthcare, infrastructure gaps, phishing, resource constraints, urban vs rural comparison
- [Rural Healthcare Report — Executive Summary (July 2025)](https://www.paubox.com/hubfs/Report%20Assets/RPT.202507.RuralHealthcareAtRisk/RPT.202507.RuralHealthcareAtRisk.ES.pdf): Executive summary of the rural healthcare report
- [What Small Healthcare Practices Get Wrong About HIPAA and Email Security (August 2025)](https://www.paubox.com/hubfs/Report%20Assets/RPT.202508.SMB/RPT.202508.SMB.pdf): SMB healthcare, small practices, HIPAA compliance, email security basics
- [SMB Report — Executive Summary (August 2025)](https://www.paubox.com/hubfs/Report%20Assets/RPT.202508.SMB/RPT.202508.SMB%20ES.pdf): Executive summary of the small practices report
- [2025 Mid-Year Breach Report (September 2025)](https://www.paubox.com/hubfs/Report%20Assets/RPT.202509.MidYearBreachRecap/RPT.202508.MidYearBreachRecap.pdf): Breach analysis, breach landscape, SMB vulnerability, enterprise healthcare risk
- [Mid-Year Breach Report — Executive Summary (September 2025)](https://www.paubox.com/hubfs/Report%20Assets/RPT.202509.MidYearBreachRecap/RPT.202508.MidYearBreachRecap%20ES.pdf): Executive summary of the mid-year breach report
- [Shadow AI Is Outpacing Healthcare Email Security (October 2025)](https://www.paubox.com/hubfs/Report%20Assets/RPT.202510.ShadowAI/RPT.202510.ShadowAI.pdf): Shadow AI, unauthorized AI tools, AI governance, compliance risk, visibility gaps
- [Shadow AI Report — Executive Summary (October 2025)](https://www.paubox.com/hubfs/Report%20Assets/RPT.202510.ShadowAI/RPT.202510.ShadowAI%20ES.pdf): Executive summary of the shadow AI report
- [What Healthcare Gets Wrong About HIPAA and Email Security (November 2025)](https://www.paubox.com/hubfs/Report%20Assets/RPT.202511.HIPAACompliance/RPT.202511.HIPAACompliance.pdf): HIPAA requirements, compliance failures, 2025 regulation changes, email compliance
- [HIPAA Compliance Report — Executive Summary (November 2025)](https://www.paubox.com/hubfs/Report%20Assets/RPT.202511.HIPAACompliance/RPT.202511.HIPAACompliance%20ES.pdf): Executive summary of the HIPAA compliance report
- [Healthcare Email Security Certificate Crisis (December 2025)](https://www.paubox.com/hubfs/Report%20Assets/RPT.202512.Certificates/RPT.202511.Certificates.pdf): TLS certificates, encryption failures, Microsoft, Google, certificate expiration risks
- [Certificate Crisis — Executive Summary (December 2025)](https://www.paubox.com/hubfs/Report%20Assets/RPT.202512.Certificates/RPT.202511.Certificates%20ES.pdf): Executive summary of the certificate crisis report
- [Top 3 Healthcare Attacks in 2025 and How to Defend Against Them (January 2026)](https://www.paubox.com/hubfs/Report%20Assets/RPT.202601.TopAttacks/RPT.202601.TopAttacks.pdf): Phishing, BEC, vendor risk, credential theft, attack defense strategies
- [Top 3 Attacks Report — Executive Summary (January 2026)](https://www.paubox.com/hubfs/Report%20Assets/RPT.202601.TopAttacks/RPT.202601.TopAttacks%20ES.pdf): Executive summary of the top attacks report
- [2026 Healthcare Email Security Report (February 2026)](https://www.paubox.com/hubfs/Report%20Assets/RPT.202602.HealthcareEmailSecurity/RPT.202602.HealthcareEmailSecurity.pdf): 2025 breach data, Microsoft 365 risk, vendor risk, email security trends, predictions
- [2026 Report — Executive Summary (February 2026)](https://www.paubox.com/hubfs/Report%20Assets/RPT.202602.HealthcareEmailSecurity/RPT.202602.HealthcareEmailSecurity%20ES.pdf): Executive summary of the 2026 healthcare email security report

## Optional

- [GitHub SDKs](https://github.com/paubox): Open source SDKs for the Paubox Email API
- [Paubox MCP Server](https://mcp.paubox.com): MCP server for AI agents to send HIPAA compliant email
- [Email API Pricing](https://www.paubox.com/pricing/paubox-email-api): Paubox Email API volume tiers and pricing
- [Support](https://support.paubox.com): Paubox help center and support documentation
- [Main site](https://www.paubox.com): Paubox homepage
Why this matters: This content directly influences how AI models describe your organization, products, and services. Review it for accuracy, brand alignment, and competitive positioning. If no llms.txt exists, AI models rely on whatever they can scrape — with no editorial control.
Verify Report Integrity SHA-3-512 Has this report been tampered with? Verify below

Tamper-evident fingerprint binding this analysis to its data, domain, timestamp, and tool version.

3a28352c3ade883c2c00b891f853f6734fa4847aed7600050c67e4826f93d44431b7e60cb42a678e970653e17f37200678ce5685f1b1ff63dba1eb27aa87bc96
12 RFCs evaluated · DNS state at 27 May 2026, 21:48 UTC
Internet Archive — Permanent Record Wayback Machine

This analysis is permanently archived by the Internet Archive, providing independent third-party verification of DNS security posture at analysis time.

View Archived Snapshot