I analyzed stripe.com and github.com — their DNS reveals their email provider, hiring tools, and security posture

# mcp# api# security# webdev
I analyzed stripe.com and github.com — their DNS reveals their email provider, hiring tools, and security postureJohn Leslie

I can tell you Stripe uses Greenhouse for hiring before they have posted a job listing. I can tell...

I can tell you Stripe uses Greenhouse for hiring before they have posted a job listing. I can tell you GitHub runs Zendesk for support and Marketo for marketing automation. All from a single DNS query.

Every domain broadcasts its infrastructure to the world through DNS records, SSL certificates, and HTTP headers. Most people never look. I built DomainIntel — a free API that reads all of it in one call. No API key, no signup.

Try it on your own company right now:

curl "https://domainintel.vercel.app/api/lookup?domain=yourcompany.com"
Enter fullscreen mode Exit fullscreen mode

Here is what it found on two companies everyone knows.

Stripe.com: lean stack, strict security

Mail provider: Google Workspace

SPF record reveals their outbound email stack:

  • spf1.stripe.com — transactional email (their own infrastructure)
  • greenhouse-outbound-mail.stripe.comGreenhouse (applicant tracking for hiring)
  • _spf.qualtrics.comQualtrics (surveys and feedback collection)

Three services. That is a deliberately lean setup for a company processing billions in payments.

DMARC policy: p=reject — the strictest setting possible. Any email claiming to be from stripe.com that fails authentication gets rejected outright, never delivered. This is what you want to see from a company handling your payment data.

GitHub.com: massive footprint, softer security

Mail provider: Microsoft 365

SPF record tells a very different story:

  • spf.protection.outlook.com — Microsoft 365 (primary email)
  • _netblocks.google.com — Google (likely legacy or marketing)
  • mail.zendesk.comZendesk (customer support)
  • _spf.salesforce.comSalesforce (CRM)
  • servers.mcsv.netMailchimp (newsletters)
  • mktomail.comMarketo (marketing automation)
  • sendgrid.netSendGrid (transactional email)

Seven authorized email senders. Each one is a potential phishing vector — an attacker who compromises any of these services can send email that passes GitHub's SPF checks. This is the tradeoff of a large enterprise stack: more capability, more surface area.

DMARC policy: p=quarantine — suspicious emails get flagged but not rejected. Less strict than Stripe. For a company that is the target of constant phishing campaigns (fake GitHub security alerts are one of the most common phishing templates), this is a notable choice.

WHOIS: MarkMonitor registrar (the enterprise-grade registrar used by most Fortune 500 companies). Domain age: 18+ years, created October 2007.

SSL: Sectigo certificate with 75 days until expiry.

The comparison matters

Stripe authorizes 3 email senders with a reject policy. GitHub authorizes 7 with a quarantine policy. This is not random — it reflects fundamentally different security philosophies. Stripe optimizes for minimum attack surface. GitHub optimizes for operational flexibility at the cost of a wider trust perimeter.

If you were evaluating either company as a vendor, this single API call tells you more about their security posture than their marketing page does.

A practical walkthrough: vendor evaluation

Say you are evaluating a B2B SaaS company as a potential vendor. You run their domain:

curl "https://domainintel.vercel.app/api/lookup?domain=example-vendor.com"
Enter fullscreen mode Exit fullscreen mode

What to look for:

  • Google Workspace or Microsoft 365 in the mail providers — real company with proper email infrastructure
  • Marketo or HubSpot in SPF — they have a marketing team, likely 50+ employees
  • DMARC set to none or missing — red flag, not protecting against email spoofing
  • SSL certificate expiring in under 30 days — operational hygiene issue
  • Domain age under 1 year — proceed with extra caution

One call, 5 data points, a much clearer picture than a LinkedIn search.

Connect it

REST API (no auth, free):

curl "https://domainintel.vercel.app/api/lookup?domain=stripe.com"
Enter fullscreen mode Exit fullscreen mode

MCP server for Claude, Cursor, or VS Code — add to your config:

{
  "mcpServers": {
    "domainintel": {
      "url": "https://domainintel.vercel.app/api/mcp"
    }
  }
}
Enter fullscreen mode Exit fullscreen mode

5 tools available: whois_lookup, dns_lookup, ssl_check, tech_stack, full_report

Free. No API key. Try it on any domain.