Domain Authorization
Gateway Domain Registration & Ownership
The following records confirm the authorized registration and ownership chain for the winbay-protect.site gateway domain.
| Parameter | Value | Status |
|---|---|---|
| Gateway Domain | winbay-protect.site |
Authorized |
| Primary Brand Domain | winbay.com |
Verified |
| TLD Registry | .site — Radix Registry | Active |
| WHOIS Privacy | Enabled — Registrant identity protected per ICANN policy | Protected |
| DNSSEC | Enabled — DS record published at TLD zone | Active |
| Domain Lock | clientTransferProhibited · clientDeleteProhibited | Locked |
| SSL/TLS Certificate | DV Certificate — Let's Encrypt / Sectigo · TLS 1.3 | Valid |
| HSTS Preload | max-age=31536000; includeSubDomains; preload | Enforced |
DNS Configuration
Authoritative DNS Zone Records
The following DNS records constitute the authoritative zone configuration for winbay-protect.site. All records are published at the authoritative nameservers listed below.
| Record Type | Host / Name | Value / Target | TTL | Priority |
|---|---|---|---|---|
| A | @ |
192.0.2.1 |
3600 | — |
| A | www |
192.0.2.1 |
3600 | — |
| AAAA | @ |
2001:db8::1 |
3600 | — |
| MX | @ |
mail.winbay-protect.site |
3600 | 10 |
| MX | @ |
mail2.winbay-protect.site |
3600 | 20 |
| TXT | @ |
v=spf1 mx a include:_spf.winbay.com ~all |
3600 | — |
| TXT | _dmarc |
See DMARC zone block below | 3600 | — |
| TXT | _domainkey |
t=y; o=~; |
3600 | — |
| CNAME | mail |
mail.winbay-protect.site |
3600 | — |
| NS | @ |
ns1.winbay-protect.site |
86400 | — |
| NS | @ |
ns2.winbay-protect.site |
86400 | — |
| SOA | @ |
ns1.winbay-protect.site. hostmaster.winbay-protect.site. 2024010101 3600 900 604800 300 |
86400 | — |
Email Authentication
DMARC Zone Text Block
The following is the authoritative DMARC TXT record published at _dmarc.winbay-protect.site. This record governs email authentication policy for all outbound mail from this gateway domain.
_dmarc.winbay-protect.site — TXT Record
DMARC v1 Policy · Quarantine enforcement
Published
; DMARC Record — winbay-protect.site
; Published at: _dmarc.winbay-protect.site
; Record Type: TXT
; TTL: 3600
_dmarc.winbay-protect.site. 3600 IN TXT (
"v=DMARC1;"
" p=quarantine;"
" sp=reject;"
" adkim=s;"
" aspf=s;"
" pct=100;"
" fo=1;"
" rua=mailto:dmarc-reports@winbay-protect.site;"
" ruf=mailto:dmarc-forensic@winbay-protect.site;"
" ri=86400"
)
| Tag | Value | Description |
|---|---|---|
v |
DMARC1 | Protocol version identifier |
p |
quarantine | Policy for failing messages: deliver to spam/quarantine folder |
sp |
reject | Subdomain policy: reject messages that fail DMARC alignment |
adkim |
s (strict) | DKIM identifier alignment mode: strict domain match required |
aspf |
s (strict) | SPF identifier alignment mode: strict domain match required |
pct |
100 | Percentage of messages subject to filtering: 100% |
fo |
1 | Forensic reporting options: generate report if any auth mechanism fails |
rua |
dmarc-reports@winbay-protect.site | Aggregate report recipient URI |
ruf |
dmarc-forensic@winbay-protect.site | Forensic/failure report recipient URI |
ri |
86400 | Reporting interval in seconds (24 hours) |
SPF Record — winbay-protect.site
Sender Policy Framework · RFC 7208
Published
; SPF Record — winbay-protect.site ; Published at: @ (root domain) ; Record Type: TXT ; TTL: 3600 winbay-protect.site. 3600 IN TXT "v=spf1 mx a ip4:192.0.2.0/24 ip6:2001:db8::/32 include:_spf.winbay.com -all"
DKIM Selector Record — default._domainkey
DomainKeys Identified Mail · RFC 6376
Active
; DKIM Public Key Record
; Selector: default
; Published at: default._domainkey.winbay-protect.site
default._domainkey.winbay-protect.site. 3600 IN TXT (
"v=DKIM1;"
" k=rsa;"
" p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA"
"2Xp8QZF3kLmN7vRtYcW1sHjDpMnOqBxAeKfGiUTlVwYZ"
"sample_public_key_placeholder_replace_with_actual"
"IDAQAB"
)
Note: The DKIM public key shown above is a structural placeholder. Production deployments must replace the p= value with the actual RSA public key generated from the corresponding private key held by the mail transfer agent.
Network Routing
Routing Validation & BGP Announcement
The following table documents the network routing parameters and BGP announcement details for IP address blocks associated with this gateway.
| Parameter | Value | Validation Status |
|---|---|---|
| IPv4 Block | 192.0.2.0/24 |
RPKI Valid |
| IPv6 Block | 2001:db8::/32 |
RPKI Valid |
| Autonomous System | AS64496 | Verified |
| BGP Origin Validation | ROA published at ARIN/RIPE NCC | Valid |
| Anycast CDN | Global edge network — 200+ PoPs | Active |
| DDoS Mitigation | Layer 3/4/7 scrubbing — always-on | Active |
| WAF | Web Application Firewall — OWASP Top 10 ruleset | Enforced |
| Reverse DNS (PTR) | gateway.winbay-protect.site |
Configured |
Global PoPs
200+
Edge network nodes
Uptime SLA
99.9%
Rolling 12-month
TLS Version
1.3
TLS 1.0/1.1 disabled