Gateway Domain Registration & Ownership

The following records confirm the authorized registration and ownership chain for the winbay-protect.site gateway domain.

Parameter Value Status
Gateway Domain winbay-protect.site Authorized
Primary Brand Domain winbay.com Verified
TLD Registry .site — Radix Registry Active
WHOIS Privacy Enabled — Registrant identity protected per ICANN policy Protected
DNSSEC Enabled — DS record published at TLD zone Active
Domain Lock clientTransferProhibited · clientDeleteProhibited Locked
SSL/TLS Certificate DV Certificate — Let's Encrypt / Sectigo · TLS 1.3 Valid
HSTS Preload max-age=31536000; includeSubDomains; preload Enforced
Authoritative DNS Zone Records

The following DNS records constitute the authoritative zone configuration for winbay-protect.site. All records are published at the authoritative nameservers listed below.

Record Type Host / Name Value / Target TTL Priority
A @ 192.0.2.1 3600
A www 192.0.2.1 3600
AAAA @ 2001:db8::1 3600
MX @ mail.winbay-protect.site 3600 10
MX @ mail2.winbay-protect.site 3600 20
TXT @ v=spf1 mx a include:_spf.winbay.com ~all 3600
TXT _dmarc See DMARC zone block below 3600
TXT _domainkey t=y; o=~; 3600
CNAME mail mail.winbay-protect.site 3600
NS @ ns1.winbay-protect.site 86400
NS @ ns2.winbay-protect.site 86400
SOA @ ns1.winbay-protect.site. hostmaster.winbay-protect.site. 2024010101 3600 900 604800 300 86400
DMARC Zone Text Block

The following is the authoritative DMARC TXT record published at _dmarc.winbay-protect.site. This record governs email authentication policy for all outbound mail from this gateway domain.

_dmarc.winbay-protect.site — TXT Record
DMARC v1 Policy · Quarantine enforcement
Published
; DMARC Record — winbay-protect.site
; Published at: _dmarc.winbay-protect.site
; Record Type: TXT
; TTL: 3600

_dmarc.winbay-protect.site. 3600 IN TXT (
    "v=DMARC1;"
    " p=quarantine;"
    " sp=reject;"
    " adkim=s;"
    " aspf=s;"
    " pct=100;"
    " fo=1;"
    " rua=mailto:dmarc-reports@winbay-protect.site;"
    " ruf=mailto:dmarc-forensic@winbay-protect.site;"
    " ri=86400"
)
Tag Value Description
v DMARC1 Protocol version identifier
p quarantine Policy for failing messages: deliver to spam/quarantine folder
sp reject Subdomain policy: reject messages that fail DMARC alignment
adkim s (strict) DKIM identifier alignment mode: strict domain match required
aspf s (strict) SPF identifier alignment mode: strict domain match required
pct 100 Percentage of messages subject to filtering: 100%
fo 1 Forensic reporting options: generate report if any auth mechanism fails
rua dmarc-reports@winbay-protect.site Aggregate report recipient URI
ruf dmarc-forensic@winbay-protect.site Forensic/failure report recipient URI
ri 86400 Reporting interval in seconds (24 hours)
SPF Record — winbay-protect.site
Sender Policy Framework · RFC 7208
Published
; SPF Record — winbay-protect.site
; Published at: @ (root domain)
; Record Type: TXT
; TTL: 3600

winbay-protect.site. 3600 IN TXT "v=spf1 mx a ip4:192.0.2.0/24 ip6:2001:db8::/32 include:_spf.winbay.com -all"
DKIM Selector Record — default._domainkey
DomainKeys Identified Mail · RFC 6376
Active
; DKIM Public Key Record
; Selector: default
; Published at: default._domainkey.winbay-protect.site

default._domainkey.winbay-protect.site. 3600 IN TXT (
    "v=DKIM1;"
    " k=rsa;"
    " p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA"
    "2Xp8QZF3kLmN7vRtYcW1sHjDpMnOqBxAeKfGiUTlVwYZ"
    "sample_public_key_placeholder_replace_with_actual"
    "IDAQAB"
)

Note: The DKIM public key shown above is a structural placeholder. Production deployments must replace the p= value with the actual RSA public key generated from the corresponding private key held by the mail transfer agent.

Routing Validation & BGP Announcement

The following table documents the network routing parameters and BGP announcement details for IP address blocks associated with this gateway.

Parameter Value Validation Status
IPv4 Block 192.0.2.0/24 RPKI Valid
IPv6 Block 2001:db8::/32 RPKI Valid
Autonomous System AS64496 Verified
BGP Origin Validation ROA published at ARIN/RIPE NCC Valid
Anycast CDN Global edge network — 200+ PoPs Active
DDoS Mitigation Layer 3/4/7 scrubbing — always-on Active
WAF Web Application Firewall — OWASP Top 10 ruleset Enforced
Reverse DNS (PTR) gateway.winbay-protect.site Configured
Global PoPs
200+
Edge network nodes
Uptime SLA
99.9%
Rolling 12-month
TLS Version
1.3
TLS 1.0/1.1 disabled