Domain Intelligence
Last Updated:

Hsbc.com

Safe to Send

Hsbc.com is operated by HSBC Holdings. The domain runs 2 mail exchanges and SMTP is responsive, with all three authentication standards in force.

Safe to Send
Verify Mailbox

Verify @hsbc.com emails

Live SMTP handshake against hsbc.com mail servers. No email is sent. 10 free per day, no signup.

@hsbc.com
No email sent No signup Real-time SMTP

Trusted by 400,000+ senders

4.9/5
From 8,500+ verified reviews
Disposable detection is the strongest I've tested. We were drowning in fake signups before integration. Fraudulent account creation dropped roughly 80% in the first 10 days. Risk score on the lookup pages helps our analysts triage faster too. Elena Reyes · Trust & Safety, Fintech
SOC 2 Type II GDPR CCPA 99.7% Accuracy
Disposable
No
Persistent addresses, not throwaway
SMTP Live
Yes
Mail server responds to SMTP handshake
MX Records
2
Mail exchangers

Mail Exchange (MX) Records for hsbc.com Mail Exchange records. They tell other mail servers which hosts are responsible for receiving email at this domain, in priority order. Lower priority numbers are tried first.

2 RECORDS
#10
mxa-00299f02.gslb.pphosted.com 91.207.212.252
Reachable
#10
mxb-00299f02.gslb.pphosted.com 185.132.180.25
Reachable
SMTP Handshake Simple Mail Transfer Protocol. We open a live SMTP connection to the primary MX and read the greeting banner. A response confirms the mail server is alive and accepting connections. Responsive
BANNER220 mx08-00299f02.pphosted.com ESMTP mfa-m0272943
Primary mail server accepted SMTP connection and returned a banner during the live audit.

hsbc.com Email Authentication SPF · DKIM · DMARC

3/3 PASS
SPF Sender Policy Framework. A DNS record listing which servers are allowed to send mail for this domain. Receivers reject or flag mail from unauthorized servers. Pass
TXTv=spf1 include:%{ir}.%{v}.%{d}.spf.has.pphosted.com include:spf-00299f02.pphosted.com include:spf1.hsbc.com include:spf2.hsbc.com include:spf3.hsbc.com include:spf-002f0603.pphosted.com ~all
Authorized senders are defined and pass SPF policy.
DKIM DomainKeys Identified Mail. The sending server cryptographically signs outbound mail with a private key, and receivers verify the signature using a public key in DNS. Pass
SELECTORDetected via standard selectors
A DKIM signature was detected. Outbound mail from this domain can be cryptographically verified.
DMARC Domain-based Message Authentication, Reporting & Conformance. Tells receivers what to do when SPF or DKIM checks fail: none, quarantine, or reject. Reject
TXTv=DMARC1; p=reject; fo=1; ri=3600; rua=mailto:dmarc_rua@emaildefense.proofpoint.com; ruf=mailto:dmarc_ruf@emaildefense.proofpoint.com
Strict policy. Receivers are instructed to reject any mail that fails SPF or DKIM. The strongest available setting.

hsbc.com Domain Registration WHOIS · Nameservers · Registrar

27 YEARS OLD
RegistrarMarkMonitor, Inc.
IANA ID292
RegisteredJanuary 29, 1999
Last UpdatedDecember 28, 2025
ExpiresJanuary 28, 2028
Age27 years
TLD.com
Authoritative Nameservers (6)
  • ns6.hsbc.com
  • ns20.hsbc.uk
  • ns20.hsbc.net
  • ns21.hsbc.uk
  • ns21.hsbc.net
  • ns3.hsbc.com
Registrant
HSBC Group Management Services Limited
UK
Technical Contact
Hidden by registrar privacy service
About this Domain

About hsbc.com

HSBC Holdings (hsbc.com) is one of the world's largest banking and financial services organizations, headquartered in London, United Kingdom. HSBC serves approximately 39 million customers across 62 countries and territories through its global network. The bank is particularly strong in Asia and operates across retail banking, wealth management, commercial banking, and global banking and markets.

HSBC implements strict email authentication on the hsbc.com domain with SPF, DKIM, and DMARC enforcement. As one of the world's largest banks with global reach, HSBC is among the most impersonated financial brands in phishing attacks, with campaigns targeting customers in multiple languages across dozens of countries. Maximum authentication enforcement is critical.

Email verification against hsbc.com returns definitive responses for valid and invalid mailboxes. The domain does not operate as catch-all. HSBC's globally distributed banking mail infrastructure implements strict rate limiting across all regions.

Delivering to hsbc.com requires flawless sender authentication. Global banking institutions maintain the most demanding email filtering standards. Full SPF, DKIM, and DMARC compliance is mandatory for reliable inbox delivery to HSBC employees.

Other Domains Similar to hsbc.com

Other corporate email domains we've audited. Click any one to see its MX records, authentication, and risk score.

kikkoman.com
Kikkoman Corporation
Active 5 MX · 3/3 Auth
syneos.com
Syneos Health
Active 2 MX · 3/3 Auth
celonis.com
Celonis SE
Active 5 MX · 3/3 Auth
masco.com
Masco Corporation
Active 1 MX · 3/3 Auth
mountsinai.org
Mount Sinai Health System
Active 10 MX · 3/3 Auth
rentech.com
Renaissance Technologies
Down 0 MX · 0/3 Auth
fifa.com
FIFA
Down 0 MX · 2/3 Auth
servicenow.com
ServiceNow Inc.
Active 2 MX · 3/3 Auth
sherwin-williams.com
Sherwin-Williams Company
Active 6 MX · 2/3 Auth
prudential.com
Prudential Financial
Active 7 MX · 2/3 Auth
danone.com
Danone
Active 2 MX · 3/3 Auth
wynn.com
Wynn Resorts
Active 2 MX · 2/3 Auth
coty.com
Coty Inc
Active 2 MX · 2/3 Auth
kirin.com
Kirin Holdings
Active 5 MX · 3/3 Auth
amgen.com
Amgen Inc.
Active 1 MX · 3/3 Auth
ibm.com
IBM Corporation
Active 2 MX · 3/3 Auth
electrolux.com
Electrolux AB
Active 2 MX · 3/3 Auth
mantech.com
ManTech International
Active 5 MX · 3/3 Auth
roche.com
Roche Holding AG
Active 8 MX · 3/3 Auth
iqvia.com
IQVIA Holdings Inc.
Active 1 MX · 3/3 Auth

More Email Verification Tools

Free single-address checks, bulk uploads, and APIs for plugging email verification into your own product.

Free Email Checker
Verify any single email address in real time, no signup required.
Bulk Email Verifier
Upload CSV or TXT lists of millions of addresses and verify them at once.
Real-Time Verification API
Validate addresses at the point of signup with sub-3-second responses.
Unlimited Verification API
Flat-rate API for high-volume senders. No per-check pricing.
API Documentation
REST endpoints, request examples, response codes, and SDKs.
Pricing
Pay-as-you-go credits and unlimited subscription tiers.

Common Questions About hsbc.com

Is hsbc.com a disposable or temporary email provider?
No. hsbc.com is not a disposable email provider. It is classified as Corporate Email operated by HSBC Holdings and addresses on hsbc.com are persistent rather than throwaway. Mail sent to a valid hsbc.com mailbox reaches a real recipient.
How do I verify if a hsbc.com email address is valid?
The fastest way to verify a hsbc.com email address is to use our free email checker. Enter any @hsbc.com mailbox at the top of this page and our system performs a real-time SMTP handshake against hsbc.com's mail servers, confirming whether the mailbox exists, is reachable, and is safe to send to. No email is ever delivered during the check.
Can I check if a hsbc.com email exists without sending a message?
Yes. Our real-time email verification API connects directly to hsbc.com's mail server, opens an SMTP session, and queries the mailbox using the RCPT TO command without ever transmitting an actual email. The server's response confirms whether the hsbc.com mailbox is valid, full, or non-existent. The recipient never receives anything and never sees the check.
What are the MX records for hsbc.com?
hsbc.com currently publishes 2 mail exchange (MX) records. The primary MX is mxa-00299f02.gslb.pphosted.com, which is the first server contacted when other mail systems try to deliver email to a hsbc.com address. The full list with priorities and IP addresses is in the MX Records panel above. MX records tell sending servers where to route email for hsbc.com.
Does hsbc.com use SPF, DKIM, and DMARC email authentication?
hsbc.com enforces all three email authentication standards: SPF, DKIM, and DMARC (policy: reject). This is the gold-standard configuration. It means receivers can verify that mail claiming to come from @hsbc.com is genuine, and hsbc.com's DMARC policy of 'reject' instructs receivers how to handle messages that fail those checks.
Why do emails to hsbc.com bounce or get blocked?
Bounces from hsbc.com usually fall into three buckets: the mailbox doesn't exist (5xx user unknown), the inbox is full, or your sending domain isn't authenticated to hsbc.com's satisfaction. The fastest fix is to run each address through a free email verifier before you send, and to make sure your own SPF, DKIM, and DMARC are configured correctly so hsbc.com's receivers trust you.
How can I verify a large list of hsbc.com email addresses?
Our bulk email verifier accepts CSV or TXT uploads with thousands or millions of hsbc.com addresses (or any mix of domains). Every address goes through 30+ checks including SMTP existence, hsbc.com catch-all detection, role-account detection, and disposable-domain matching. Results typically come back within minutes and previously-failed addresses on your blacklist are reprocessed for free. For continuous high-volume needs, see our unlimited email verification API.
Is it safe to accept signups from hsbc.com email addresses?
Yes, with normal hygiene. hsbc.com is a legitimate email service and signups from @hsbc.com behave like any other real user. Pipe each address through a real-time email verifier API at the moment of signup to catch typos and dead mailboxes, but there is no need to block hsbc.com by default.
What email format does hsbc.com use for usernames?
Most hsbc.com mailboxes follow common patterns like first.last@hsbc.com, firstinitiallast@hsbc.com, or first@hsbc.com, but the actual local-part rules depend on HSBC Holdings. The only reliable way to confirm whether a specific @hsbc.com address exists is to run it through a free email verification tool. Guessing patterns will produce a high bounce rate and damage your sender reputation.
How is the hsbc.com risk score calculated?
The 0-to-100 risk score for hsbc.com combines disposable-domain classification, mail-server reachability, MX record presence and depth, SPF / DKIM / DMARC enforcement, DMARC policy strength, SMTP banner response, and domain age. Lower scores mean safer to send to. Disposable domains are pinned at the high end of the scale. The hsbc.com score is recomputed on every audit so it always reflects the live state of the domain.
Is hsbc.com a valid email domain?
Yes, hsbc.com is the official corporate email domain for HSBC Holdings. It is used for internal business communications.
Is hsbc.com a disposable or temporary email provider?
No, hsbc.com is a corporate email domain belonging to HSBC Holdings, used exclusively by employees and authorized personnel.
What mail server does hsbc.com use?
hsbc.com uses enterprise-grade mail infrastructure. Check the MX records section for specific mail server details.
Can I send marketing emails to hsbc.com addresses?
B2B marketing to hsbc.com requires proper consent. Corporate domains may use catch-all configurations, so verify individual addresses before sending.
How do I verify an email address at hsbc.com?
Corporate domains like hsbc.com may use catch-all configurations that accept all addresses. Use BulkEmailChecker advanced verification to detect catch-all behavior and validate individual mailboxes.