From ad869a14533f33ab2429f23a3d056ac6abdec228 Mon Sep 17 00:00:00 2001
From: rxerium <rishi@rxerium.com>
Date: Sat, 20 Dec 2025 10:02:43 +0000
Subject: [PATCH] additional MX record mappings

---
 dns/mx-service-detector.yaml | 37 +++++++++++++++++++++++++++++++++++-
 1 file changed, 36 insertions(+), 1 deletion(-)

diff --git a/dns/mx-service-detector.yaml b/dns/mx-service-detector.yaml
index ddcb77cd1b4..ef3f7354cbb 100644
--- a/dns/mx-service-detector.yaml
+++ b/dns/mx-service-detector.yaml
@@ -2,7 +2,7 @@ id: mx-service-detector
 
 info:
   name: Email Service Detector
-  author: binaryfigments
+  author: binaryfigments,rxerium
   severity: info
   description: An email service was detected. Check the email service or spam filter that is used for a domain.
   classification:
@@ -81,4 +81,39 @@ dns:
         words:
           - "mx1-us1.ppe-hosted.com"
           - "mx2-us1.ppe-hosted.com"
+
+      - type: word
+        name: "Mimecast"
+        words:
+          - "mimecast.com"
+
+      - type: word
+        name: "Cisco IronPort"
+        words:
+          - "iphmx.com"
+
+      - type: word
+        name: "Trellix (FireEye)"
+        words:
+          - "fireeyecloud.com"
+
+      - type: word
+        name: "Symantec MessageLabs"
+        words:
+          - "messagelabs.com"
+
+      - type: word
+        name: "MailSpamProtection"
+        words:
+          - "mailspamprotection.com"
+
+      - type: word
+        name: "Retarus"
+        words:
+          - "retarus.com"
+
+      - type: word
+        name: "Rackspace Email"
+        words:
+          - "emailsrvr.com"
 # digest: 4a0a0047304502200c1a99f97683a85c392e8322510bdd4b13f863fd322c0c4447e27eed1075f4f6022100ed30b2a41e0143c7b89f75695060805a3f3c9e05d8650d841a2f99cd948ce4ae:922c64590222798bb761d5b6d8e72950
\ No newline at end of file