Several weeks ago, I noticed that the elite 2-letter dot-com domain name EM.com had changed hands, with the “WHOIS” information of MarkMonitor’s stealth acquisition unit:
https://twitter.com/GeorgeKirikos/status/1697188222302859628
I’ve been monitoring that domain since that time, and it appears that Exxon Mobil is NOT the new owner of the domain name!
Instead, using the “dig” tool to view the TXT records for the EM.com domain name, I saw that they finally came alive very recently, with values for the SPF records (which relate to email) of:
“v=spf1 ip4:38.133.153.128/26 ip4:216.251.248.18 ip4:208.185.229.40/29 ip4:208.18” “5.235.45 ip4:139.131.76.33 ip4:207.166.92.11 ip4:207.166.95.11 ip4:74.209.251.0/” “24 ip4:199.255.192.0/22 ip4:199.127.232.0/22 ip4:54.240.0.0/18 ip4:213.139.100.4” “8 ip4:207.166.92.11 ip4:207.166.95.11 ip4:216.20.248.25 ip4:216.20.244.25 ip4:19” “9.102.164.25 ip4:35.163.201.1 ip4:35.166.146.0 ip4:35.167.47.63 ip4:18.219.199.1” “49 ip4:35.190.247.0/24 include:_spf.google.com include:sendgrid.net include:mail” “.zendesk.com include:spf.tmes.trendmicro.com ?all”
and the MX records (for delivery of email) have delivery of email to the server:
ehi1.in.tmes.trendmicro.com.
Using the “Reverse MX” tool at WhoisXMLAPI, I noticed that there were only 70 records, and they’re all related to Enterprise Holdings, which owns brands like Alamo, National, and of course Enterprise. According to their website, they’re the 9th largest private company in the USA, with $30 billion in revenue for 2022, and 80,000 global employees.
They own the 3-letter domain name “ehi.com” (which presumably is the “ehi” in “ehi1.in.tmes.trendmicro.com”!!), and it turns out that the SPF records for ehi.com (using the “dig” tool) are:
“v=spf1 ip4:38.133.153.128/26 ip4:216.251.248.18 ip4:208.185.229.40/29 ip4:208.185.235.45 ip4:139.131.76.33 ip4:207.166.92.11″ ” ip4:207.166.95.11 ip4:74.209.251.0/24 ip4:199.255.192.0/22 ip4:199.127.232.0/22 ip4:54.240.0.0/18″ ” ip4:213.139.100.48 ip4:207.166.92.11 ip4:207.166.95.11 ip4:216.20.248.25 ip4:216.20.244.25 ip4:199.102.164.25 ip4:35.163.201.1 ip4:35.166.146.0″ ” ip4:35.167.47.63 ip4:18.219.199.149 ip4:35.190.247.0/24 include:_spf.google.com include:sendgrid.net include:mail.zendesk.com include:spf.tmes.trendmicro.com -all”
which nearly matches those for “em.com”. [It appears someone botched the “copy and paste” of ehi.com’s records, as some values appear to have been split by mistake, e.g. it should be “include:mail.zendesk.com”, as in the one for ehi.com, but instead it was “include:mail” and “.zendesk.com”). Same mistake for some of the IP addresses, e.g “ip4:208.18” “5.235.45” should be “ip4:208.185.235.45”]
Thus, while we wait for a live website to provide absolute confirmation, we can conclude with a high degree of confidence that Enterprise Holdings is the new owner of the em.com domain name. Perhaps this will be used for a rebranding of the company (instead of “Holdings”, the “M” might stand for “Mobility” as they describe themselves as a leader in transportation and mobility).