Entwickler-Referenz

E-Mail-Authentifizierung API-Dokumentation

E-Mail-Authentifizierung API-Dokumentation: Umfassende E-Mail-Authentifizierungsprüfung für SPF, DMARC und DKIM-Einträge. Dieser Endpunkt validiert alle drei E-Mail-Authentifizierungsstandards in einer Anfrage und bietet eine Sicherheitsbewertung (A-C) und umsetzbare Empfehlungen. Essentiell für E-Mail-Zustellbarkeits-Fehlerbehebung und Sicherheitshärtung.

E-Mail-Authentifizierung

Umfassende E-Mail-Authentifizierungsprüfung für SPF, DMARC und DKIM-Einträge. Dieser Endpunkt validiert alle drei E-Mail-Authentifizierungsstandards in einer Anfrage und bietet eine Sicherheitsbewertung (A-C) und umsetzbare Empfehlungen. Essentiell für E-Mail-Zustellbarkeits-Fehlerbehebung und Sicherheitshärtung.

GET /v1/email-auth

Abfrageparameter

Parameter	Typ	erforderlich
domain	string	erforderlich

Antwort-Felder

Feld	Typ
`domain`	string
`spf`	object
`spf.record`	string \| null
`spf.lookup_estimate`	integer
`spf.includes[]`	string[]
`spf.redirect`	string \| null
`spf.macros_present`	boolean
`spf.macro_references[]`	string[]
`spf.lookup_walk_count`	integer
`spf.lookup_limit_exceeded`	boolean
`spf.walk[]`	object[]
`spf.walk[]`	object
`spf.walk[].domain`	string
`spf.walk[].depth`	integer
`spf.walk[].record`	string
`spf.walk[].mechanisms[]`	string[]
`spf.walk[].includes[]`	string[]
`spf.walk[].redirect`	string \| null
`spf.walk[].direct_lookup_count`	integer
`spf.walk[].total_lookup_count`	integer
`spf.walk[].macros_present`	boolean
`spf.walk[].macro_references[]`	string[]
`spf.walk[].multiple_records`	integer
`spf.walk_errors[]`	string[]
`dkim[]`	object[]
`dkim[]`	object
`dkim[].selector`	string
`dkim[].record`	string \| null
`dkim[].key_type`	string \| null
`dkim[].key_size`	integer \| null
`dkim_audit`	object
`dkim_audit.selectors_checked[]`	string[]
`dkim_audit.selectors_found[]`	object[]
`dkim_audit.selectors_found[]`	object
`dkim_audit.selectors_found[].selector`	string
`dkim_audit.selectors_found[].dns_name`	string
`dkim_audit.selectors_found[].record`	string \| null
`dkim_audit.selectors_found[].record_type`	string \| null
`dkim_audit.selectors_found[].cname_targets[]`	string[]
`dkim_audit.selectors_found[].provider_hint`	string \| null
`dkim_audit.selectors_found[].key_type`	string \| null
`dkim_audit.selectors_found[].key_size`	integer \| null
`dkim_audit.selectors_found[].valid`	boolean
`dkim_audit.selectors_found[].revoked`	boolean
`dkim_audit.selectors_found[].weak`	boolean
`dkim_audit.selectors_found[].hash_algorithms[]`	string[]
`dkim_audit.selectors_found[].service_type`	string \| null
`dkim_audit.selectors_found[].flags[]`	string[]
`dkim_audit.selectors_found[].issues[]`	string[]
`dkim_audit.total_found`	integer
`dkim_audit.providers_detected[]`	string[]
`dkim_audit.valid_selector_count`	integer
`dkim_audit.weak_selector_count`	integer
`dkim_audit.revoked_selector_count`	integer
`bimi`	object
`bimi.exists`	boolean
`bimi.record`	string \| null
`bimi.valid`	boolean
`bimi.logo_url`	string \| null
`bimi.authority_url`	string \| null
`bimi.logo_fetch_ok`	boolean \| null
`bimi.logo_http_status`	integer \| null
`bimi.logo_content_type`	string \| null
`bimi.logo_bytes`	integer \| null
`bimi.logo_svg_detected`	boolean \| null
`bimi.vmc_present`	boolean
`bimi.vmc_fetched`	boolean \| null
`bimi.vmc_http_status`	integer \| null
`bimi.vmc_content_type`	string \| null
`bimi.vmc_certificate_valid`	boolean \| null
`bimi.vmc_subject`	string \| null
`bimi.vmc_issuer`	string \| null
`bimi.vmc_not_before`	string \| null
`bimi.vmc_not_after`	string \| null
`bimi.vmc_days_to_expiry`	integer \| null
`bimi.vmc_fingerprint_sha256`	string \| null
`bimi.vmc_san_domains[]`	string[]
`bimi.errors[]`	string[]
`dmarc`	object
`dmarc.record`	string \| null
`dmarc.tags`	object
`mta_sts`	object
`mta_sts.exists`	boolean
`mta_sts.record`	string \| null
`mta_sts.valid`	boolean
`mta_sts.policy_id`	string \| null
`mta_sts.policy_fetch_ok`	boolean
`mta_sts.policy_http_status`	integer \| null
`mta_sts.mode`	string \| null
`mta_sts.max_age`	integer \| null
`mta_sts.mx_hosts[]`	string[]
`mta_sts.mx_records[]`	string[]
`mta_sts.policy_matches_mx`	boolean \| null
`mta_sts.uncovered_mx[]`	string[]
`mta_sts.errors[]`	string[]
`tls_rpt`	object
`tls_rpt.exists`	boolean
`tls_rpt.record`	string \| null
`tls_rpt.valid`	boolean
`tls_rpt.rua[]`	string[]
`tls_rpt.errors[]`	string[]
`client_access`	object
`client_access.provider_hint`	object
`client_access.provider_hint.id`	string
`client_access.provider_hint.name`	string
`client_access.mx_records[]`	string[]
`client_access.services[]`	object[]
`client_access.services[]`	object
`client_access.services[].service`	string
`client_access.services[].host`	string
`client_access.services[].port`	integer
`client_access.services[].source`	string
`client_access.services[].priority`	integer \| null
`client_access.services[].weight`	integer \| null
`client_access.services[].tls_mode`	string
`client_access.services[].reachable`	boolean
`client_access.services[].tls_negotiated`	boolean
`client_access.services[].starttls_offered`	boolean \| null
`client_access.services[].protocol`	string \| null
`client_access.services[].cipher`	string \| null
`client_access.services[].certificate`	object
`client_access.services[].certificate.subject`	string
`client_access.services[].certificate.issuer`	string
`client_access.services[].certificate.not_before`	string
`client_access.services[].certificate.not_after`	string
`client_access.services[].certificate.days_to_expiry`	integer
`client_access.services[].certificate.expired`	boolean
`client_access.services[].certificate.san_domains[]`	string[]
`client_access.services[].certificate.public_key_type`	string \| null
`client_access.services[].certificate.public_key_bits`	integer \| null
`client_access.services[].certificate.fingerprint_sha256`	string \| null
`client_access.services[].certificate.hostname_match`	boolean \| null
`client_access.services[].certificate.chain_valid`	boolean
`client_access.services[].certificate.chain_error`	string \| null
`client_access.services[].chain_depth`	integer
`client_access.services[].error`	string \| null
`client_access.reachable_service_count`	integer
`client_access.secure_service_count`	integer
`autodiscover`	object
`autodiscover.provider_hint`	object
`autodiscover.provider_hint.id`	string
`autodiscover.provider_hint.name`	string
`autodiscover.mx_records[]`	string[]
`autodiscover.srv`	object
`autodiscover.srv.autodiscover[]`	object[]
`autodiscover.srv.autodiscover[]`	object
`autodiscover.srv.autodiscover[].priority`	integer
`autodiscover.srv.autodiscover[].weight`	integer
`autodiscover.srv.autodiscover[].port`	integer
`autodiscover.srv.autodiscover[].target`	string
`autodiscover.srv.submission[]`	object[]
`autodiscover.srv.submission[]`	object
`autodiscover.srv.submission[].priority`	integer
`autodiscover.srv.submission[].weight`	integer
`autodiscover.srv.submission[].port`	integer
`autodiscover.srv.submission[].target`	string
`autodiscover.srv.submissions[]`	object[]
`autodiscover.srv.submissions[]`	object
`autodiscover.srv.submissions[].priority`	integer
`autodiscover.srv.submissions[].weight`	integer
`autodiscover.srv.submissions[].port`	integer
`autodiscover.srv.submissions[].target`	string
`autodiscover.srv.imap[]`	object[]
`autodiscover.srv.imap[]`	object
`autodiscover.srv.imap[].priority`	integer
`autodiscover.srv.imap[].weight`	integer
`autodiscover.srv.imap[].port`	integer
`autodiscover.srv.imap[].target`	string
`autodiscover.srv.imaps[]`	object[]
`autodiscover.srv.imaps[]`	object
`autodiscover.srv.imaps[].priority`	integer
`autodiscover.srv.imaps[].weight`	integer
`autodiscover.srv.imaps[].port`	integer
`autodiscover.srv.imaps[].target`	string
`autodiscover.srv.pop3[]`	object[]
`autodiscover.srv.pop3[]`	object
`autodiscover.srv.pop3[].priority`	integer
`autodiscover.srv.pop3[].weight`	integer
`autodiscover.srv.pop3[].port`	integer
`autodiscover.srv.pop3[].target`	string
`autodiscover.srv.pop3s[]`	object[]
`autodiscover.srv.pop3s[]`	object
`autodiscover.srv.pop3s[].priority`	integer
`autodiscover.srv.pop3s[].weight`	integer
`autodiscover.srv.pop3s[].port`	integer
`autodiscover.srv.pop3s[].target`	string
`autodiscover.thunderbird_autoconfig`	object
`autodiscover.thunderbird_autoconfig.subdomain`	object
`autodiscover.thunderbird_autoconfig.subdomain.url`	string
`autodiscover.thunderbird_autoconfig.subdomain.status_code`	integer \| null
`autodiscover.thunderbird_autoconfig.subdomain.content_type`	string \| null
`autodiscover.thunderbird_autoconfig.subdomain.final_url`	string \| null
`autodiscover.thunderbird_autoconfig.subdomain.redirect_count`	integer
`autodiscover.thunderbird_autoconfig.subdomain.incoming[]`	object[]
`autodiscover.thunderbird_autoconfig.subdomain.incoming[]`	object
`autodiscover.thunderbird_autoconfig.subdomain.incoming[].type`	string
`autodiscover.thunderbird_autoconfig.subdomain.incoming[].hostname`	string
`autodiscover.thunderbird_autoconfig.subdomain.incoming[].port`	integer
`autodiscover.thunderbird_autoconfig.subdomain.incoming[].socket_type`	string
`autodiscover.thunderbird_autoconfig.subdomain.incoming[].username`	string
`autodiscover.thunderbird_autoconfig.subdomain.outgoing[]`	object[]
`autodiscover.thunderbird_autoconfig.subdomain.outgoing[]`	object
`autodiscover.thunderbird_autoconfig.subdomain.outgoing[].type`	string
`autodiscover.thunderbird_autoconfig.subdomain.outgoing[].hostname`	string
`autodiscover.thunderbird_autoconfig.subdomain.outgoing[].port`	integer
`autodiscover.thunderbird_autoconfig.subdomain.outgoing[].socket_type`	string
`autodiscover.thunderbird_autoconfig.subdomain.outgoing[].username`	string
`autodiscover.thunderbird_autoconfig.subdomain.error`	string \| null
`autodiscover.thunderbird_autoconfig.well_known`	object
`autodiscover.thunderbird_autoconfig.well_known.url`	string
`autodiscover.thunderbird_autoconfig.well_known.status_code`	integer \| null
`autodiscover.thunderbird_autoconfig.well_known.content_type`	string \| null
`autodiscover.thunderbird_autoconfig.well_known.final_url`	string \| null
`autodiscover.thunderbird_autoconfig.well_known.redirect_count`	integer
`autodiscover.thunderbird_autoconfig.well_known.incoming[]`	object[]
`autodiscover.thunderbird_autoconfig.well_known.incoming[]`	object
`autodiscover.thunderbird_autoconfig.well_known.incoming[].type`	string
`autodiscover.thunderbird_autoconfig.well_known.incoming[].hostname`	string
`autodiscover.thunderbird_autoconfig.well_known.incoming[].port`	integer
`autodiscover.thunderbird_autoconfig.well_known.incoming[].socket_type`	string
`autodiscover.thunderbird_autoconfig.well_known.incoming[].username`	string
`autodiscover.thunderbird_autoconfig.well_known.outgoing[]`	object[]
`autodiscover.thunderbird_autoconfig.well_known.outgoing[]`	object
`autodiscover.thunderbird_autoconfig.well_known.outgoing[].type`	string
`autodiscover.thunderbird_autoconfig.well_known.outgoing[].hostname`	string
`autodiscover.thunderbird_autoconfig.well_known.outgoing[].port`	integer
`autodiscover.thunderbird_autoconfig.well_known.outgoing[].socket_type`	string
`autodiscover.thunderbird_autoconfig.well_known.outgoing[].username`	string
`autodiscover.thunderbird_autoconfig.well_known.error`	string \| null
`autodiscover.outlook_autodiscover`	object
`autodiscover.outlook_autodiscover.url`	string
`autodiscover.outlook_autodiscover.status_code`	integer \| null
`autodiscover.outlook_autodiscover.content_type`	string \| null
`autodiscover.outlook_autodiscover.final_url`	string \| null
`autodiscover.outlook_autodiscover.redirect_count`	integer
`autodiscover.outlook_autodiscover.auth_required`	boolean \| null
`autodiscover.outlook_autodiscover.error`	string \| null
`autodiscover.recommended[]`	object[]
`autodiscover.recommended[]`	object
`autodiscover.recommended[].service`	string
`autodiscover.recommended[].host`	string
`autodiscover.recommended[].port`	integer
`autodiscover.recommended[].tls_mode`	string
`autodiscover.recommended[].source`	string
`grade`	string
`notes[]`	string[]

Beispielanfrage

curl -H "X-API-Key: $DOMSCAN_API_KEY" "https://domscan.net/v1/email-auth?domain=example.com"

Beispielantwort

{
  "domain": "google.com",
  "spf": {
    "record": "v=spf1 include:_spf.google.com ~all",
    "lookup_estimate": 1,
    "includes": [
      "_spf.google.com"
    ],
    "redirect": null,
    "macros_present": false,
    "macro_references": [],
    "lookup_walk_count": 1,
    "lookup_limit_exceeded": false,
    "walk": [
      {
        "domain": "google.com",
        "depth": 0,
        "record": "v=spf1 include:_spf.google.com ~all",
        "mechanisms": [
          "include:_spf.google.com",
          "~all"
        ],
        "includes": [
          "_spf.google.com"
        ],
        "redirect": null,
        "direct_lookup_count": 1,
        "total_lookup_count": 1,
        "macros_present": false,
        "macro_references": [],
        "multiple_records": 1
      }
    ],
    "walk_errors": []
  },
  "dkim": [
    {
      "selector": "google",
      "record": "v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A",
      "key_type": "rsa",
      "key_size": 2048
    }
  ],
  "dkim_audit": {
    "selectors_checked": [
      "google",
      "default",
      "selector1",
      "selector2"
    ],
    "selectors_found": [
      {
        "selector": "google",
        "dns_name": "google._domainkey.google.com",
        "record": "v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A",
        "record_type": "TXT",
        "cname_targets": [],
        "provider_hint": "Google Workspace",
        "key_type": "rsa",
        "key_size": 2048,
        "valid": true,
        "revoked": false,
        "weak": false,
        "hash_algorithms": [
          "sha256"
        ],
        "service_type": "email",
        "flags": [
          "s"
        ],
        "issues": []
      }
    ],
    "total_found": 1,
    "providers_detected": [
      "Google Workspace"
    ],
    "valid_selector_count": 1,
    "weak_selector_count": 0,
    "revoked_selector_count": 0
  },
  "bimi": {
    "exists": true,
    "record": "v=BIMI1; l=https://example.com/logo.svg; a=https://example.com/vmc.pem",
    "valid": true,
    "logo_url": "https://example.com/logo.svg",
    "authority_url": "https://example.com/vmc.pem",
    "logo_fetch_ok": true,
    "logo_http_status": 200,
    "logo_content_type": "image/svg+xml",
    "logo_bytes": 2048,
    "logo_svg_detected": true,
    "vmc_present": true,
    "vmc_fetched": true,
    "vmc_http_status": 200,
    "vmc_content_type": "application/x-pem-file",
    "vmc_certificate_valid": true,
    "vmc_subject": "/CN=Example Inc VMC",
    "vmc_issuer": "/CN=Example Issuer",
    "vmc_not_before": "2026-01-01T00:00:00Z",
    "vmc_not_after": "2027-01-01T00:00:00Z",
    "vmc_days_to_expiry": 258,
    "vmc_fingerprint_sha256": "AA:BB:CC:DD",
    "vmc_san_domains": [
      "google.com"
    ],
    "errors": []
  },
  "dmarc": {
    "record": "v=DMARC1; p=reject; rua=mailto:mailauth-reports@google.com",
    "tags": {
      "v": "DMARC1",
      "p": "reject",
      "rua": "mailto:mailauth-reports@google.com"
    }
  },
  "mta_sts": {
    "exists": true,
    "record": "v=STSv1; id=2024010101Z",
    "valid": true,
    "policy_id": "2024010101Z",
    "policy_fetch_ok": true,
    "policy_http_status": 200,
    "mode": "enforce",
    "max_age": 86400,
    "mx_hosts": [
      "*.google.com"
    ],
    "mx_records": [
      "aspmx.l.google.com"
    ],
    "policy_matches_mx": true,
    "uncovered_mx": [],
    "errors": []
  },
  "tls_rpt": {
    "exists": true,
    "record": "v=TLSRPTv1; rua=mailto:sts-reports@google.com",
    "valid": true,
    "rua": [
      "mailto:sts-reports@google.com"
    ],
    "errors": []
  },
  "client_access": {
    "provider_hint": {
      "id": "google_workspace",
      "name": "Google Workspace"
    },
    "mx_records": [
      "aspmx.l.google.com"
    ],
    "services": [
      {
        "service": "imap",
        "host": "imap.gmail.com",
        "port": 993,
        "source": "provider_default",
        "priority": null,
        "weight": null,
        "tls_mode": "implicit",
        "reachable": true,
        "tls_negotiated": true,
        "starttls_offered": null,
        "protocol": "TLSv1.3",
        "cipher": "TLS_AES_256_GCM_SHA384",
        "certificate": {
          "subject": "/CN=imap.gmail.com",
          "issuer": "/CN=WR2",
          "not_before": "2026-01-01T00:00:00Z",
          "not_after": "2026-07-01T00:00:00Z",
          "days_to_expiry": 70,
          "expired": false,
          "san_domains": [
            "imap.gmail.com"
          ],
          "public_key_type": "EC",
          "public_key_bits": 256,
          "fingerprint_sha256": "CC:DD:EE:FF",
          "hostname_match": true,
          "chain_valid": true,
          "chain_error": null
        },
        "chain_depth": 2,
        "error": null
      }
    ],
    "reachable_service_count": 1,
    "secure_service_count": 1
  },
  "autodiscover": {
    "provider_hint": {
      "id": "google_workspace",
      "name": "Google Workspace"
    },
    "mx_records": [
      "aspmx.l.google.com"
    ],
    "srv": {
      "autodiscover": [],
      "submission": [],
      "submissions": [],
      "imap": [],
      "imaps": [],
      "pop3": [],
      "pop3s": []
    },
    "thunderbird_autoconfig": {
      "subdomain": {
        "url": "https://autoconfig.google.com/mail/config-v1.1.xml?emailaddress=postmaster%40google.com",
        "status_code": 404,
        "content_type": "text/html",
        "final_url": "https://autoconfig.google.com/mail/config-v1.1.xml?emailaddress=postmaster%40google.com",
        "redirect_count": 0,
        "incoming": [],
        "outgoing": [],
        "error": null
      },
      "well_known": {
        "url": "https://google.com/.well-known/autoconfig/mail/config-v1.1.xml?emailaddress=postmaster%40google.com",
        "status_code": 200,
        "content_type": "application/xml",
        "final_url": "https://google.com/.well-known/autoconfig/mail/config-v1.1.xml?emailaddress=postmaster%40google.com",
        "redirect_count": 0,
        "incoming": [
          {
            "type": "imap",
            "hostname": "imap.gmail.com",
            "port": 993,
            "socket_type": "SSL"
          }
        ],
        "outgoing": [
          {
            "type": "smtp",
            "hostname": "smtp.gmail.com",
            "port": 587,
            "socket_type": "STARTTLS"
          }
        ],
        "error": null
      }
    },
    "outlook_autodiscover": {
      "url": "https://autodiscover.google.com/autodiscover/autodiscover.xml",
      "status_code": 401,
      "content_type": "text/html",
      "final_url": "https://autodiscover.google.com/autodiscover/autodiscover.xml",
      "redirect_count": 0,
      "auth_required": true,
      "error": null
    },
    "recommended": [
      {
        "service": "imap",
        "host": "imap.gmail.com",
        "port": 993,
        "tls_mode": "implicit",
        "source": "provider_default"
      }
    ]
  },
  "grade": "A",
  "notes": []
}

POST /v1/tools/spf/build

Body-Parameter

Parameter	Typ	erforderlich
include	string[]	optional
ip4	string[]	optional
ip6	string[]	optional
a	boolean	optional
mx	boolean	optional
redirect	string	optional
all	string	erforderlich

Antwort-Felder

Feld	Typ
`record`	string
`dns_name`	string
`record_type`	string
`dns_lookups`	integer
`valid`	boolean
`warnings[]`	string[]
`explanation`	object

Beispielanfrage

curl -X POST "https://domscan.net/v1/tools/spf/build" \
  -H "Content-Type: application/json" \
  -H "X-API-Key: $DOMSCAN_API_KEY" \
  -d '{
  "include": [
    "string"
  ],
  "ip4": [
    "198.51.100.10"
  ],
  "ip6": [
    "198.51.100.10"
  ],
  "a": true,
  "mx": true,
  "redirect": "string",
  "all": "pass"
}'

Beispielantwort

{
  "record": "string",
  "dns_name": "string",
  "record_type": "string",
  "dns_lookups": 1,
  "valid": true,
  "warnings": [
    "string"
  ],
  "explanation": {}
}

POST /v1/tools/spf/validate

Body-Parameter

Parameter	Typ	erforderlich
record	string	optional
domain	string	optional

Antwort-Felder

Feld	Typ
`valid`	boolean
`version`	string
`mechanisms[]`	object[]
`mechanisms[]`	object
`dns_lookups`	integer
`lookup_limit_exceeded`	boolean
`policy`	string
`issues[]`	string[]
`warnings[]`	string[]

Beispielanfrage

curl -X POST "https://domscan.net/v1/tools/spf/validate" \
  -H "Content-Type: application/json" \
  -H "X-API-Key: $DOMSCAN_API_KEY" \
  -d '{
  "record": "string",
  "domain": "example.com"
}'

Beispielantwort

{
  "valid": true,
  "version": "string",
  "mechanisms": [
    {}
  ],
  "dns_lookups": 1,
  "lookup_limit_exceeded": true,
  "policy": "string",
  "issues": [
    "string"
  ],
  "warnings": [
    "string"
  ]
}

POST /v1/tools/spf/flatten

Body-Parameter

Parameter	Typ	erforderlich
domain	string	erforderlich

Antwort-Felder

Feld	Typ
`domain`	string
`original_record`	string
`flattened_record`	string
`original_lookups`	integer
`flattened_lookups`	integer
`resolved_ips`	object
`warnings[]`	string[]

Beispielanfrage

curl -X POST "https://domscan.net/v1/tools/spf/flatten" \
  -H "Content-Type: application/json" \
  -H "X-API-Key: $DOMSCAN_API_KEY" \
  -d '{
  "domain": "example.com"
}'

Beispielantwort

{
  "domain": "example.com",
  "original_record": "string",
  "flattened_record": "string",
  "original_lookups": 1,
  "flattened_lookups": 1,
  "resolved_ips": {},
  "warnings": [
    "string"
  ]
}

POST /v1/tools/dmarc/build

Body-Parameter

Parameter	Typ	erforderlich
policy	string	erforderlich
subdomain_policy	string	optional
percentage	integer	optional
rua	string[]	optional
ruf	string[]	optional
adkim	string	optional
aspf	string	optional

Antwort-Felder

Feld	Typ
`record`	string
`dns_name`	string
`record_type`	string
`valid`	boolean
`explanation`	object

Beispielanfrage

curl -X POST "https://domscan.net/v1/tools/dmarc/build" \
  -H "Content-Type: application/json" \
  -H "X-API-Key: $DOMSCAN_API_KEY" \
  -d '{
  "policy": "none",
  "subdomain_policy": "none",
  "percentage": 1,
  "rua": [
    "string"
  ],
  "ruf": [
    "string"
  ],
  "adkim": "relaxed",
  "aspf": "relaxed"
}'

Beispielantwort

{
  "record": "string",
  "dns_name": "string",
  "record_type": "string",
  "valid": true,
  "explanation": {}
}

POST /v1/tools/dmarc/validate

Body-Parameter

Parameter	Typ	erforderlich
record	string	optional
domain	string	optional

Antwort-Felder

Feld	Typ
`valid`	boolean
`version`	string
`policy`	string
`subdomain_policy`	string
`percentage`	integer
`rua[]`	string[]
`ruf[]`	string[]
`strength`	string
`issues[]`	string[]
`warnings[]`	string[]

Beispielanfrage

curl -X POST "https://domscan.net/v1/tools/dmarc/validate" \
  -H "Content-Type: application/json" \
  -H "X-API-Key: $DOMSCAN_API_KEY" \
  -d '{
  "record": "string",
  "domain": "example.com"
}'

Beispielantwort

{
  "valid": true,
  "version": "string",
  "policy": "string",
  "subdomain_policy": "example.com",
  "percentage": 1,
  "rua": [
    "string"
  ],
  "ruf": [
    "string"
  ],
  "strength": "strong",
  "issues": [
    "string"
  ],
  "warnings": [
    "string"
  ]
}

GET /v1/tools/dkim/check

Abfrageparameter

Parameter	Typ	erforderlich
domain	string	erforderlich
selector	string	erforderlich

Antwort-Felder

Feld	Typ
`domain`	string
`selector`	string
`dns_name`	string
`exists`	boolean
`valid`	boolean
`record`	string
`key_type`	string
`key_size`	integer
`issues[]`	string[]

Beispielanfrage

curl -H "X-API-Key: $DOMSCAN_API_KEY" "https://domscan.net/v1/tools/dkim/check?domain=example.com&selector=example.com"

Beispielantwort

{
  "domain": "example.com",
  "selector": "string",
  "dns_name": "string",
  "exists": true,
  "valid": true,
  "record": "string",
  "key_type": "string",
  "key_size": 1,
  "issues": [
    "string"
  ]
}

GET /v1/tools/dkim/discover

Abfrageparameter

Parameter	Typ	erforderlich
domain	string	erforderlich

Antwort-Felder

Feld	Typ
`domain`	string
`selectors_checked[]`	string[]
`selectors_found[]`	object[]
`selectors_found[]`	object
`selectors_found[].selector`	string
`selectors_found[].dns_name`	string
`selectors_found[].exists`	boolean
`selectors_found[].record`	string \| null
`selectors_found[].record_type`	string \| null
`selectors_found[].cname_targets[]`	string[]
`selectors_found[].key_type`	string
`selectors_found[].key_size`	integer
`selectors_found[].provider_hint`	string
`selectors_found[].valid`	boolean
`selectors_found[].revoked`	boolean
`selectors_found[].weak`	boolean
`selectors_found[].hash_algorithms[]`	string[]
`selectors_found[].service_type`	string \| null
`selectors_found[].flags[]`	string[]
`selectors_found[].issues[]`	string[]
`total_found`	integer
`common_providers_detected[]`	string[]
`providers_detected[]`	string[]
`valid_selector_count`	integer
`weak_selector_count`	integer
`revoked_selector_count`	integer

Beispielanfrage

curl -H "X-API-Key: $DOMSCAN_API_KEY" "https://domscan.net/v1/tools/dkim/discover?domain=example.com"

Beispielantwort

{
  "domain": "example.com",
  "selectors_checked": [
    "string"
  ],
  "selectors_found": [
    {
      "selector": "string",
      "dns_name": "string",
      "exists": true,
      "record": "string",
      "record_type": "TXT",
      "cname_targets": [
        "string"
      ],
      "key_type": "string",
      "key_size": 1,
      "provider_hint": "string",
      "valid": true,
      "revoked": true,
      "weak": true,
      "hash_algorithms": [
        "string"
      ],
      "service_type": "string",
      "flags": [
        "string"
      ],
      "issues": [
        "string"
      ]
    }
  ],
  "total_found": 1,
  "common_providers_detected": [
    "string"
  ],
  "providers_detected": [
    "string"
  ],
  "valid_selector_count": 1,
  "weak_selector_count": 1,
  "revoked_selector_count": 1
}

GET /v1/email/compliance

Abfrageparameter

Parameter	Typ	erforderlich
domain	string	erforderlich
selectors	string	optional
providers	string	optional

Antwort-Felder

Feld	Typ
`domain`	string
`status`	string
`score`	integer
`grade`	string
`provider_readiness`	object
`provider_readiness.google`	object
`provider_readiness.google.provider`	string
`provider_readiness.google.display_name`	string
`provider_readiness.google.status`	string
`provider_readiness.google.dns_visible_status`	string
`provider_readiness.google.requirements[]`	object[]
`provider_readiness.google.requirements[]`	object
`provider_readiness.google.requirements[].id`	string
`provider_readiness.google.requirements[].label`	string
`provider_readiness.google.requirements[].status`	string
`provider_readiness.google.requirements[].severity`	string
`provider_readiness.google.requirements[].category`	string
`provider_readiness.google.requirements[].evidence`	string
`provider_readiness.google.requirements[].recommendation`	string
`provider_readiness.google.verification_required[]`	string[]
`provider_readiness.google.notes[]`	string[]
`provider_readiness.microsoft`	object
`provider_readiness.microsoft.provider`	string
`provider_readiness.microsoft.display_name`	string
`provider_readiness.microsoft.status`	string
`provider_readiness.microsoft.dns_visible_status`	string
`provider_readiness.microsoft.requirements[]`	object[]
`provider_readiness.microsoft.requirements[]`	object
`provider_readiness.microsoft.requirements[].id`	string
`provider_readiness.microsoft.requirements[].label`	string
`provider_readiness.microsoft.requirements[].status`	string
`provider_readiness.microsoft.requirements[].severity`	string
`provider_readiness.microsoft.requirements[].category`	string
`provider_readiness.microsoft.requirements[].evidence`	string
`provider_readiness.microsoft.requirements[].recommendation`	string
`provider_readiness.microsoft.verification_required[]`	string[]
`provider_readiness.microsoft.notes[]`	string[]
`summary`	object
`summary.authentication`	object
`summary.transport`	object
`summary.dns_security`	object
`summary.brand_trust`	object
`action_items[]`	object[]
`action_items[]`	object
`action_items[].priority`	string
`action_items[].category`	string
`action_items[].title`	string
`action_items[].detail`	string
`action_items[].fix`	string
`evidence`	object
`evidence.email_auth`	object
`evidence.dns_security`	object
`proxy`	object
`proxy.configured`	boolean
`proxy.enriched`	boolean
`proxy.checks[]`	string[]
`limitations[]`	string[]
`checked_at`	string
`check_duration_ms`	integer

Beispielanfrage

curl -H "X-API-Key: $DOMSCAN_API_KEY" "https://domscan.net/v1/email/compliance?domain=example.com&selectors=google%2Cselector1%2Csendgrid&providers=google%2Cmicrosoft"

Beispielantwort

{
  "domain": "example.com",
  "status": "warn",
  "score": 82,
  "grade": "B",
  "provider_readiness": {
    "google": {
      "provider": "google",
      "display_name": "Google/Gmail bulk sender readiness",
      "status": "pass",
      "dns_visible_status": "pass",
      "requirements": [
        {
          "id": "google_spf",
          "label": "SPF must be configured for bulk senders",
          "status": "pass",
          "severity": "critical",
          "category": "dns",
          "evidence": "SPF policy: softfail",
          "recommendation": "Publish one valid SPF record that covers every approved sending platform."
        },
        {
          "id": "google_alignment",
          "label": "From domain must align with either SPF or DKIM on live messages",
          "status": "unknown",
          "severity": "high",
          "category": "message",
          "evidence": "Alignment requires Authentication-Results from a real sent message",
          "recommendation": "Send a test message and verify SPF or DKIM alignment."
        }
      ],
      "verification_required": [
        "From domain must align with either SPF or DKIM on live messages",
        "Outbound mail must be transmitted over TLS"
      ],
      "notes": [
        "Status is based on DNS-visible controls. Live sending requirements still need message-header and sender-platform verification."
      ]
    },
    "microsoft": {
      "provider": "microsoft",
      "display_name": "Microsoft Outlook.com high-volume sender readiness",
      "status": "pass",
      "dns_visible_status": "pass",
      "requirements": [],
      "verification_required": [
        "DMARC must align with either SPF or DKIM"
      ],
      "notes": [
        "Status is based on DNS-visible controls. Live sending requirements still need message-header and sender-platform verification."
      ]
    }
  },
  "summary": {
    "authentication": {
      "spf": {
        "status": "pass",
        "record": "v=spf1 include:_spf.example.com ~all",
        "policy": "softfail",
        "lookup_count": 3,
        "lookup_limit_exceeded": false
      },
      "dkim": {
        "status": "pass",
        "selectors_checked": [
          "google",
          "selector1",
          "sendgrid"
        ],
        "selectors_found": [
          "google"
        ],
        "valid_selector_count": 1,
        "weak_selector_count": 0,
        "revoked_selector_count": 0,
        "providers_detected": [
          "Google Workspace"
        ]
      },
      "dmarc": {
        "status": "warn",
        "record": "v=DMARC1; p=none; rua=mailto:dmarc@example.com",
        "policy": "none",
        "subdomain_policy": null,
        "percentage": 100,
        "rua": [
          "mailto:dmarc@example.com"
        ],
        "alignment_mode": {
          "spf": null,
          "dkim": null
        }
      }
    },
    "transport": {
      "mta_sts": {
        "status": "pass",
        "mode": "enforce",
        "policy_fetch_ok": true,
        "policy_matches_mx": true
      },
      "tls_rpt": {
        "status": "pass",
        "rua": [
          "mailto:tls@example.com"
        ]
      },
      "mx_records": [
        "aspmx.l.google.com"
      ],
      "client_access_secure_services": 1
    },
    "dns_security": {
      "dnssec": "pass",
      "caa": "pass",
      "zone_transfer": "pass",
      "authoritative_consistency": "pass",
      "blacklist": "pass"
    },
    "brand_trust": {
      "bimi": "unknown",
      "vmc": "unknown"
    }
  },
  "action_items": [
    {
      "priority": "medium",
      "category": "authentication",
      "title": "Move DMARC beyond monitoring mode",
      "detail": "DMARC is valid but still uses p=none.",
      "fix": "After reviewing aggregate reports, move to p=quarantine or p=reject."
    }
  ],
  "evidence": {
    "email_auth": {
      "spf": {
        "record": "v=spf1 include:_spf.example.com ~all"
      },
      "dmarc": {
        "record": "v=DMARC1; p=none; rua=mailto:dmarc@example.com"
      }
    },
    "dns_security": {
      "security_score": 86,
      "security_grade": "B"
    }
  },
  "proxy": {
    "configured": true,
    "enriched": true,
    "checks": [
      "spf_walk",
      "mail_policies",
      "dkim_audit",
      "bimi_audit"
    ]
  },
  "limitations": [
    "DNS-visible checks cannot prove live message-level SPF, DKIM, DMARC alignment, RFC 5322 formatting, spam rate, or one-click unsubscribe behavior."
  ],
  "checked_at": "2026-04-26T12:00:00Z",
  "check_duration_ms": 642
}