curl "https://domscan.net/v1/dns/security?domain=example.com"
Example Response
{
"domain": "example.com",
"spf": {
"exists": true,
"valid": true,
"policy": "fail",
"includes": ["_spf.google.com"]
},
"dkim": {
"exists": true,
"selectors_found": ["google", "selector1"],
"valid": true
},
"dmarc": {
"exists": true,
"policy": "reject",
"percentage": 100,
"rua": ["mailto:dmarc@example.com"]
},
"dnssec": { "enabled": true, "valid": true },
"caa": { "exists": true, "issuers": ["letsencrypt.org"] },
"security_score": 92,
"security_grade": "A",
"recommendations": ["Consider adding MTA-STS for encrypted email delivery"]
}
Key Features
SPF Analysis
Validate SPF records and check for common misconfigurations.
DKIM Detection
Check for DKIM records across common selectors.
DMARC Validation
Analyze DMARC policy, percentage, and reporting addresses.
DNSSEC Check
Verify DNSSEC is enabled and properly configured.
CAA Records
Check Certificate Authority Authorization configuration.
Security Score
Get a 0-100 score with letter grade (A+ to F).
Actionable Recommendations
Clear guidance on how to improve your security posture.
MTA-STS Detection
Check for Mail Transfer Agent Strict Transport Security.
Frequently Asked Questions
SPF specifies which servers can send email for your domain. DKIM adds a digital signature to emails. DMARC tells receiving servers what to do with emails that fail SPF/DKIM checks. Together they prevent email spoofing.
Proper DNS security prevents email spoofing (phishing attacks pretending to be you), improves email deliverability, and protects your brand reputation.
A score of 85+ (grade A or A+) indicates excellent security. 70-84 (B) is good. Below 70 indicates significant room for improvement.
Common improvements include: adding SPF records with -all, setting up DKIM signing, implementing DMARC with quarantine/reject policy, enabling DNSSEC, and adding CAA records.
Analyze DNS Security for Free
Start for free with 10,000 credits per month. Start checking domains in seconds.
View Full API Documentation