Security 1 Endpoints 8 Key Features

Email Authentication Checker API

Validate DMARC, SPF, and DKIM configurations for any domain. Essential for email deliverability, security auditing, and protecting against email spoofing and phishing attacks.

Category Security
Endpoints 1
Key Features 8
Frequently Asked Questions 4

Used by people at amazing companies

VercelLLM PulseOLXCasa ModernaPipeCal.comBeehiivSnykTogglRemoteSprigDeel

Trust signals before you integrate

Transparent docs, authenticated requests, and visible reliability details make it easier to evaluate DomScan before you ship.

99.99% Uptime

Production-ready endpoints are designed for 99.99% uptime and documented status handling.

OpenAPI API artifacts

OpenAPI, Swagger, Postman, CLI, SDK, and MCP links are one click away.

API keys Protected access

Authenticated endpoints use API keys with clear credit costs before you call them.

10,000 Free allowance

Start with 10,000 monthly credits and upgrade only when usage grows.

What this API helps you ship

Use this page as a production brief: endpoints, examples, response shape, and the workflow pieces needed to plug DomScan into your own product.

Product workflows

Embed domain checks, DNS intelligence, risk signals, or enrichment into onboarding, search, and internal tools.

Analyst automation

Replace repeated manual lookups with scheduled jobs, alerting, and reproducible investigation steps.

Clean JSON data

Use predictable fields, documented status codes, and credit costs instead of scraping provider pages.

AI and ops tooling

Feed agents, dashboards, SOAR playbooks, and CRMs through OpenAPI, SDK, Postman, or MCP.

Integration workflow

A simple path from first request to repeatable production usage.

1
Authenticate once

Send your API key with the documented header and keep requests consistent across services.

2
Query with examples

Start from the curl and HTTP samples, then map the parameters into your application code.

3
Operate and monitor

Use status codes, credit costs, and response fields to build retries, logs, and alerts.

Developer kit

Jump from this page into machine-readable docs, request collections, SDKs, or agent tooling.

Parameters and response map

Scan the inputs, output fields, and status codes before wiring the endpoint into your client.

Request parameters

Parameter

domain
Response fields

Example Response

domainspfspf.recordspf.lookup_estimatespf.includesspf.redirectspf.macros_presentspf.macro_referencesspf.lookup_walk_countspf.lookup_limit_exceededspf.walkspf.walk_errors
Status coverage

HTTP Status Codes

200400402429500502503504

Endpoints

GET /v1/email-auth
Credits: 2Authentication: optional
domain

Trust signals before you integrate

Transparent docs, authenticated requests, and visible reliability details make it easier to evaluate DomScan before you ship.

Uptime API artifacts

OpenAPI, Swagger, Postman, CLI, SDK, and MCP links are one click away.

API keys Protected access

Authenticated endpoints use API keys with clear credit costs before you call them.

Free allowance Sign Up for Free

Start with 10,000 monthly credits and upgrade only when usage grows.

Active Example Request

Start from the curl and HTTP samples, then map the parameters into your application code.

Key Features

SPF Validation

Parse and validate Sender Policy Framework records.

DMARC Analysis

Check DMARC policy configuration and reporting.

DKIM Verification

Validate DomainKeys Identified Mail signatures.

Security Grade

Get an overall A-F grade for email security posture.

Actionable Recommendations

Receive specific fixes for misconfigurations.

Multiple Selector Support

Check common DKIM selectors automatically.

Policy Explanation

Understand what each policy means in plain English.

Spoofing Risk Assessment

Evaluate vulnerability to email spoofing attacks.

Example Request

GET /v1/email-auth bash
Open
curl -H "X-API-Key: $DOMSCAN_API_KEY" "https://domscan.net/v1/email-auth?domain=google.com"

Example Response

200 OK json
{
  "domain": "google.com",
  "spf": {
    "record": "v=spf1 include:_spf.google.com ~all",
    "lookup_estimate": 1,
    "includes": [
      "_spf.google.com"
    ],
    "redirect": null,
    "macros_present": false,
    "macro_references": [],
    "lookup_walk_count": 1,
    "lookup_limit_exceeded": false,
    "walk": [
      {
        "domain": "google.com",
        "depth": 0,
        "record": "v=spf1 include:_spf.google.com ~all",
        "mechanisms": [
          "include:_spf.google.com",
          "~all"
        ],
        "includes": [
          "_spf.google.com"
        ],
        "redirect": null,
        "direct_lookup_count": 1,
        "total_lookup_count": 1,
        "macros_present": false,
        "macro_references": [],
        "multiple_records": 1
      }
    ],
    "walk_errors": [],
    "lookup_tree": {
      "root_domain": "google.com",
      "node_count": 1,
      "max_depth": 0,
      "cycles_detected": [],
      "nodes": [
        {
          "domain": "google.com",
          "depth": 0,
          "status": "present",
          "direct_lookup_count": 1,
          "total_lookup_count": 1,
          "includes": [
            "_spf.google.com"
          ],
          "redirect": null,
          "mechanisms": [
            "include:_spf.google.com",
            "~all"
          ],
          "errors": []
        }
      ],
      "edges": [
        {
          "from": "google.com",
          "to": "_spf.google.com",
          "type": "include"
        }
      ]
    }
  },
  "dkim": [
    {
      "selector": "google",
      "record": "v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A",
      "key_type": "rsa",
      "key_size": 2048
    }
  ],
  "dkim_audit": {
    "selectors_checked": [
      "google",
      "default",
      "selector1",
      "selector2"
    ],
    "selectors_found": [
      {
        "selector": "google",
        "dns_name": "google._domainkey.google.com",
        "record": "v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A",
        "record_type": "TXT",
        "cname_targets": [],
        "provider_hint": "Google Workspace",
        "key_type": "rsa",
        "key_size": 2048,
        "valid": true,
        "revoked": false,
        "weak": false,
        "hash_algorithms": [
          "sha256"
        ],
        "service_type": "email",
        "flags": [
          "s"
        ],
        "issues": []
      }
    ],
    "total_found": 1,
    "providers_detected": [
      "Google Workspace"
    ],
    "valid_selector_count": 1,
    "weak_selector_count": 0,
    "revoked_selector_count": 0
  },
  "bimi": {
    "exists": true,
    "record": "v=BIMI1; l=https://example.com/logo.svg; a=https://example.com/vmc.pem",
    "valid": true,
    "logo_url": "https://example.com/logo.svg",
    "authority_url": "https://example.com/vmc.pem",
    "logo_fetch_ok": true,
    "logo_http_status": 200,
    "logo_content_type": "image/svg+xml",
    "logo_bytes": 2048,
    "logo_svg_detected": true,
    "vmc_present": true,
    "vmc_fetched": true,
    "vmc_http_status": 200,
    "vmc_content_type": "application/x-pem-file",
    "vmc_certificate_valid": true,
    "vmc_subject": "/CN=Example Inc VMC",
    "vmc_issuer": "/CN=Example Issuer",
    "vmc_not_before": "2026-01-01T00:00:00Z",
    "vmc_not_after": "2027-01-01T00:00:00Z",
    "vmc_days_to_expiry": 258,
    "vmc_fingerprint_sha256": "AA:BB:CC:DD",
    "vmc_san_domains": [
      "google.com"
    ],
    "errors": []
  },
  "dmarc": {
    "record": "v=DMARC1; p=reject; rua=mailto:mailauth-reports@google.com",
    "tags": {
      "v": "DMARC1",
      "p": "reject",
      "rua": "mailto:mailauth-reports@google.com"
    }
  },
  "mta_sts": {
    "exists": true,
    "record": "v=STSv1; id=2024010101Z",
    "valid": true,
    "policy_id": "2024010101Z",
    "policy_fetch_ok": true,
    "policy_http_status": 200,
    "mode": "enforce",
    "max_age": 86400,
    "mx_hosts": [
      "*.google.com"
    ],
    "mx_records": [
      "aspmx.l.google.com"
    ],
    "policy_matches_mx": true,
    "uncovered_mx": [],
    "errors": []
  },
  "tls_rpt": {
    "exists": true,
    "record": "v=TLSRPTv1; rua=mailto:sts-reports@google.com",
    "valid": true,
    "rua": [
      "mailto:sts-reports@google.com"
    ],
    "errors": []
  },
  "client_access": {
    "provider_hint": {
      "id": "google_workspace",
      "name": "Google Workspace"
    },
    "mx_records": [
      "aspmx.l.google.com"
    ],
    "services": [
      {
        "service": "imap",
        "host": "imap.gmail.com",
        "port": 993,
        "source": "provider_default",
        "priority": null,
        "weight": null,
        "tls_mode": "implicit",
        "reachable": true,
        "tls_negotiated": true,
        "starttls_offered": null,
        "protocol": "TLSv1.3",
        "cipher": "TLS_AES_256_GCM_SHA384",
        "certificate": {
          "subject": "/CN=imap.gmail.com",
          "issuer": "/CN=WR2",
          "not_before": "2026-01-01T00:00:00Z",
          "not_after": "2026-07-01T00:00:00Z",
          "days_to_expiry": 70,
          "expired": false,
          "san_domains": [
            "imap.gmail.com"
          ],
          "public_key_type": "EC",
          "public_key_bits": 256,
          "fingerprint_sha256": "CC:DD:EE:FF",
          "hostname_match": true,
          "chain_valid": true,
          "chain_error": null
        },
        "chain_depth": 2,
        "error": null
      }
    ],
    "reachable_service_count": 1,
    "secure_service_count": 1
  },
  "autodiscover": {
    "provider_hint": {
      "id": "google_workspace",
      "name": "Google Workspace"
    },
    "mx_records": [
      "aspmx.l.google.com"
    ],
    "srv": {
      "autodiscover": [],
      "submission": [],
      "submissions": [],
      "imap": [],
      "imaps": [],
      "pop3": [],
      "pop3s": []
    },
    "thunderbird_autoconfig": {
      "subdomain": {
        "url": "https://autoconfig.google.com/mail/config-v1.1.xml?emailaddress=postmaster%40google.com",
        "status_code": 404,
        "content_type": "text/html",
        "final_url": "https://autoconfig.google.com/mail/config-v1.1.xml?emailaddress=postmaster%40google.com",
        "redirect_count": 0,
        "incoming": [],
        "outgoing": [],
        "error": null
      },
      "well_known": {
        "url": "https://google.com/.well-known/autoconfig/mail/config-v1.1.xml?emailaddress=postmaster%40google.com",
        "status_code": 200,
        "content_type": "application/xml",
        "final_url": "https://google.com/.well-known/autoconfig/mail/config-v1.1.xml?emailaddress=postmaster%40google.com",
        "redirect_count": 0,
        "incoming": [
          {
            "type": "imap",
            "hostname": "imap.gmail.com",
            "port": 993,
            "socket_type": "SSL"
          }
        ],
        "outgoing": [
          {
            "type": "smtp",
            "hostname": "smtp.gmail.com",
            "port": 587,
            "socket_type": "STARTTLS"
          }
        ],
        "error": null
      }
    },
    "outlook_autodiscover": {
      "url": "https://autodiscover.google.com/autodiscover/autodiscover.xml",
      "status_code": 401,
      "content_type": "text/html",
      "final_url": "https://autodiscover.google.com/autodiscover/autodiscover.xml",
      "redirect_count": 0,
      "auth_required": true,
      "error": null
    },
    "recommended": [
      {
        "service": "imap",
        "host": "imap.gmail.com",
        "port": 993,
        "tls_mode": "implicit",
        "source": "provider_default"
      }
    ]
  },
  "edge_summary": {
    "relay_configured": true,
    "evidence_sources": [
      "spf_walk",
      "mail_policies",
      "bimi_audit",
      "dkim_audit",
      "mail_client_access",
      "mail_autodiscover"
    ],
    "spf_lookup_count": 1,
    "spf_lookup_limit_exceeded": false,
    "dkim_valid_selector_count": 1,
    "dkim_weak_selector_count": 0,
    "dkim_revoked_selector_count": 0,
    "providers_detected": [
      "Google Workspace"
    ],
    "mta_sts_enforced": true,
    "tls_rpt_configured": true,
    "bimi_logo_verified": true,
    "vmc_certificate_valid": true,
    "client_access_reachable_services": 1,
    "client_access_secure_services": 1,
    "autodiscover_recommendation_count": 1
  },
  "provider_selector_recommendations": [
    {
      "provider": "Google Workspace",
      "selectors": [
        "google",
        "20230601",
        "20210112"
      ],
      "source": "detected",
      "checked_selectors": [
        "google"
      ],
      "found_selectors": [
        "google"
      ],
      "missing_selectors": [
        "20230601",
        "20210112"
      ]
    }
  ],
  "grade": "A",
  "notes": []
}

Frequently Asked Questions

What is SPF?

Sender Policy Framework (SPF) is a DNS record that specifies which mail servers are authorized to send email for your domain.

What is DMARC?

Domain-based Message Authentication, Reporting & Conformance (DMARC) tells receiving servers how to handle emails that fail SPF or DKIM checks.

What is DKIM?

DomainKeys Identified Mail (DKIM) adds a digital signature to outgoing emails, allowing receivers to verify the message was not altered.

Why do I need all three?

SPF, DKIM, and DMARC work together. SPF authorizes servers, DKIM signs messages, and DMARC sets policy. All three provide comprehensive protection.

Related Tools & Resources

HTTP Status Codes

We document the HTTP status codes you should handle so you can distinguish successful responses, auth issues, credits, rate limits, missing data, and upstream failures.

OK 200

Request successful

Bad Request 400

Invalid parameters

Payment Required 402

Not enough credits to run this request.

Too Many Requests 429

Rate limit exceeded

Server Error 500

Internal error

Bad Gateway 502

Upstream RDAP error

Service Unavailable 503

Upstream service unavailable or temporarily rate limited.

Gateway Timeout 504

Upstream lookup timed out.

Check Email Authentication