Email Compliance API

Q: Which endpoints are included?

This guide covers 1 public endpoints: GET /v1/email/compliance .

Category Security

Endpoints 1

Credits 5

Authentication optional

Used by people at amazing companies

Trust signals before you integrate

Transparent docs, authenticated requests, and visible reliability details make it easier to evaluate DomScan before you ship.

99.99% Uptime

Production-ready endpoints are designed for 99.99% uptime and documented status handling.

OpenAPI API artifacts

OpenAPI, Swagger, Postman, CLI, SDK, and MCP links are one click away.

API keys Protected access

Authenticated endpoints use API keys with clear credit costs before you call them.

10,000 Free allowance

Start with 10,000 monthly credits and upgrade only when usage grows.

What this API helps you ship

Use this page as a production brief: endpoints, examples, response shape, and the workflow pieces needed to plug DomScan into your own product.

Product workflows

Embed domain checks, DNS intelligence, risk signals, or enrichment into onboarding, search, and internal tools.

Analyst automation

Replace repeated manual lookups with scheduled jobs, alerting, and reproducible investigation steps.

Clean JSON data

Use predictable fields, documented status codes, and credit costs instead of scraping provider pages.

AI and ops tooling

Feed agents, dashboards, SOAR playbooks, and CRMs through OpenAPI, SDK, Postman, or MCP.

Integration workflow

A simple path from first request to repeatable production usage.

Authenticate once

Send your API key with the documented header and keep requests consistent across services.

Query with examples

Start from the curl and HTTP samples, then map the parameters into your application code.

Operate and monitor

Use status codes, credit costs, and response fields to build retries, logs, and alerts.

Developer kit

Jump from this page into machine-readable docs, request collections, SDKs, or agent tooling.

OpenAPI schema

Generate clients or inspect every request and response shape.

Postman collection

Import ready-made requests for manual testing and team handoff.

SDKs and CLI

Use maintained packages and command-line workflows instead of writing boilerplate.

MCP integration

Expose domain intelligence to AI agents and internal assistant workflows.

Parameters and response map

Scan the inputs, output fields, and status codes before wiring the endpoint into your client.

Request parameters

Parameter

domainprovidersselectors

Response fields

Example Response

domainstatusscoregradeprovider_readinessprovider_readiness.googleprovider_readiness.google.providerprovider_readiness.google.display_nameprovider_readiness.google.statusprovider_readiness.google.dns_visible_statusprovider_readiness.google.requirementsprovider_readiness.google.verification_required

Status coverage

HTTP Status Codes

200400402429500502503504

Endpoints

GET /v1/email/compliance

Credits: 5Authentication: optional

domainprovidersselectors

Trust signals before you integrate

Transparent docs, authenticated requests, and visible reliability details make it easier to evaluate DomScan before you ship.

Uptime API artifacts

OpenAPI, Swagger, Postman, CLI, SDK, and MCP links are one click away.

API keys Protected access

Authenticated endpoints use API keys with clear credit costs before you call them.

Free allowance Sign Up for Free

Start with 10,000 monthly credits and upgrade only when usage grows.

Active Example Request

Start from the curl and HTTP samples, then map the parameters into your application code.

Key Features

Endpoints

GET /v1/email/compliance

Parameter

domain, providers, selectors

HTTP Status Codes

200, 400, 402, 429, 500, 502, 503, 504

Credits / Authentication

5 / optional

Example Request

GET /v1/email/compliance bash

Open

curl -H "X-API-Key: $DOMSCAN_API_KEY" "https://domscan.net/v1/email/compliance?domain=example.com&providers=google,microsoft&selectors=google,selector1"

GET /v1/email/compliance?providers=google bash

Open

curl -H "X-API-Key: $DOMSCAN_API_KEY" "https://domscan.net/v1/email/compliance?domain=example.com&providers=google"

Example Response

200 OK json

{
  "domain": "example.com",
  "status": "warn",
  "score": 82,
  "grade": "B",
  "provider_readiness": {
    "google": {
      "provider": "google",
      "display_name": "Google/Gmail bulk sender readiness",
      "status": "pass",
      "dns_visible_status": "pass",
      "requirements": [
        {
          "id": "google_spf",
          "label": "SPF must be configured for bulk senders",
          "status": "pass",
          "severity": "critical",
          "category": "dns",
          "evidence": "SPF policy: softfail",
          "recommendation": "Publish one valid SPF record that covers every approved sending platform."
        },
        {
          "id": "google_alignment",
          "label": "From domain must align with either SPF or DKIM on live messages",
          "status": "unknown",
          "severity": "high",
          "category": "message",
          "evidence": "Alignment requires Authentication-Results from a real sent message",
          "recommendation": "Send a test message and verify SPF or DKIM alignment."
        }
      ],
      "verification_required": [
        "From domain must align with either SPF or DKIM on live messages",
        "Outbound mail must be transmitted over TLS"
      ],
      "notes": [
        "Status is based on DNS-visible controls. Live sending requirements still need message-header and sender-platform verification."
      ]
    },
    "microsoft": {
      "provider": "microsoft",
      "display_name": "Microsoft Outlook.com high-volume sender readiness",
      "status": "pass",
      "dns_visible_status": "pass",
      "requirements": [],
      "verification_required": [
        "DMARC must align with either SPF or DKIM"
      ],
      "notes": [
        "Status is based on DNS-visible controls. Live sending requirements still need message-header and sender-platform verification."
      ]
    }
  },
  "summary": {
    "authentication": {
      "spf": {
        "status": "pass",
        "record": "v=spf1 include:_spf.example.com ~all",
        "policy": "softfail",
        "lookup_count": 3,
        "lookup_limit_exceeded": false
      },
      "dkim": {
        "status": "pass",
        "selectors_checked": [
          "google",
          "selector1",
          "sendgrid"
        ],
        "selectors_found": [
          "google"
        ],
        "valid_selector_count": 1,
        "weak_selector_count": 0,
        "revoked_selector_count": 0,
        "providers_detected": [
          "Google Workspace"
        ]
      },
      "dmarc": {
        "status": "warn",
        "record": "v=DMARC1; p=none; rua=mailto:dmarc@example.com",
        "policy": "none",
        "subdomain_policy": null,
        "percentage": 100,
        "rua": [
          "mailto:dmarc@example.com"
        ],
        "alignment_mode": {
          "spf": null,
          "dkim": null
        }
      }
    },
    "transport": {
      "mta_sts": {
        "status": "pass",
        "mode": "enforce",
        "policy_fetch_ok": true,
        "policy_matches_mx": true
      },
      "tls_rpt": {
        "status": "pass",
        "rua": [
          "mailto:tls@example.com"
        ]
      },
      "mx_records": [
        "aspmx.l.google.com"
      ],
      "client_access_secure_services": 1
    },
    "dns_security": {
      "dnssec": "pass",
      "caa": "pass",
      "zone_transfer": "pass",
      "authoritative_consistency": "pass",
      "blacklist": "pass"
    },
    "brand_trust": {
      "bimi": "unknown",
      "vmc": "unknown"
    }
  },
  "action_items": [
    {
      "priority": "medium",
      "category": "authentication",
      "title": "Move DMARC beyond monitoring mode",
      "detail": "DMARC is valid but still uses p=none.",
      "fix": "After reviewing aggregate reports, move to p=quarantine or p=reject."
    }
  ],
  "evidence": {
    "email_auth": {
      "spf": {
        "record": "v=spf1 include:_spf.example.com ~all"
      },
      "dmarc": {
        "record": "v=DMARC1; p=none; rua=mailto:dmarc@example.com"
      }
    },
    "dns_security": {
      "security_score": 86,
      "security_grade": "B"
    }
  },
  "proxy": {
    "configured": true,
    "enriched": true,
    "checks": [
      "spf_walk",
      "mail_policies",
      "dkim_audit",
      "bimi_audit"
    ]
  },
  "limitations": [
    "DNS-visible checks cannot prove live message-level SPF, DKIM, DMARC alignment, RFC 5322 formatting, spam rate, or one-click unsubscribe behavior."
  ],
  "checked_at": "2026-04-26T12:00:00Z",
  "check_duration_ms": 642
}

Frequently Asked Questions

Which endpoints are included?

This guide covers 1 public endpoints: GET /v1/email/compliance.

Does this API require authentication?

Email Compliance is publicly accessible, but authenticated requests are still useful for usage tracking and higher limits where available.

How many credits does it use?

Requests in this guide use 5 credits depending on the endpoint. Bulk endpoints apply the published bulk rate shown on the page and in the full docs.

Where can I see the full parameters and related endpoints?

Use the full docs for Email Compliance to review parameter details, authentication notes, and related endpoints in the same API family.

Related Tools & Resources

HTTP Status Codes

We document the HTTP status codes you should handle so you can distinguish successful responses, auth issues, credits, rate limits, missing data, and upstream failures.

OK 200

Request successful

Bad Request 400

Invalid parameters

Payment Required 402

Not enough credits to run this request.

Too Many Requests 429

Rate limit exceeded

Server Error 500

Internal error

Bad Gateway 502

Upstream RDAP error

Service Unavailable 503

Upstream service unavailable or temporarily rate limited.

Gateway Timeout 504

Upstream lookup timed out.

Start for free with 10,000 credits per month. Start checking domains in seconds.

View Full API Documentation APIs