تخطي إلى المحتوى
POST AI agent ready /v1/dns-security/dmarc-check

DMARC Check API - Parse Policy, Reporting, and Alignment

Queries _dmarc.{domain} TXT records and parses the DMARC tags. Returns the raw record, policy (p), subdomain policy (sp), rua/ruf reporting addresses as arrays, pct (percentage to apply the policy), and alignment modes for DKIM (adkim) and SPF (aspf).

Parameters

stringrequired

Domain to check.

Code examples

curl -X POST https://api.botoi.com/v1/dns-security/dmarc-check \
  -H "Content-Type: application/json" \
  -d '{"domain":"github.com"}'

When to use this API

Enforce DMARC on customer domains

SaaS platforms that send mail on behalf of customers should require p=quarantine or p=reject before full onboarding. Call this endpoint during domain verification and block setup if the policy is missing or p=none.

Migrate from p=none to p=reject safely

Track your own domain's pct value over the migration. Ramp from pct=10 to pct=100 while monitoring the rua reports externally. The endpoint confirms the record reflects the intended step.

Phishing-kit detection

A freshly-registered lookalike domain without any DMARC record (has_dmarc:false) is a strong indicator of a phishing setup. Pipe signals from this endpoint into your brand-protection playbook.

Frequently asked questions

What policies are valid?
none (monitor only), quarantine (send to spam), and reject (block). The subdomain_policy (sp) applies to sub-domains if set; otherwise it inherits from p.
What do adkim and aspf tell me?
s means strict alignment (the From header domain must exactly match the DKIM d= or the SPF envelope-from). r means relaxed (matching on organizational domain). Most setups use r for practical reasons.
Why might pct be less than 100?
pct is the percentage of mail to which the policy applies; the rest falls back to the next weaker policy. Used during DMARC rollouts to ramp enforcement gradually without breaking legitimate mail.
Do rua and ruf accept non-mailto URIs?
The spec allows mailto and http URIs. This endpoint returns the raw URI strings from the record; most providers only support mailto in practice.
What if the domain has no _dmarc record?
has_dmarc is false and policy/subdomain_policy are null. The domain effectively has an implicit p=none (no enforcement). Publishing any record, even p=none with rua, is strongly recommended.

Get your API key

Free tier includes 5 requests per minute with no credit card required. Upgrade for higher limits.

Sign up free View full docs