Programmatic email authentication scanning via RapidAPI.
GET /api/v1/scan/{domain}Replace {domain} with the domain to scan, e.g. example.com. The domain may also be provided with a leading http://, https://, or www. prefix — these are stripped automatically.
Requests must include the X-RapidAPI-Proxy-Secret header. This is automatically set by RapidAPI when routing through their marketplace.
All responses are JSON. A successful scan returns HTTP 200.
{
"domain": "example.com",
"score": 75,
"checks": {
"spf": {
"status": "pass",
"recordFound": "v=spf1 include:_spf.google.com ~all",
"explanation": "SPF record found and valid.",
"fixRecommendation": "",
"dnsRecord": "v=spf1 include:_spf.google.com ~all"
},
"dkim": {
"status": "pass",
"recordFound": "v=DKIM1; k=rsa; p=...",
"explanation": "DKIM record found for selector \"google\".",
"fixRecommendation": "",
"dnsRecord": null
},
"dmarc": {
"status": "warn",
"recordFound": "v=DMARC1; p=none; rua=mailto:dmarc@example.com",
"explanation": "DMARC record found but policy is set to none (monitoring only).",
"fixRecommendation": "Upgrade to p=quarantine or p=reject once you have reviewed your DMARC reports.",
"dnsRecord": "v=DMARC1; p=quarantine; rua=mailto:dmarc@example.com"
},
"mx": {
"status": "pass",
"recordFound": "aspmx.l.google.com",
"explanation": "MX records found.",
"fixRecommendation": "",
"dnsRecord": null
}
},
"bonusChecks": {
"bimi": {
"status": "fail",
"recordFound": "",
"explanation": "No BIMI record found.",
"fixRecommendation": "Add a BIMI TXT record at default._bimi.example.com to display your logo in supporting email clients.",
"dnsRecord": "v=BIMI1; l=https://example.com/logo.svg"
},
"mtasts": {
"status": "fail",
"recordFound": "",
"explanation": "No MTA-STS record found.",
"fixRecommendation": "Add an MTA-STS TXT record at _mta-sts.example.com to enforce TLS for inbound email.",
"dnsRecord": "v=STSv1; id=20240101000000"
}
},
"scannedAt": "2024-01-15T10:30:00.000Z"
}| Field | Type | Description |
|---|---|---|
status | "pass" | "warn" | "fail" | Result of the check |
recordFound | string | The DNS record value found, or empty string if not found |
explanation | string | Human-readable explanation of the result |
fixRecommendation | string | Suggested action to fix the issue, or empty string if passing |
dnsRecord | string | null | Exact DNS record value to copy-paste when a fix is needed |
The score field is 0–100 and covers the four core checks (SPF, DKIM, DMARC, MX). Bonus checks (BIMI, MTA-STS) are returned in bonusChecks and do not affect the score.
| Status | Points per check | Score range |
|---|---|---|
| pass | 25 | 75–100 = Good Compliance |
| warn | 12 | 50–74 = Fair — Action Needed |
| fail | 0 | 0–49 = Needs Work — Critical Issues |
| HTTP Status | Meaning |
|---|---|
400 | Invalid domain — domain must contain at least one dot |
401 | Missing or invalid X-RapidAPI-Proxy-Secret header |
500 | Scan failed — DNS lookup error or temporary failure |
Error responses have the shape: { "error": "..." }
Rate limits are managed by RapidAPI. See the marketplace listing for current plan limits.
Subscribe to DMARC Autopilot on RapidAPI to get your API key and start scanning domains programmatically.