{"openapi":"3.1.0","info":{"title":"Email Security API","version":"1.0.0","description":"Inspect any domain's email-authentication posture — its protection against spoofing and phishing — via live DNS. Pass a domain and the service looks up and validates SPF (the v=spf1 record, its all-qualifier and the 10-lookup limit), DMARC (the _dmarc policy p=none/quarantine/reject, plus sp, pct and rua/ruf reporting addresses), DKIM (probing the common selectors at selector._domainkey, or pass your own), BIMI and the MX servers — then returns an A+-to-F grade with a prioritised list of issues and concrete advice. A second endpoint parses the DMARC record tag by tag with a plain-English interpretation of the policy. Built for email-deliverability and anti-spoofing audits, vendor and third-party risk assessment, security onboarding and continuous monitoring. An email-authentication analyzer — distinct from mailbox/address validation (email), raw DNS record lookup (dns) and the HTTP security-header grader (secheaders). Pure live DNS, no upstream key, no cache.","contact":{"name":"PremiumApi","url":"https://www.oanor.com/by/premiumapi"}},"servers":[{"url":"https://api.oanor.com/emailsec-api","description":"oanor gateway"}],"tags":[{"name":"Email Security"},{"name":"Meta"}],"components":{"securitySchemes":{"oanorKey":{"type":"apiKey","in":"header","name":"x-oanor-key","description":"Get your key at https://www.oanor.com/developer/keys"}}},"security":[{"oanorKey":[]}],"paths":{"/v1/check":{"get":{"operationId":"get_v1_check","tags":["Email Security"],"summary":"Email-auth posture + grade","description":"","parameters":[{"name":"domain","in":"query","required":true,"description":"Domain to inspect","schema":{"type":"string"},"example":"cloudflare.com"},{"name":"selector","in":"query","required":false,"description":"DKIM selector(s) to check","schema":{"type":"string"}}],"security":[{"oanorKey":[]}],"responses":{"200":{"description":"OK","content":{"application/json":{"example":{"data":{"mx":[{"exchange":"mxb-canary.global.inbound.cf-emailsecurity.net","priority":5},{"exchange":"mxa-canary.global.inbound.cf-emailsecurity.net","priority":5},{"exchange":"mxa.global.inbound.cf-emailsecurity.net","priority":10},{"exchange":"mxb.global.inbound.cf-emailsecurity.net","priority":10}],"spf":{"found":true,"valid":true,"issues":[],"policy":"fail (-all)","record":"v=spf1 ip4:199.15.212.0/22 ip4:173.245.48.0/20 include:_spf.google.com include:spf1.mcsv.net include:spf.mandrillapp.com include:mail.zendesk.com include:stspg-customer.com include:_spf.salesforce.com -all","lookups":6,"all_qualifier":"-"},"bimi":{"found":true,"record":"v=BIMI1; l=https://www.cloudflare.com/cloudflare_1171114652.svg; a=https://www.cloudflare.com/cloudflare_1171114652.pem"},"dkim":{"found":true,"records":[{"length":226,"selector":"k1","record_present":true},{"length":234,"selector":"mandrill","record_present":true},{"length":406,"selector":"s1","record_present":true}],"selectors_checked":16},"dmarc":{"pct":"100","rua":"mailto:a1c47f179bc04efd8ee4dcd4d85dfc65@dmarc-reports.cloudflare.net,mailto:rua@cloudflare.com","found":true,"valid":true,"issues":[],"policy":"reject","record":"v=DMARC1; p=reject; pct=100; rua=mailto:a1c47f179bc04efd8ee4dcd4d85dfc65@dmarc-reports.cloudflare.net,mailto:rua@cloudflare.com"},"grade":"A+","score":100,"domain":"cloudflare.com","issues":[],"max_score":100},"meta":{"timestamp":"2026-06-01T23:40:50.323Z","request_id":"6198884a-0220-498b-9656-a77b13421879"},"status":"ok","message":"Email security checked","success":true}}}},"401":{"description":"Missing or invalid x-oanor-key header"},"402":{"description":"Active subscription required"},"429":{"description":"Rate-limit or monthly quota reached"},"502":{"description":"Upstream did not respond"}}}},"/v1/dmarc":{"get":{"operationId":"get_v1_dmarc","tags":["Email Security"],"summary":"Parse a DMARC record","description":"","parameters":[{"name":"domain","in":"query","required":true,"description":"Domain to inspect","schema":{"type":"string"},"example":"github.com"}],"security":[{"oanorKey":[]}],"responses":{"200":{"description":"OK","content":{"application/json":{"example":{"data":{"pct":"100","rua":"mailto:dmarc@github.com","ruf":"mailto:dmarc@github.com","found":true,"valid":true,"domain":"github.com","issues":[],"policy":"quarantine","record":"v=DMARC1; p=quarantine; sp=reject; pct=100; rua=mailto:dmarc@github.com; ruf=mailto:dmarc@github.com; fo=1","queried":"_dmarc.github.com","interpretation":{"p":"send failing mail to spam"},"subdomain_policy":"reject"},"meta":{"timestamp":"2026-06-01T23:40:50.426Z","request_id":"74a0febd-efb0-4140-b054-c2979c5a0a53"},"status":"ok","message":"DMARC record parsed","success":true}}}},"401":{"description":"Missing or invalid x-oanor-key header"},"402":{"description":"Active subscription required"},"429":{"description":"Rate-limit or monthly quota reached"},"502":{"description":"Upstream did not respond"}}}},"/v1/meta":{"get":{"operationId":"get_v1_meta","tags":["Meta"],"summary":"Checks, selectors & grade scale","description":"","parameters":[],"security":[{"oanorKey":[]}],"responses":{"200":{"description":"OK","content":{"application/json":{"example":{"data":{"note":"Inspect a domain's email-authentication posture — its protection against spoofing and phishing — via live DNS. /v1/check?domain=google.com looks up and validates SPF (v=spf1, the 'all' qualifier and the 10-lookup limit), DMARC (the _dmarc policy p=none/quarantine/reject, sp, pct, rua/ruf), DKIM (probing common selectors at selector._domainkey, or pass ?selector=), BIMI and MX, then returns an A+-to-F grade with a prioritised list of issues and advice. /v1/dmarc parses the DMARC record tag by tag with a plain-English interpretation of the policy. Pure DNS lookups, always live. Ideal for email-deliverability and anti-spoofing audits, vendor and third-party risk assessment, and onboarding checks. An email-authentication analyzer — distinct from mailbox/address validation (email), raw DNS record lookup (dns) and the HTTP security-header grader (secheaders). No key, no cache.","checks":["SPF (v=spf1)","DMARC (_dmarc, v=DMARC1)","DKIM (selector._domainkey)","BIMI (default._bimi)","MX"],"grades":["A+","A","B","C","D","F"],"endpoints":["/v1/check","/v1/dmarc","/v1/meta"],"dkim_selectors_probed":["default","google","selector1","selector2","k1","k2","dkim","mail","s1","s2","mandrill","mxvault","sig1","smtp","key1","zoho"]},"meta":{"timestamp":"2026-06-01T23:40:50.524Z","request_id":"dd868d9a-a1ef-423d-9628-27124e4763c2"},"status":"ok","message":"Meta retrieved","success":true}}}},"401":{"description":"Missing or invalid x-oanor-key header"},"402":{"description":"Active subscription required"},"429":{"description":"Rate-limit or monthly quota reached"},"502":{"description":"Upstream did not respond"}}}}},"x-oanor-pricing":[{"slug":"free","name":"Free","price_cents_month":0,"monthly_call_quota":2380,"rps_limit":2,"hard_limit":true},{"slug":"starter","name":"Starter","price_cents_month":690,"monthly_call_quota":47500,"rps_limit":8,"hard_limit":true},{"slug":"pro","name":"Pro","price_cents_month":2170,"monthly_call_quota":242000,"rps_limit":20,"hard_limit":true},{"slug":"mega","name":"Mega","price_cents_month":5700,"monthly_call_quota":885000,"rps_limit":50,"hard_limit":true}],"x-oanor-marketplace-url":"https://www.oanor.com/api/emailsec-api"}