Email Domain DNS

Validate a domain's email authentication DNS records (SPF, DKIM, DMARC) and receive a scored grade with actionable recommendations.

Domain DNS Check

GET /v1/email/domain/{domain}/dns

Path Parameters

Parameter	Type	Required	Description
domain	string	Yes	Domain name to check (e.g. example.com)

Query Parameters

Parameter	Type	Default	Description
selectors	string	common selectors	Comma-separated DKIM selectors to check

When selectors is omitted, the system probes a set of commonly used DKIM selectors (google, default, selector1, selector2, etc.). Only selectors that are found in DNS are included in the response. When explicit selectors are provided, all are returned regardless of whether they resolve.

Response (200)

{
  "data": {
    "domain": "example.com",
    "domain_auth_score": 85,
    "grade": "B",
    "mx": {
      "records": ["mx1.example.com", "mx2.example.com"],
      "is_valid": true
    },
    "spf": {
      "raw": "v=spf1 include:_spf.google.com ~all",
      "mechanisms": ["include:_spf.google.com", "~all"],
      "all_qualifier": "~",
      "is_valid": true,
      "is_permissive": false,
      "dns_lookup_count": 3,
      "exceeds_lookups": false
    },
    "dkim": [
      {
        "selector": "google",
        "found": true,
        "key_type": "rsa",
        "key_bits": 2048,
        "is_valid": true
      }
    ],
    "dmarc": {
      "raw": "v=DMARC1; p=quarantine; rua=mailto:dmarc@example.com",
      "policy": "quarantine",
      "subdomain_policy": "quarantine",
      "percentage": 100,
      "aggregate_report_uris": ["mailto:dmarc@example.com"],
      "dkim_alignment": "r",
      "spf_alignment": "r",
      "report_interval": 86400,
      "strength_rating": "moderate",
      "is_valid": true
    },
    "recommendations": [
      "Consider upgrading DMARC policy from quarantine to reject for maximum protection"
    ]
  },
  "meta": {
    "processing_time_ms": 450
  }
}

Response Fields

Top-Level

Field	Type	Description
domain	string	The checked domain
domain_auth_score	integer	Authentication score (0-100)
grade	string	Letter grade (A-F)
mx	object	MX record results
spf	object	SPF record analysis
dkim	array	DKIM record results per selector
dmarc	object	DMARC record analysis
recommendations	array	Actionable improvement suggestions

MX Object

Field	Type	Description
records	array	MX hostnames found
is_valid	boolean	Whether MX records are valid
errors	array	Validation errors (if any)

SPF Object

Field	Type	Description
raw	string	Raw SPF TXT record
mechanisms	array	Parsed SPF mechanisms
all_qualifier	string	The all qualifier (+, -, ~, ?)
is_valid	boolean	Whether the record is valid
is_permissive	boolean	True if uses +all (dangerous)
validation_errors	array	Validation errors (if any)
dns_lookup_count	integer	Number of DNS lookups required
exceeds_lookups	boolean	Whether it exceeds the 10-lookup RFC limit

DKIM Object (per selector)

Field	Type	Description
selector	string	DKIM selector name
found	boolean	Whether the selector exists in DNS
raw	string	Raw DKIM TXT record
key_type	string	Key type (rsa, ed25519)
key_bits	integer	Key size in bits
is_valid	boolean	Whether the record is valid
validation_errors	array	Validation errors (if any)

DMARC Object

Field	Type	Description
raw	string	Raw DMARC TXT record
policy	string	Policy (none, quarantine, reject)
subdomain_policy	string	Subdomain policy
percentage	integer	Percentage of messages subject to policy
aggregate_report_uris	array	rua addresses
forensic_report_uris	array	ruf addresses
dkim_alignment	string	DKIM alignment (r=relaxed, s=strict)
spf_alignment	string	SPF alignment (r=relaxed, s=strict)
failure_options	string	Failure options (fo=)
report_interval	integer	Report interval in seconds
strength_rating	string	weak, moderate, or strong
is_valid	boolean	Whether the record is valid
validation_errors	array	Validation errors (if any)

Grading

Grade	Score	Description
A	90-100	Excellent email authentication
B	75-89	Good, minor improvements possible
C	55-74	Moderate risk, missing configurations
D	35-54	Poor, significant gaps
F	0-34	Critical, minimal or no authentication

Score Breakdown

The score is computed from four components:

Component	Max Points	Criteria
MX	10	Valid MX records present
SPF	25	Valid SPF with strict qualifier
DKIM	30	Valid DKIM with 2048+ bit key
DMARC	35	Valid DMARC with reject policy at 100%

---

Error Responses

400 Bad Request

{
  "data": {
    "error": "missing domain parameter",
    "code": "MISSING_DOMAIN"
  },
  "meta": {
    "processing_time_ms": 0
  }
}

---

Code Examples

cURL

# Basic domain check
curl -X GET "https://api.limesindex.com/v1/email/domain/example.com/dns" \
  -H "X-API-Key: YOUR_API_KEY"

# With specific DKIM selectors
curl -X GET "https://api.limesindex.com/v1/email/domain/example.com/dns?selectors=google,selector1,s1" \
  -H "X-API-Key: YOUR_API_KEY"

Python

import requests

API_KEY = "YOUR_API_KEY"
BASE_URL = "https://api.limesindex.com"
HEADERS = {"X-API-Key": API_KEY}

resp = requests.get(
    f"{BASE_URL}/v1/email/domain/example.com/dns",
    headers=HEADERS
)
data = resp.json()["data"]

print(f"Domain: {data['domain']}")
print(f"Grade: {data['grade']} (Score: {data['domain_auth_score']})")
print(f"DMARC Policy: {data['dmarc']['policy']}")
print(f"SPF Valid: {data['spf']['is_valid']}")

if data["recommendations"]:
    print("\nRecommendations:")
    for rec in data["recommendations"]:
        print(f"  - {rec}")

Use Cases

• Domain onboarding: Validate authentication before adding a domain to your sending infrastructure
• Customer diagnostics: Check why a customer's domain has deliverability issues
• Continuous monitoring: Periodically verify that DNS records have not been misconfigured
• Sales qualification: Assess prospect readiness for email marketing based on domain health

Related Endpoints

• Domain Check Tool - Free public tool version (no auth required)
• Email Reputation - IP-level reputation scoring