BetaSPFWise is in beta, and every feature is free until it ends. More information after you sign up.
Developers

Free email authentication API

Check any domain's SPF, DKIM, DMARC and more from your own code. No API key, no signup, just an HTTP GET.

Free, no API key required

Endpoint

One GET request returns a full email-authentication analysis as JSON. It is the same engine that powers the web checker.

GET https://api.spfwise.com/api/v1/lookup?domain=example.com

Example request

curl "https://api.spfwise.com/api/v1/lookup?domain=example.com" \
  -H "Accept-Language: en"

Example response

{
  "domain": "example.com",
  "grade": "A",
  "score": 85,
  "analyzedAt": "2026-07-06T14:00:00Z",
  "checks": [
    {
      "type": "spf",
      "status": "PASS",
      "findings": [
        {
          "severity": "LOW",
          "message": "Ends with ~all (softfail).",
          "remediation": "Use -all once every sender is covered.",
          "points": 0
        }
      ],
      "details": { "record": "v=spf1 include:_spf.example.com ~all", "lookupCount": 3 }
    }
  ]
}

Response fields

domain
The domain that was analyzed.
grade
Overall letter grade from A+ (best) to F.
score
Numeric score from 0 to 100.
checks[]
One entry per check: spf, dkim, dmarc, mx, bimi, mta_sts, tls_rpt, dnssec, dnsbl.
status
Per check: PASS, WARN, FAIL or SKIPPED.
findings[]
Issues found, each with a severity, a plain-language message, and a remediation.
details
Raw values for the check, such as the SPF record, lookup count, or DMARC policy.

Rate limits and terms

The API is rate-limited to 30 requests per minute per IP. It is free for reasonable use. Set the Accept-Language header (en, pl, de) to localize the finding messages. For continuous monitoring, alerts and DMARC report parsing, see the plans.