Developers
Free email authentication API
Check any domain's SPF, DKIM, DMARC and more from your own code. No API key, no signup, just an HTTP GET.
Free, no API key required
Endpoint
One GET request returns a full email-authentication analysis as JSON. It is the same engine that powers the web checker.
GET https://api.spfwise.com/api/v1/lookup?domain=example.comExample request
curl "https://api.spfwise.com/api/v1/lookup?domain=example.com" \
-H "Accept-Language: en"Example response
{
"domain": "example.com",
"grade": "A",
"score": 85,
"analyzedAt": "2026-07-06T14:00:00Z",
"checks": [
{
"type": "spf",
"status": "PASS",
"findings": [
{
"severity": "LOW",
"message": "Ends with ~all (softfail).",
"remediation": "Use -all once every sender is covered.",
"points": 0
}
],
"details": { "record": "v=spf1 include:_spf.example.com ~all", "lookupCount": 3 }
}
]
}Response fields
- domain
- The domain that was analyzed.
- grade
- Overall letter grade from A+ (best) to F.
- score
- Numeric score from 0 to 100.
- checks[]
- One entry per check: spf, dkim, dmarc, mx, bimi, mta_sts, tls_rpt, dnssec, dnsbl.
- status
- Per check: PASS, WARN, FAIL or SKIPPED.
- findings[]
- Issues found, each with a severity, a plain-language message, and a remediation.
- details
- Raw values for the check, such as the SPF record, lookup count, or DMARC policy.
Rate limits and terms
The API is rate-limited to 30 requests per minute per IP. It is free for reasonable use. Set the Accept-Language header (en, pl, de) to localize the finding messages. For continuous monitoring, alerts and DMARC report parsing, see the plans.