📋 Email DMARC Auditor — SPF/DKIM/DMARC Bulk Check

The email deliverability audit tool email consultants actually use.

Auditing one domain in MXToolbox is free. Auditing 100 domains costs $149/month on Bulk tier. Valimail Monitor starts at $500/mo. This actor audits 100 domains for ~$0.85 — one-shot, no subscription.

What it checks per domain

• SPF — parses v=spf1 record, counts mechanisms, flags 10-lookup overflow, returns includes/ip mechanisms/all-mode
• DMARC — parses _dmarc.<domain> TXT record, extracts policy (p=), subdomain policy (sp=), percentage (pct=), reporting addresses (rua/ruf), alignment modes (aspf/adkim)
• DKIM — probes 25 common selectors (default, google, selector1, selector2, mailgun, sendgrid, mandrill, etc.) and estimates key length
• MX — confirms domain accepts mail at all
• Deliverability score (0-100) — weighted composite
• Remediation actions — specific, ordered fixes (not generic advice)

Example

import requests

r = requests.post(
    "https://api.apify.com/v2/acts/nexgendata~email-dmarc-auditor/run-sync-get-dataset-items?token=" + APIFY_TOKEN,
    json={"domains": ["google.com", "github.com", "misconfigured-example.com"]}
)

for d in r.json():
    print(f"{d['domain']} — score {d['deliverability_score']}")
    print(f"  SPF:   {d['spf'].get('valid')} all-mode={d['spf'].get('all_mode')}")
    dmarc = d['dmarc']
    print(f"  DMARC: {dmarc.get('valid')} policy={dmarc.get('policy')} pct={dmarc.get('pct')}")
    print(f"  DKIM:  {d['dkim']['found_count']} selectors found")
    for action in d["remediation_actions"]:
        print(f"    → {action}")

Sample output:

google.com — score 95
  SPF:   True all-mode=~all
  DMARC: True policy=reject pct=100
  DKIM:  3 selectors found
    → Email authentication looks healthy.

misconfigured-example.com — score 25
  SPF:   True all-mode=+all
  DMARC: False policy=None pct=None
  DKIM:  0 selectors found
    → SPF 'all' qualifier is +all — any server can send as this domain. Change to -all or ~all.
    → Publish a DMARC record at _dmarc.misconfigured-example.com.
    → No DKIM selector found. Verify your ESP's DKIM selector and publish the record.

cURL

curl -X POST "https://api.apify.com/v2/acts/nexgendata~email-dmarc-auditor/run-sync-get-dataset-items?token=$APIFY_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"domains":["example.com"]}'

Common use cases

• Pre-sales audits (deliverability consultants) — scan prospect's domain list, generate compliance report
• M&A due diligence — audit email posture of acquisition target's domain portfolio
• Brand protection — bulk-audit domain variants you own for lookalike spoofing exposure
• DMARC rollout planning — find all your domains still at p=none before enforcement deadline
• RFP compliance — SOC 2 / ISO 27001 / HIPAA evidence collection for email authentication controls
• Google/Yahoo 2024 sender requirements — bulk-verify every domain meets the new requirements before you send

Pricing

• $0.01 per run (startup)
• $0.005 per domain audited

100 domains = $0.51. Same job on Valimail Monitor starts at $500/month.

FAQ

Q: Why probe DKIM selectors? Can't the actor just return the "real" DKIM? A: DKIM has no discovery mechanism — the selector is chosen by the sender, not the domain. The 25 selectors probed cover ~90% of real-world configurations (Google, Microsoft 365, Mailgun, SendGrid, Mandrill, Amazon SES, etc.). If yours is unusual, add it via the dkimSelectors input.

Q: How is the deliverability score computed? A: Weighted: MX present (10), SPF published (20), strong SPF all-mode (+10), DMARC published (20), DMARC enforcing (+15), DKIM found (15), DMARC reporting (+5). Penalties: weak DKIM key, SPF over 10 lookups, permissive SPF. Max 100.

Q: Can this detect DMARC report data (DMARC failure reports)? A: No — DMARC reports are sent by mail receivers to rua/ruf mailboxes. This actor tells you if those mailboxes are configured; parsing the reports themselves is out of scope.

Q: Can I plug this into a monitoring schedule? A: Yes. Schedule the actor daily via Apify schedules. Compare each run's deliverability_score to detect configuration regressions.

Related tools

• Email RBL Bulk Checker
• DNS Propagation Checker
• Email Verification Tool
• Company Email Finder

Try it

📋 Email DMARC Auditor on Apify

New to Apify? Get free platform credits.

💻 Code Example — Python

from apify_client import ApifyClient

client = ApifyClient("YOUR_APIFY_TOKEN")
run = client.actor("nexgendata/email-dmarc-auditor").call(run_input={
    # Fill in the input shape from the actor's input_schema
})

for item in client.dataset(run["defaultDatasetId"]).iterate_items():
    print(item)

🌐 Code Example — cURL

curl -X POST "https://api.apify.com/v2/acts/nexgendata~email-dmarc-auditor/run-sync-get-dataset-items?token=YOUR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{ /* input schema */ }'

❓ FAQ

Q: How do I get started? Sign up at apify.com, grab your API token from Settings → Integrations, and run the actor via the Apify console, API, Python SDK, or any integration (Zapier, Make.com, n8n).

Q: What's the typical cost per run? See the pricing section below. Most runs finish under $0.10 for typical batches.

Q: Is this actor maintained? Yes. NexGenData maintains 165+ Apify actors and ships updates regularly. Bug reports via the Apify console issues tab get responses within 24 hours.

Q: Can I use the output commercially? Yes — you own the output data. Check the target site's Terms of Service for any usage restrictions on the scraped content itself.

Q: How do I handle rate limits? Apify manages concurrency and retries automatically. For very large batches (10K+ items), run multiple smaller jobs in parallel instead of one mega-job for better reliability.

💰 Pricing

Pay-per-event pricing — you only pay for what you actually extract.

• Actor Start: $0.0001
• result: $0.0050

🔗 Related NexGenData Actors

• Hacker News Scraper
• Google Maps Lead Scraper
• SEC EDGAR Scraper

🚀 Apify Affiliate Program

New to Apify? Sign up with our referral link — you get free platform credits on signup, and you help fund the maintenance of this actor fleet.

📚 More From NexGenData

Explore the full catalog, tutorials, Gumroad data packs, and newsletter at thenextgennexus.com — the brand home for everything we ship.

• 📖 Tutorials & how-to guides
• 🗂️ Full actor catalog with usage examples
• 📦 Gumroad data packs (one-time purchases)
• 📬 Newsletter — monthly drops of new actors and revenue experiments

---

Built and maintained by NexGenData — 165+ actors covering scraping, enrichment, MCP servers, and automation. 🏠 Home: thenextgennexus.com

---

Why Email DMARC Auditor Beats MXToolbox, Valimail, dmarcian & EasyDMARC

Feature	NexGenData Email DMARC Auditor	MXToolbox	Valimail	dmarcian	EasyDMARC
Cost	$0.002 per domain, pay-per-event	$129+ / month base	Enterprise contract	$19+ / month per domain	$40+ / month base
Bulk input	Thousands per run	Plan-gated, ~50/day	Sales call	Per-domain license	Per-domain license
SPF parse + lookup-count	Yes (10-lookup limit)	Yes	Yes	Yes	Yes
DKIM selector discovery	Yes — common + custom	Yes	Yes	Yes	Yes
DMARC parse (p, rua, ruf)	Yes	Yes	Yes	Yes	Yes
BIMI record check	Yes	Plan-gated	Yes	Plan-gated	Plan-gated
MTA-STS / TLS-RPT	Yes	Plan-gated	Yes	Plan-gated	Plan-gated
Output	JSON / CSV / Excel	Web UI / paid CSV	Dashboard	Dashboard	Dashboard
API auth	Apify token	API plan	Sales contract	Per-domain key	API plan
Monthly minimum	None	$129+	$$$$ enterprise	$19+ per domain	$40+

Most teams pick this auditor because it is cheaper than MXToolbox's monthly tier (which limits domains anyway), has no per-domain license like dmarcian or Valimail, and bulk-audits hundreds of domains for a deliverability or M&A check in one run. A true drop-in alternative to MXToolbox + Valimail for one-off audits and continuous portfolio monitoring.

Related NexGenData Infrastructure & Email Actors

Use case	Actor
SPF / DKIM / DMARC bulk auditor (companion)	dmarc-bulk-auditor
Email RBL / blacklist multi-zone checker	email-rbl-checker
Bulk DNS A / MX / NS / TXT / CAA records	dns-records-lookup
Real-time global DNS propagation	dns-propagation-checker
WHOIS / RDAP replacement (any TLD)	whois-replacement
Bulk IP-to-country / city / ISP / ASN	ip-geolocation-replacement
Wappalyzer / BuiltWith tech-stack detector	wappalyzer-replacement
Lighthouse + Core Web Vitals bulk auditor	page-speed-analyzer
WCAG 2.2 accessibility auditor	wcag-accessibility-auditor
Domain intelligence MCP for AI agents	domain-intelligence-mcp-server

Browse the full NexGenData catalog of 260+ actors at https://apify.com/nexgendata?fpr=2ayu9b

Related NexGenData actors

Part of the 6. Cybersecurity & Domain Intelligence workflow. Related NexGenData actors:

• Wappalyzer Replacement — Tech Stack Detection API
• Tech Stack Detector — BuiltWith Alternative
• Bulk WHOIS Lookup — Domain Intelligence
• DNS Lookup — Bulk A, MX, CNAME & TXT Records
• SSL Certificate Checker — Bulk Expiry Monitor

Browse the full NexGenData storefront by workflow or the Cybersecurity & Domain Intelligence cluster guide.