DNS & DMARC Email Security Checker
Pricing
from $7.00 / 1,000 results
DNS & DMARC Email Security Checker
Bulk-check domains for email security configuration (SPF, DKIM, DMARC) and other DNS records. Scores each domain's email authentication setup.
Pricing
from $7.00 / 1,000 results
Rating
0.0
(0)
Developer

太郎 山田
Actor stats
0
Bookmarked
2
Total users
1
Monthly active users
15 hours ago
Last modified
Categories
Share
Bulk-audit email security configuration (SPF, DKIM, DMARC, MX) across hundreds of domains. Get an A-F security grade with actionable recommendations for each domain.
What does this actor do?
Queries DNS records directly using Node.js's built-in dns module to evaluate email authentication setup. Each domain receives a security score (0-100) and letter grade (A-F) based on industry best practices.
Key Features
- 📧 Complete email security audit — SPF, DKIM, DMARC, and MX records
- 📊 Security scoring — 0-100 points with A-F grade
- 🔍 DKIM multi-selector check — Tests 6 common selectors (Google, Microsoft, etc.)
- 💡 Actionable recommendations — Specific fix suggestions for each issue
- 📋 Bulk processing — Check up to 500 domains per run
- 🪝 Webhook support — Send results to Slack/Discord
Scoring Breakdown
| Component | Max Points | What's Checked |
|---|---|---|
| MX Records | 10 | Mail servers configured |
| SPF | 30 | Exists + strict policy (-all) + mechanism count |
| DMARC | 35 | Exists + enforced policy + aggregate reports + 100% coverage |
| DKIM | 25 | Record found + multiple selectors |
Grades: A (90+) · B (75+) · C (55+) · D (35+) · F (<35)
Input Example
{"domains": ["google.com", "github.com", "example.com"],"checkDkim": true,"concurrency": 5}
Output Example
{"domain": "google.com","score": { "total": 95, "grade": "A" },"spf": {"raw": "v=spf1 include:_spf.google.com ~all","allPolicy": "~all","isStrict": false},"dmarc": {"policy": "reject","isEnforced": true,"rua": "mailto:mailauth-reports@google.com"},"dkim": [{ "selector": "google", "found": true }],"mx": [{ "priority": 10, "exchange": "smtp.google.com" }]}
Cost
Zero external costs. Uses Node.js built-in DNS resolver — no API keys, no proxies. A run checking 100 domains takes ~15 seconds.
Commercial Ops
Set up .env first:
$cp -n .env.example .env
Cloud Task/Schedule setup (idempotent):
$npm run apify:cloud:setup
Daily reliability checks:
npm run canary:checknpm run contract:test:live
OpenClaw cron commands:
openclaw-cron-commands.md