Pricing

from $7.00 / 1,000 results

🛡️ DNS & DMARC Checker

Extract and audit SPF, DKIM, DMARC, and MX records for any website. Monitor domains in bulk, get actionable fix recommendations, and export data.

Pricing

from $7.00 / 1,000 results

Rating

0.0

(0)

Developer

太郎山田

Actor stats

Bookmarked

Total users

Monthly active users

2 days ago

Last modified

DNS / SPF / DKIM / DMARC Audit API

Bulk-audit domains for SPF, DKIM, DMARC, MX, and email-auth posture with grades and fix-ready recommendations.

Store Quickstart

Start with store-input.example.json to validate the output shape with three known domains.
If that matches your audit workflow, switch to store-input.templates.json and pick one of:
- Quickstart (Dataset) for a cheap first run
- Security Audit (DKIM Enabled) for fuller grading
- Weekly Portfolio Monitor for recurring customer/domain checks
- Webhook Alert for automated notifications

Key Features

📧 Complete email security audit — SPF, DKIM, DMARC, and MX records
📊 Security scoring — 0-100 points with A-F grade
🔍 DKIM multi-selector check — Tests 6 common selectors (Google, Microsoft, etc.)
💡 Actionable recommendations — Specific fix suggestions for each issue
📋 Bulk processing — Check up to 500 domains per run
🪝 Webhook support — Send results to Slack/Discord

Use Cases

Who	Why
Developers	Automate recurring data fetches without building custom scrapers
Data teams	Pipe structured output into analytics warehouses
Ops teams	Monitor changes via webhook alerts
Product managers	Track competitor/market signals without engineering time

Input

Field	Type	Default	Description
domains	array	prefilled	List of domains to check email security for. Maximum 500 per run.
checkDkim	boolean	`true`	Check for DKIM records (common selectors: google, default, selector1, selector2).
dkimSelectors	array	—	Custom DKIM selectors to check. Defaults: google, default, selector1, selector2, k1, dkim.
delivery	string	`"dataset"`	How to deliver results. 'dataset' saves to Apify Dataset (recommended), 'webhook' sends to a URL.
webhookUrl	string	—	Webhook URL to send results to (only used when delivery is 'webhook'). Works with Slack, Discord, or any HTTP endpoint.
concurrency	integer	`5`	Maximum number of parallel requests. Higher = faster but may trigger rate limits.
dryRun	boolean	`false`	If true, runs without saving results or sending webhooks. Useful for testing.

Input Example

{
  "domains": ["google.com", "github.com", "example.com"],
  "checkDkim": true,
  "concurrency": 5
}

Output

Field	Type	Description
`meta`	object
`results`	array
`results[].domain`	string
`results[].mx`	array
`results[].spf`	object
`results[].dmarc`	object
`results[].dkim`	array
`results[].score`	object
`results[].error`	null
`results[].checkedAt`	timestamp

Output Example

{
  "domain": "google.com",
  "score": { "total": 95, "grade": "A" },
  "spf": {
    "raw": "v=spf1 include:_spf.google.com ~all",
    "allPolicy": "~all",
    "isStrict": false
  },
  "dmarc": {
    "policy": "reject",
    "isEnforced": true,
    "rua": "mailto:mailauth-reports@google.com"
  },
  "dkim": [
    { "selector": "google", "found": true }
  ],
  "mx": [
    { "priority": 10, "exchange": "smtp.google.com" }
  ]
}

API Usage

Run this actor programmatically using the Apify API. Replace YOUR_API_TOKEN with your token from Apify Console → Settings → Integrations.

cURL

curl -X POST "https://api.apify.com/v2/acts/taroyamada~dns-dmarc-security-checker/run-sync-get-dataset-items?token=YOUR_API_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{ "domains": ["google.com", "github.com", "example.com"], "checkDkim": true, "concurrency": 5 }'

Python

from apify_client import ApifyClient

client = ApifyClient("YOUR_API_TOKEN")
run = client.actor("taroyamada/dns-dmarc-security-checker").call(run_input={
  "domains": ["google.com", "github.com", "example.com"],
  "checkDkim": true,
  "concurrency": 5
})

for item in client.dataset(run["defaultDatasetId"]).iterate_items():
    print(item)

JavaScript / Node.js

import { ApifyClient } from 'apify-client';

const client = new ApifyClient({ token: 'YOUR_API_TOKEN' });
const run = await client.actor('taroyamada/dns-dmarc-security-checker').call({
  "domains": ["google.com", "github.com", "example.com"],
  "checkDkim": true,
  "concurrency": 5
});

const { items } = await client.dataset(run.defaultDatasetId).listItems();
console.log(items);

Tips & Limitations

Schedule weekly runs against your production domains to catch config drift.
Use webhook delivery to pipe findings into your SIEM (Splunk, Datadog, Elastic).
For CI integration, block releases on critical severity findings using exit codes.
Combine with ssl-certificate-monitor for layered cert + headers coverage.
Findings include links to official remediation docs — share with dev teams via the webhook payload.

FAQ

Is running this against a third-party site legal?

Passive public-header scanning is generally permitted, but follow your own compliance policies. Only scan sites you have authorization for.

How often should I scan?

Weekly for production domains; daily if you have high config-change velocity.

Can I export to a compliance tool?

Use webhook delivery or Dataset API — formats map well to Drata, Vanta, OneTrust import templates.

Is this a penetration test?

No — this actor performs passive compliance scanning only. No exploitation, fuzzing, or auth bypass.

Does this qualify as a SOC2 control?

This actor produces evidence artifacts suitable for SOC2 CC7.1 (continuous monitoring). It is not itself a SOC2 certification.

Security & Compliance cluster — explore related Apify tools:

Privacy & Cookie Compliance Scanner | GDPR / CCPA Banner Audit — Scan public privacy pages and cookie banners for GDPR/CCPA compliance signals.
Security Headers Checker API | OWASP Audit — Bulk-audit websites for OWASP security headers, grade each response, and monitor header changes between runs.
SSL Certificate Monitor API | Expiry + Issuer Changes — Check SSL/TLS certificates in bulk, detect expiry and issuer changes, and emit alert-ready rows for ops and SEO teams.
robots.txt AI Policy Monitor | GPTBot ClaudeBot — Detect GPTBot, ClaudeBot, Google-Extended, and other AI crawler policies in robots.
Data Breach Disclosure Monitor | HIPAA Breach Watch — Monitor the HHS OCR Breach Portal for new HIPAA data breach disclosures.
WCAG Accessibility Checker API | ADA & EAA Compliance Audit — Audit websites for WCAG 2.
📜 Open-Source License & Dependency Audit API — Audit npm packages for license risk, dependency depth, maintainer activity, and compliance posture.
Trust Center & Subprocessor Monitor API — Monitor vendor trust centers, subprocessor lists, DPA updates, and security posture changes.

Cost

Pay Per Event:

actor-start: $0.01 (flat fee per run)
dataset-item: $0.003 per output item

Example: 1,000 items = $0.01 + (1,000 × $0.003) = $3.01

No subscription required — you only pay for what you use.

DNS Record Lookup — MX, SPF, DMARC & Email Security Checks

ryanclinton/dns-record-lookup

Look up DNS records for any domain in bulk -- A, AAAA, MX, NS, TXT, CNAME, and SOA -- with built-in email security analysis for SPF, DMARC, and DKIM. Process hundreds of domains in parallel, get structured JSON output, and integrate results into any pipeline via the Apify API.

ryan clinton

DMARC, SPF & DKIM Validator

andok/dmarc-spf-dkim-validator

Validate email authentication DNS records to prevent spoofing and ensure high email deliverability for your domains.

Andok

Email Deliverability Portfolio Audit API

taroyamada/email-deliverability-portfolio-audit

Audit SPF, DKIM, DMARC, MTA-STS, TLS-RPT, BIMI, and sender-readiness signals across domain portfolios with executive summaries and remediation guidance.

太郎山田

Domain Security Audit API | SSL Expiry, DMARC, Domain Expiry

taroyamada/domain-trust-monitor

Summary-first portfolio monitor for SSL expiry, DMARC/SPF/DKIM, domain expiry/ownership, and security headers with remediation-ready outputs.

太郎山田

Domain Lookup

greip/domain-lookup

Lookup and analyze domain names and retrieve detailed information including security status, email authentication records (SPF, DMARC, DKIM, MX, BIMI), creation date, and risk assessment. Perfect for domain verification, fraud prevention, and security analysis.

Greip

DNS Lookup | Scrape Domain Records & Security Intelligence

datascoutapi/dns-lookup

DNS lookup scrapes 22 data points including 10 DNS records (A, AAAA, MX, TXT, NS, CNAME, SOA, SRV, PTR, CAA) + email security analysis ( SPF/DKIM/DMARC), SSL certificate checker, domain monitoring. Processes 100 domains per batch with security scoring.

halam

Supernet Domain Health - Email Reputation Audit

superlativetech/supernet-domain-health

Email authentication and deliverability audit for any domain. Checks SPF, DKIM, DMARC, MX, blacklists, SSL, WHOIS, BIMI, MTA-STS — returns a 0-100 health score with actionable fixes. Sending or receiving mode. Batch thousands or query one via instant API.

Superlative

Domain Lookup Tool

cerebral_aluminum/domain-lookup

Bulk DNS analysis. A records, MX, nameservers, hosting provider, email provider, SPF/DMARC status for any domain.

Benny

DMARC Checker

onescales/dmarc-checker

Simple DMARC record lookup tool. Check email security configuration for multiple domains in a single run.

One Scales

5.0

Supernet DNS Lookup

superlativetech/dns-lookup

Bulk DNS records lookup. Query MX, SPF, DMARC, DKIM, TXT, CNAME, A, AAAA, NS, SOA and reverse DNS for any domain or IP. Batch thousands or query one instantly using the Standby API. For email reputation scoring, see Supernet Domain Health. For whois, see Supernet Whois.

Superlative

107