Bulk DNS Lookup, SPF DMARC DKIM Email Check avatar

Bulk DNS Lookup, SPF DMARC DKIM Email Check

Pricing

$0.04 / 1,000 resolved domain or ips

Go to Apify Store
Bulk DNS Lookup, SPF DMARC DKIM Email Check

Bulk DNS Lookup, SPF DMARC DKIM Email Check

Resolves A, AAAA, MX, NS, TXT, CNAME, and SOA records for many domains at once over DNS-over-HTTPS (Cloudflare, with Google fallback), and parses SPF, DMARC, and optional DKIM. Deterministic and fast. Billed only per domain that returns DNS data.

Pricing

$0.04 / 1,000 resolved domain or ips

Rating

0.0

(0)

Developer

Pono Data

Pono Data

Maintained by Community

Actor stats

0

Bookmarked

3

Total users

1

Monthly active users

8 days ago

Last modified

Share

Bulk DNS Lookup (DNS-over-HTTPS)

Resolve DNS for a list of domains or IPs in one run, with a source URL on every row you can open and check. Public DNS-over-HTTPS resolvers (Cloudflare by default, Google as automatic fallback). One clean row per input.

What you get for each domain

  • Records: A, AAAA, MX, NS, TXT, CNAME, SOA, and CAA.
  • Email authentication: SPF, DMARC with its policy, and DKIM for any selectors you supply.
  • TXT verification tokens pulled out on their own (Google, Microsoft, Facebook, Stripe, DocuSign, and more), so domain-ownership signals are easy to read.
  • An email-sending posture (strong, partial, mail-no-auth, or no-mail) read from the records found, including the RFC 7505 null-MX "this domain sends no mail" case.

Give it an IP address instead of a domain and it returns the reverse (PTR) hostname.

Why this one

  • Every value carries a sourceUrl: the exact DoH query that returned it. Open it and check. Nothing is guessed; records that are absent come back null, not invented.
  • You pay only for an input that actually returns data. Non-existent or empty domains go to a free rejected dataset at no charge.
  • No subscription. Run one domain or a hundred thousand; the price is per resolved domain either way.
  • CAA records, the verification tokens, and the email posture are included, not a separate paid check.

Input

  • Domains: one per line. A full URL is reduced to its host. A bare IPv4 or IPv6 address runs a reverse (PTR) lookup.
  • Record types: any of A, AAAA, MX, NS, TXT, CNAME, SOA, CAA.
  • Primary resolver: Cloudflare or Google; the other is the automatic fallback.
  • Parse SPF and DMARC: extract the email-auth records.
  • DKIM selectors: optional; DKIM needs a selector to be discoverable.
  • Max delivered domains: cap on billed rows (0 means no cap).

Output

One row per input: queryType (forward or reverse), the record fields, CAA, txtVerifications, spf, dmarc, dmarcPolicy, dkim, emailPosture with its hasMX / hasSPF / spfHardFail / hasDMARC / dmarcEnforced booleans, PTR for IP inputs, resolver, dnsStatus, and provenance (sourceUrl, retrievedAt, confidence, dataSource).

How it works

DNS-over-HTTPS is a public, standard protocol (RFC 8484). The actor reads only what the resolver returns; absent records are null. A domain that returns no records for any requested type (for example NXDOMAIN) is written to the free rejected dataset and is not billed. Inputs are resolved concurrently, so a batch of thousands stays fast.

Billing

Pay per domain or IP that returns data. Empty, non-existent, and sanctioned inputs cost nothing.

Coverage

Global. Targets in any country are processed. The one exclusion is jurisdictions under US sanctions (Cuba, Iran, North Korea, Syria, Russia, Belarus, Venezuela, Myanmar, matched by country-code TLD), which are written to the free rejected dataset and never billed.

Opt out

A domain owner can ask us to skip their domain at https://ponodata.com/opt-out . Suppressed domains are returned by nothing and never billed.

Sample output

A real run resolving common domains (one row per domain, records abbreviated):

domainAMX (top)SPFEmail posture
cloudflare.com104.16.133.2295 mxa-canary.global.inbou…v=spf1 ip4:199.15.212.0/22 ip4:17…strong
google.com142.251.167.13910 smtp.google.com.v=spf1 include:_spf.google.com ~a…strong
github.com140.82.113.40 github-com.mail.protect…v=spf1 ip4:192.30.252.0/22 includ…strong
stripe.com198.202.176.4110 aspmx.l.google.com.v=spf1 ip4:198.2.180.60/32 ip4:13…strong

Every row carries a sourceUrl you can open to verify, for example https://cloudflare-dns.com/dns-query?name=cloudflare.com&type=A.

Use cases

  • Audit email deliverability across a portfolio: pull SPF, DMARC, and the email posture in one run to find domains that can be spoofed or that fail authentication.
  • Vet a list of domains before outreach or onboarding: MX presence and the RFC 7505 null-MX flag tell you which domains actually accept mail.
  • Confirm domain-ownership signals at scale: the TXT verification tokens (Google, Microsoft, Stripe, DocuSign, and more) are pulled onto their own field.
  • Map infrastructure for a security review: A, AAAA, NS, CNAME, and reverse PTR for many hosts at once, each with a source URL you can re-query.

FAQ

  • Does it guess records that are missing? No. An absent record is null, and a domain that returns nothing goes to the free rejected dataset, unbilled.
  • Can I check email authentication without requesting every record type? Yes. Turn on SPF and DMARC parsing and the actor fetches the TXT records the posture needs.
  • What does the email posture mean? It reads the records found and reports strong, partial, mail-no-auth, or no-mail, including the null-MX "sends no mail" case.
  • How am I billed? Per domain or IP that returns data; empty, non-existent, and sanctioned inputs cost nothing.

See also

More clean, pay-only-for-results data tools from Pono Data:

Full catalog: https://apify.com/thoob