◆ Domain Security API · v1.0

The fastest way to score any domain’s email posture.

MX, SPF, DKIM, DMARC — validated, scored and explained in a single request. Stop guessing if your mail is safe.

◆ Join waitlist
No spam · early access · unsubscribe anytime.
See how it works →
landscape photo · mountain range at dusk
POST /v1/check-domain ·
Records API
Pull raw MX, SPF, DKIM and DMARC records from any public domain with a single POST request.
01
Security Score
A single 0–100 score with letter grade, distilled from 40+ rule checks across all four records.
02
Strengths & Weaknesses
Plain-English findings your agents (or humans) can act on — not just pass/fail verdicts.
03
HOW IT WORKS

Four records. One call.
Complete visibility.

MX · Mail servers
Priority, hostnames, A/AAAA resolution, reverse DNS and blacklist status — in one pass.
SPF · Sender policy
Lookup counts, include chains, softfail vs hardfail, and the dreaded >10-lookup trap.
DKIM · Signatures
Every selector, key length, algorithm and last-rotation heuristic. 2048-bit minimum enforced.
DMARC · Enforcement
Policy, pct, alignment mode, rua/ruf reporting targets. Stage-aware recommendations.
curl --location 'https://api.resolveiq.io/v1/check-domain' \
  --header 'x-api-key: YOUR_API_KEY' \
  --header 'Content-Type: application/json' \
  --data-raw '{
    "domain": "example.com"
  }'

# Response (200 OK) ───────────────────────
{
  "domain": "example.com",
  "valid": true,
  "security": {
    "score": 92,
    "grade": "A",
    "strengths": [...],
    "weaknesses": [...]
  },
  "checks": { mx, spf, dkim, dmarc }
}
SECURITY SCORE

One score. Four records.
Every reason why.

Report for
stripe.com
checked Apr 20, 2026 · 11:42 UTC
92
Grade A · Good
MX
100/100
SPF
88/100
DKIM
95/100
DMARC
84/100
Strengths & weaknesses
2 MX records, both validPriority 10 & 20. All hostnames resolve to A records with PTR set.
SPF hardfail (-all) enforcedFinal token is -all. 7 DNS lookups used of 10 permitted.
DKIM key ≥ 2048 bitsSelector "google" uses 2048-bit RSA. Rotation last seen 3 months ago.
!
DMARC policy is quarantine, not rejectpct=100 is good, but p=reject would fully block spoofed mail.
!
No ruf forensic reports configuredAdd ruf=mailto: to receive per-failure diagnostics.
WHY IT MATTERS

Email auth is invisible — until it isn’t.

84%
of all email traffic globally is spam, phishing or spoofed. SPF, DKIM & DMARC are what separate yours from theirs.
Source · industry reports
1 in 3
domains in the Fortune 1000 still ship without a proper DMARC policy. Impersonation risk is silent until a campaign hits.
Source · DMARC.org 2025
<300ms
is what it takes us to resolve, validate and score a domain — so you can gate signups, onboarding and alerts in realtime.
Source · ResolveIQ p95

Still wondering?

Ask your favourite LLM what it thinks of ResolveIQ, then make the informed call. We think the answer speaks for itself.

Ask ChatGPT Ask Gemini Ask Claude Ask Perplexity Talk to a human