Docs · Intelligence

Email authentication audit

SPF + DKIM + DMARC + BIMI parsed and scored A–F for a domain.

POST /v1/intel/email-auth

Pulls the SPF record from the apex TXT, the DMARC record from _dmarc.<domain>, the BIMI record from default._bimi.<domain>, and probes a curated list of common DKIM selectors (google, selector1, k1, etc.) to confirm DKIM is set up somewhere. Each component is parsed into its tag/value pairs and scored: SPF presence + a hard all directive, any DKIM selector found, DMARC presence + a quarantine or reject policy. Score is 0–100, graded A through F. All-DNS, no SMTP — pure read.

Supported

SPF + DMARC + BIMI parsing, DKIM presence via a curated 24-selector probe.

Not supported

Does not enumerate every DKIM selector — that requires knowing the sender. Does not verify the DKIM key's cryptographic validity.

Parameters

Name	Type	Required	Default	Description
domain	string	yes	—	Domain to inspect, e.g. `google.com`.

Request

curl -X POST https://api.qcrawl.com/v1/intel/email-auth \
  -H "Authorization: Bearer osk_..." \
  -d '{"domain": "google.com"}'

Response

{
  "status": "success",
  "domain": "google.com",
  "spf": {"record": "v=spf1 include:_spf.google.com ~all", "all_directive": "~all", "mechanisms": ["include:_spf.google.com", "~all"]},
  "dkim": {"selector": "google", "record": "v=DKIM1; k=rsa; p=..."},
  "dmarc": {"record": "v=DMARC1; p=reject; ...", "policy": "reject", ...},
  "bimi": null,
  "summary": {"score": 90, "grade": "A"}
}

POST /v1/dns/intelligence

DNS intelligence

POST /v1/verify/email

Email verification

POST /v1/intel/blacklist

DNSBL blacklist check

Email authentication audit

Parameters

Request

Response

Related