Validate DMARC Records Instantly

DMARC Validator API.

Validate DMARC (Domain-based Message Authentication, Reporting & Conformance) records. Returns policy, alignment settings, and reporting addresses.

Free tier, no card< 200ms responses99.9% uptime SLA
GET/v1/dmarcvalidatorlive
Response200 OK · sample
{
  "status": "ok",
  "error": null,
  "data": {
    "host": "paypal.com",
    "dmarcHost": "_dmarc.paypal.com",
    "hasDmarc": true,
    "dmarc_record": "v=DMARC1; p=reject; rua=mailto:[email protected]; ruf=mailto:[email protected]",
    "rua": {
      "email": "[email protected]",
      "domain": "rua.agari.com",
      "valid": true
    },
    "ruf": {
      "email": "[email protected]",
      "domain": "ruf.agari.com",
      "valid": true
    },
    "v": "DMARC1",
    "p": "reject",
    "valid": true
  }
}
Sample response · verify to run one live call, no signup
Integrates with your favorite tools
LangChainn8nZapierMakePipedreamPower AutomatePostman

DMARC Validator API

Validate DMARC (Domain-based Message Authentication, Reporting & Conformance) records. Returns policy, alignment settings, and reporting addresses.

  • Full DMARC record validation
  • Policy analysis (none/quarantine/reject)
  • Reporting address extraction
  • Subdomain policy detection
  1. 1

    Send one request

    A single authenticated GET with the location you care about — no SDK required.

    GET /v1/dmarcvalidator?query=
    x-api-key: your_key
  2. 2

    We do the aggregation

    Each request pulls from multiple upstream sources and computes the derived fields for you.

  3. 3

    Get clean JSON back

    One structured object, typically under 200 ms — ready to render.

    { host, dmarcHost, hasDmarc, }

Everything in a single call.

/v1/dmarcvalidatorapplication/json
host"paypal.com"
dmarcHost"_dmarc.paypal.com"
hasDmarctrue
dmarc_record"v=DMARC1; p=reject; rua=mailto:[email protected]; ruf=mailt…"
ruaemail, domain, valid
rufemail, domain, valid
v"DMARC1"
p"reject"
validtrue

What developers build with it.

Real applications shipping on this endpoint today — each with the numbers that made it worth wiring up.

See every use case

Call it in your language.

Copy a working request, or install a typed SDK. Same endpoint, same key.

const res = await fetch("https://api.apiverve.com/v1/dmarcvalidator?domain=paypal.com", {
  headers: { "x-api-key": "YOUR_API_KEY" },
});
const { data } = await res.json();
console.log(data);

One subscription, the whole validate dmarc records instantly stack.

Every related API ships with your key — no separate plans, no extra keys, one bill.

See pricing
8APIs in this bundle
99.9%uptime SLA

Wire it into the tools you already run.

Ready-made recipes for Zapier, Make, and n8n — trigger on an event, and the data lands where your team works.

Google Sheets
Validate DMARC for domain list
WhenNew row added
ThenValidate DMARC → update row with results
Slack
Alert on DMARC validation failures
WhenNew domain added (via webhook)
ThenValidate DMARC → alert if valid is false
Airtable
Validate DMARC for new domains
WhenNew record created
ThenValidate DMARC → populate validation fields
Notion
Add DMARC validation to domain entries
WhenNew database item created
ThenValidate DMARC → update properties
Salesforce
Validate DMARC for new account domains
WhenNew account created
ThenValidate DMARC → update custom field
GitHub
Validate DMARC in CI pipeline
WhenNew push to repository
ThenValidate DMARC → fail build if invalid
Browse all integrations

Questions about the API

What is DMARC?
DMARC is an email authentication protocol that builds on SPF and DKIM. It tells receivers what to do when authentication fails and where to send reports.
What do the policies mean?
"none" monitors without action. "quarantine" sends failures to spam. "reject" blocks failures entirely. Start with "none" and progress to "reject".
What are rua and ruf?
rua (aggregate reports) provides daily summaries of authentication results. ruf (forensic reports) sends details of individual failures.
Does DMARC require SPF and DKIM?
DMARC requires at least one of SPF or DKIM to pass with alignment. Having both provides better protection.
What is alignment?
Alignment means the domain in the From header matches the domain authenticated by SPF or DKIM. DMARC can require strict (exact) or relaxed (includes subdomains) alignment.
How long to reach p=reject?
Start with p=none to collect reports, analyze for issues, then progress through quarantine to reject. Typically 4-8 weeks with proper monitoring.

Start building with the DMARC Validator API. Free tier, no card required — your key is live in minutes.

Bonus: 300+ more APIs

The same key unlocks every other APIVerve endpoint — reach for them when you need them.

Browse the catalog