DMARC Audit API

Beyond Just Checking for a p=reject Policy

DMARC is key to email security, but a valid record can still be weak. Veldica checks DMARC alongside SPF and DKIM to show whether your brand has meaningful anti-spoofing protection.

Start with the free audit for a quick check. Use the Pro audit to see all issues and get a step-by-step fix-plan to strengthen your policy.

Run DMARC Audit See Sample Output

Why DMARC Audits Need Context

A DMARC record can exist and still leave a domain exposed. The important question is not only whether the record exists, but whether SPF, DKIM, alignment, reporting, and enforcement are working together.

Target Audience
Security & Deliverability Teams

Teams who need to make sure their DMARC policy works and that they are getting the security reports they need.

The Challenge
Alignment Blind Spots

A DMARC record is useless if your SPF and DKIM settings don't match your domain. Veldica checks how these work together, not just the text.

The Solution
Policy Logic

Find weak 'monitor-only' rules, partial settings, and broken report links across all your domains in one run.

DMARC Lifecycle Management

Moving to a strong DMARC policy takes time. Veldica gives you the specific data you need to make the move safely.

  1. Audit: Send a domain to the API for a detailed DMARC review.
  2. Analyze: Review the results for alignment failures or weak policies.
  3. Remediate: Use the fix-plan to get the exact DNS records you need.
  4. Verify: Audit again after your changes to confirm you are protected.
  5. Monitor: Automate regular checks to stop "policy drift" from new changes.

Where DMARC Breaks

Setting up DMARC is difficult to configure safely without automated tools.

  • The Monitor Trap: Teams often stay in "monitor mode" forever, thinking they are safe when they are only watching.
  • Alignment Gaps: Tools like Salesforce often send mail that fails DMARC checks despite passing SPF.
  • Reporting Failure: Broken report links mean you never get the data you need to strengthen your security.
  • Subdomain Drift: Large companies often have hundreds of hidden subdomains that don't follow the main DMARC rules.

The Programmatic DMARC Model

Move from manual DNS checking to an API-driven enforcement pipeline.

Manual Check

Check the TXT record in a browser tool. Miss alignment issues and nested subdomain gaps.

API Audit

Submit one request and receive a structured analysis of DMARC, SPF, and DKIM alignment.

JSON Findings

Identify specific issues like dmarc.policy.none or dmarc.missing_record in JSON.

Fix Plan

Generate exact DNS strings to move from none to quarantine or reject safely.

DMARC & Alignment Audit

Use the Pro audit endpoint to validate your DMARC configuration and sender alignment.

Request
curl -H 'content-type: application/json' \
  -H 'X-RapidAPI-Key: YOUR_RAPIDAPI_KEY' \
  -H 'X-RapidAPI-Host: email-domain-trust-auditor.p.rapidapi.com' \
  -X POST 'https://email-domain-trust-auditor.p.rapidapi.com/v1/pro/audits/domain' \
  -d '{
    "domain": "veldica.com"
  }'

Verified response

Pro audit excerpt

Audit output showing a DMARC policy in monitoring-only mode.

{
  "domain": "veldica.com",
  "score": 45,
  "grade": "C",
  "risk": {
    "risk_level": "high",
    "enforcement_status": "none",
    "assessment_confidence": "high"
  },
  "findings": [
    {
      "id": "dmarc.policy.none",
      "check": "dmarc",
      "status": "fail",
      "severity": "critical",
      "title": "DMARC Policy: None (Monitor Only)",
      "fix": "Advance to p=quarantine or p=reject to enforce email security."
    },
    {
      "id": "dmarc.alignment.weak",
      "check": "dmarc",
      "status": "warn",
      "severity": "medium",
      "title": "DMARC Alignment: Relaxed",
      "fix": "Consider moving to aspf=s and adkim=s for stricter brand protection."
    }
  ],
  "recommendations": [
    "Move DMARC policy to p=quarantine once alignment is verified.",
    "Ensure RUA reporting is active and pointing to a valid endpoint."
  ]
}
Fix-plan excerpt

DNS templates for upgrading DMARC to full enforcement.

{
  "domain": "veldica.com",
  "template_remediations": [
    {
      "issue_id": "dmarc.policy.none",
      "priority": "p1",
      "dns_name": "_dmarc.veldica.com",
      "operation": "replace",
      "proposed_value_template": "v=DMARC1; p=reject; rua=mailto:dmarc@veldica.com",
      "rationale": "Upgrade to p=reject to block unauthorized brand impersonation."
    }
  ]
}

Output Interpretation

Interpret the DMARC result as a security and brand protection signal.

  • Check Findings: Look for dmarc.policy.none. This indicates you have no protection against spoofing.
  • Verify Alignment: Look for dmarc.alignment.failed. This usually means your third-party mailers aren't configured to sign as your domain.
  • Reporting Health: Check for dmarc.rua_missing. Without reporting, you are flying blind during your DMARC rollout.
  • Enforcement Status: Use risk.enforcement_status to quickly triage which domains in a portfolio are vulnerable.

Production Usage: DMARC Rollout

How a deliverability engineer uses the API to manage a DMARC policy upgrade.

  1. Run a bulk audit across all sender domains to identify those stuck at p=none.
  2. Verify that dmarc.rua_found is true for all domains to ensure data collection.
  3. Use the compare endpoint to verify that alignment is stable over a 30-day window.
  4. Trigger a fix-plan call to generate the p=quarantine record once alignment is confirmed.
  5. Automate a daily check to ensure the policy hasn't been reverted by an unauthorized change.
Integration Example (Python)
import requests

def check_dmarc_enforcement(domain):
    url = f"https://email-domain-trust-auditor.p.rapidapi.com/v1/pro/audits/domain"
    headers = {"X-RapidAPI-Key": "YOUR_KEY"}

    res = requests.post(url, json={"domain": domain}, headers=headers).json()
    if res['risk']['enforcement_status'] == 'none':
        print(f"CRITICAL: {domain} is unprotected.")

Tool Comparison: DMARC Validation

How Veldica compares to traditional DMARC checkers.

MXToolbox

Excellent for ad-hoc manual checks. Lacks the structured alignment auditing needed for automation.

DMARC Report Processors

Tell you what happened yesterday. Veldica audits the current DNS configuration to prevent later failures.

Veldica API

The only API that integrates DMARC, SPF, and DKIM alignment into a single trust score.

Keep Exploring

Use the Workflow Library to browse more guides, comparisons, and integration examples to continue your evaluation.

Workflow Library
Browse all workflow pages

See the solutions, comparisons, and integration guides collected in one place.
Samples
Inspect sample output

Review grounded audit, compare, fix-plan, and report excerpts before you wire the API into anything.
Reference
Move into the docs

Jump from the workflow page into the quickstart, endpoint guides, and full OpenAPI reference.

Lock down your sender identity

Stop guessing if your DMARC policy is working. Use the Veldica API to audit your alignment and move to p=reject with confidence.

Run DMARC Audit DMARC Reject Debugging API vs Reporting Guide