Entwickler
Offene Domain-Findings-API
Rufen Sie die E-Mail-Security-Findings jeder Domain per HTTP ab — ohne Anmeldung, ohne API-Key. Live-DNS-Check für SPF, DKIM, DMARC, BIMI, MTA-STS, TLS-RPT und DNSSEC, inklusive Score, Grade und konkreten Findings.
Endpunkt
GET https://selector7.com/api/v1/check?domain=<domain>Beispiel:
curl "https://selector7.com/api/v1/check?domain=selector7.com"Beispiel-Antwort
{
"apiVersion": "1",
"domain": "selector7.com",
"score": 92,
"grade": "A",
"checkedAt": "2026-06-01T10:00:00.000Z",
"layers": {
"dmarc": { "found": true, "record": "v=DMARC1; p=reject; pct=50; ...", "policy": "reject", "pct": 50 },
"spf": { "found": true, "record": "v=spf1 ... -all", "lookups": 5, "all": "-all" },
"dkim": { "found": true, "selector": "s1", "record": "v=DKIM1; ..." },
"bimi": { "found": false, "record": null },
"mtaSts":{ "found": true, "record": "v=STSv1; id=..." },
"tlsRpt":{ "found": true, "record": "v=TLSRPTv1; ..." },
"dnssec":{ "enabled": true },
"mx": { "found": true, "hosts": ["..."] }
},
"findings": [
{ "code": "dmarc_pct_below_100", "layer": "dmarc", "severity": "warning", "title": "...", "detail": "..." }
]
}Finding-Codes
Jeder Finding trägt einen stabilen code. Die Codes sind Teil des
Vertrags und ändern sich nicht (es kommen höchstens neue dazu).
| Code | Layer | Severity | Bedeutung |
|---|---|---|---|
| dmarc_missing | dmarc | critical | No DMARC record found. |
| dmarc_policy_none | dmarc | critical | DMARC policy is p=none (monitor only, enforces nothing). |
| dmarc_policy_quarantine | dmarc | warning | DMARC policy is p=quarantine; p=reject recommended. |
| dmarc_no_rua | dmarc | warning | No aggregate (rua) reporting address configured. |
| dmarc_pct_below_100 | dmarc | warning | DMARC pct is below 100; policy applies only partially. |
| spf_missing | spf | critical | No SPF record found. |
| spf_no_all | spf | warning | SPF has no terminating -all/~all mechanism. |
| spf_softfail_all | spf | warning | SPF uses ~all (softfail) instead of -all (hardfail). |
| spf_too_many_lookups | spf | critical | SPF exceeds the 10 DNS-lookup RFC limit. |
| dkim_missing | dkim | warning | No DKIM record found for common selectors. |
| mtasts_missing | mtaSts | info | MTA-STS is not active. |
| tlsrpt_missing | tlsRpt | info | TLS-RPT is not active. |
| dnssec_disabled | dnssec | info | DNSSEC is not enabled. |
| mx_missing | mx | info | No MX records; domain does not receive mail. |
Rate-Limit, Caching & Fehler
- Rate-Limit: 30 Anfragen/Stunde/IP. Bei Überschreitung
429mitRetry-After. - Caching: Ergebnisse werden 5 Minuten gecached (
Cache-Control: public, max-age=300,X-Cache: HIT|MISS). - CORS: offen (
Access-Control-Allow-Origin: *) — direkt aus dem Browser nutzbar. - Fehler: einheitlich
{ "error": { "code", "message" } }— z.B.invalid_domain(400),rate_limited(429).
OpenAPI & Demo
Maschinenlesbare Spezifikation: /api/v1/openapi.json. Lieber visuell? Der Live-Checker nutzt dieselben Daten.
Best-effort, keine SLA: Ergebnisse stammen aus Live-DNS-Abfragen und können je nach DNS-Propagation variieren.