Email Deliverability & DNS Health API
Email Deliverability & DNS Health API
/email-health/v1/check1 creditFull email-health audit: SPF + DKIM + DMARC + MX + BIMI + MTA-STS + TLS-RPT + DNSSEC + blacklist, plus a 0-100 deliverability score and letter grade.
| Parameter | Allowed / range | Description | |
|---|---|---|---|
| domain | required | — | The domain to inspect (a bare host like github.com; a full URL, a leading www., or a full email address are accepted and normalized to the registrable domain). |
| selector | optional | — | DKIM selector (the label before ._domainkey, e.g. 'google', 'selector1', 'k1'). Omit to autoscan ~30 common ESP selectors. DKIM selectors are provider-specific — pass the exact one if you know it. |
| selectors | optional | — | Optional comma-separated list (or array) of DKIM selectors to test instead of the common-selector autoscan. |
| bimi_selector = default | optional | — | BIMI selector (default per the BIMI spec is 'default'). |
| skip_blacklist = false | optional | — | If true, skip the DNSBL reputation lookups in 'check' (faster; blacklist is the slowest section — many IP×zone DoH queries). |
/email-health/v1/spf1 creditParse + validate the SPF record: follow include:/redirect=, count the ≤10 DNS-lookup mechanisms, flag +all and void lookups, report the all-qualifier policy.
| Parameter | Allowed / range | Description | |
|---|---|---|---|
| domain | required | — | The domain to inspect (a bare host like github.com; a full URL, a leading www., or a full email address are accepted and normalized to the registrable domain). |
/email-health/v1/dmarc1 creditParse the DMARC policy at _dmarc.<domain>: p/sp/pct/rua/ruf/adkim/aspf/fo + enforcement verdict.
| Parameter | Allowed / range | Description | |
|---|---|---|---|
| domain | required | — | The domain to inspect (a bare host like github.com; a full URL, a leading www., or a full email address are accepted and normalized to the registrable domain). |
/email-health/v1/dkim1 creditDKIM selector lookup (<selector>._domainkey.<domain>): key type, public-key presence, RSA key-bit estimate, revocation. Autoscans ~30 common selectors if none given.
| Parameter | Allowed / range | Description | |
|---|---|---|---|
| domain | required | — | The domain to inspect (a bare host like github.com; a full URL, a leading www., or a full email address are accepted and normalized to the registrable domain). |
| selector | optional | — | DKIM selector (the label before ._domainkey, e.g. 'google', 'selector1', 'k1'). Omit to autoscan ~30 common ESP selectors. DKIM selectors are provider-specific — pass the exact one if you know it. |
| selectors | optional | — | Optional comma-separated list (or array) of DKIM selectors to test instead of the common-selector autoscan. |
/email-health/v1/mx1 creditMX records (sorted by preference) + a mail-provider guess from the exchange hostnames.
| Parameter | Allowed / range | Description | |
|---|---|---|---|
| domain | required | — | The domain to inspect (a bare host like github.com; a full URL, a leading www., or a full email address are accepted and normalized to the registrable domain). |
/email-health/v1/blacklist1 creditDNSBL reputation: reverse the domain's A + MX-host IPs against live-proven public DNSBLs (SpamCop, Barracuda, UCEPROTECT, PSBL, Mailspike, GBUdb, DroneBL, s5h). Spamhaus/CBL are flagged as paid-key-required (public-resolver refused), not queried.
| Parameter | Allowed / range | Description | |
|---|---|---|---|
| domain | required | — | The domain to inspect (a bare host like github.com; a full URL, a leading www., or a full email address are accepted and normalized to the registrable domain). |
| ips | optional | — | Optional explicit IPv4 list (comma-separated or array) to check against the DNSBLs. Omit to auto-resolve the domain's A + MX-host IPs. |
/email-health/v1/mta_sts1 creditMTA-STS: the _mta-sts.<domain> TXT (id) plus the fetched https://mta-sts.<domain>/.well-known/mta-sts.txt policy (mode, mx[], max_age).
| Parameter | Allowed / range | Description | |
|---|---|---|---|
| domain | required | — | The domain to inspect (a bare host like github.com; a full URL, a leading www., or a full email address are accepted and normalized to the registrable domain). |
/email-health/v1/bimi1 creditBIMI brand-logo record at <selector>._bimi.<domain>: the published logo (SVG) URL and the VMC (Verified Mark Certificate) URL, plus whether a VMC is present. Standalone lookup (MXToolbox SuperTool exposes BIMI on its own — no full audit needed).
| Parameter | Allowed / range | Description | |
|---|---|---|---|
| domain | required | — | The domain to inspect (a bare host like github.com; a full URL, a leading www., or a full email address are accepted and normalized to the registrable domain). |
| selector = default | optional | — | BIMI selector — the label before ._bimi (default per the BIMI spec is 'default'; large senders sometimes publish per-brand selectors). |
/email-health/v1/tls_rpt1 creditSMTP TLS Reporting (RFC 8460) record at _smtp._tls.<domain>: the rua= report destination(s) that receive aggregate TLS-negotiation failure reports. Standalone lookup.
| Parameter | Allowed / range | Description | |
|---|---|---|---|
| domain | required | — | The domain to inspect (a bare host like github.com; a full URL, a leading www., or a full email address are accepted and normalized to the registrable domain). |
/email-health/v1/dnssec1 creditDNSSEC signing status: the DoH AD (Authenticated-Data) flag = the resolver cryptographically validated the answer, plus a DS record at the parent = the delegation is signed. Standalone lookup.
| Parameter | Allowed / range | Description | |
|---|---|---|---|
| domain | required | — | The domain to inspect (a bare host like github.com; a full URL, a leading www., or a full email address are accepted and normalized to the registrable domain). |
/email-health/v1/dane1 creditDANE for SMTP (RFC 7672): TLSA records at _25._tcp.<mx-host> for every MX host, with per-host DNSSEC validation (DANE is only effective on a signed TLSA RRset). Value-add: MXToolbox has NO TLSA/DANE lookup.
| Parameter | Allowed / range | Description | |
|---|---|---|---|
| domain | required | — | The domain to inspect (a bare host like github.com; a full URL, a leading www., or a full email address are accepted and normalized to the registrable domain). |
/email-health/v1/batch1 creditRun the full 'check' audit on up to 25 domains in one call (each with score + grade).
| Parameter | Allowed / range | Description | |
|---|---|---|---|
| domains | required | — | Comma-separated list (or array) of up to 25 domains to run a full health check on in one call. |
| skip_blacklist = false | optional | — | If true, skip the DNSBL reputation lookups in 'check' (faster; blacklist is the slowest section — many IP×zone DoH queries). |
curl -X POST https://api.reefapi.com/email-health/v1/check \
-H "x-api-key: $REEF_KEY" \
-H "content-type: application/json" \
-d '{"domain":"google.com"}'{
"ok": true,
"data": { /* the result */ },
"meta": {
"latency_ms": 240,
"record_count": 12,
"completeness_pct": 100
},
"error": null
}