How much does Email Auth Check cost?

Email Auth Check costs 4 sats per call.

The endpoint returns an A-F grade plus structured SPF, DKIM, and DMARC posture details for the requested domain.

Is it useful for deliverability and security checks?

Yes. It is useful for monitoring whether a domain publishes authentication records, whether DMARC enforcement exists, and whether DKIM selectors are present.

Email Auth Check API • Live on Signet test network only

Check SPF, DKIM, and DMARC posture in one call.

Use a funded Signet session to inspect a domain's email-authentication posture and get an A-F grade with structured SPF, DKIM, and DMARC findings. Built for deliverability checks, abuse prevention workflows, and quick email-security reviews.

4 sats / call

POST /api/email-auth-check

A-F grade

What It Does

Email Auth Check evaluates whether a domain publishes SPF, DKIM, and DMARC records and reports how strong the resulting posture is. It is useful when you need a quick security and deliverability snapshot without manually walking DNS records.

Returns a clean A-F grade
Surfaces whether SPF, DKIM, and DMARC are present
Shows DMARC policy strength and selector coverage
Useful for audits, vendor checks, and phishing-resistance reviews

What The Grade Means

The endpoint weighs the presence and strength of the published email-authentication controls. Strong enforcement yields better grades; missing or permissive controls drag the score down.

Domains with SPF, DKIM, and enforced DMARC score highest
Missing DMARC or permissive p=none policies reduce the grade
Missing selectors or absent records are called out directly
Current deployment is Signet only

Example Request

curl -X POST https://arkapi.dev/api/email-auth-check \
  -H "Authorization: Bearer ak_your_token" \
  -H "Content-Type: application/json" \
  -d '{"domain":"example.com"}' | jq

Use a funded token from the Fund page. The endpoint is also documented in /openapi.json for agents and service wrappers.

Example Body

{
  "domain": "example.com"
}

domain is required
Use a registrable public domain name

Example Response

{
  "success": true,
  "data": {
    "domain": "example.com",
    "grade": "B",
    "spf": {
      "present": true,
      "record": "v=spf1 -all"
    },
    "dkim": {
      "present": true
    },
    "dmarc": {
      "present": true,
      "policy": "quarantine"
    }
  },
  "cost_sats": 4,
  "balance_remaining": 1496,
  "response_ms": 33,
  "endpoint": "/api/email-auth-check"
}

Good Uses

Check whether a vendor or target domain publishes real email-auth controls
Monitor your own domains for enforcement drift or missing records
Feed email posture into phishing-risk and domain-intel workflows
Give agents a simple email-security primitive instead of raw DNS parsing

For broader platform usage, see the main docs and the live catalog.