DMARC Monitoring
Monitor DMARC, DKIM, SPF, and MX DNS health for your sending domains
Overview
Email deliverability depends on three DNS-based authentication standards:
| Standard | What it does |
|---|---|
| SPF (Sender Policy Framework) | Declares which IP addresses are authorized to send email on behalf of your domain |
| DKIM (DomainKeys Identified Mail) | Attaches a cryptographic signature to outgoing mail so receivers can verify it wasn't tampered with |
| DMARC (Domain-based Message Authentication, Reporting & Conformance) | Tells receivers what to do with mail that fails SPF/DKIM, and where to send aggregate reports |
Without all three in place, your emails are at higher risk of landing in spam or being spoofed by attackers.
The DMARC monitoring API lets you add domains, run on-demand DNS checks, and track health scores over time — all programmatically.
Authentication
All endpoints require an API key in the Authorization header. Base URL: https://api.misar.io/mail.
List Monitored Domains
/mail/v1/dmarc/domainsReturns all domains you are currently monitoring.
Headers
AuthorizationstringheaderrequiredBearer msk_...
Response fields
idstringUnique monitored-domain identifier.
domainstringThe monitored domain.
spf_validbooleanWhether the SPF record is valid.
dkim_selectorstringThe DKIM selector that was checked.
dkim_validbooleanWhether the DKIM record is valid.
dmarc_validbooleanWhether the DMARC record is valid.
dmarc_policystringThe configured DMARC policy — reject, quarantine, or none.
mx_recordsArray<{priority, exchange}>The domain's MX records.
overall_scoreintegerHealth score from 0 to 100.
last_checked_atstringISO-8601 time of the last DNS check.
billing_activebooleanWhether monitoring billing is active for this domain.
statusstringOverall health status (e.g. healthy).
created_atstringISO-8601 creation time.
curl https://api.misar.io/mail/v1/dmarc/domains \
-H "Authorization: Bearer msk_..."[
{
"id": "dom_01jabcdef",
"domain": "newsletter.example.com",
"spf_valid": true,
"dkim_selector": "misarmail",
"dkim_valid": true,
"dmarc_valid": true,
"dmarc_policy": "reject",
"mx_records": [
{ "priority": 10, "exchange": "mx1.misarmail.com" },
{ "priority": 20, "exchange": "mx2.misarmail.com" }
],
"overall_score": 98,
"last_checked_at": "2026-05-27T10:00:00Z",
"billing_active": true,
"status": "healthy",
"created_at": "2025-10-01T00:00:00Z"
}
]Score interpretation
| Score | Status | Meaning |
|---|---|---|
| 90–100 | Excellent | All records valid, strong DMARC policy (reject or quarantine) |
| 70–89 | Good | Minor issues — one record has a warning but is broadly valid |
| 50–69 | Warning | Some records missing or misconfigured |
| 0–49 | Critical | Major gaps — domain is at risk of spoofing and deliverability failures |
Add a Domain
/mail/v1/dmarc/domainsAdds a domain to monitoring and immediately runs a full DNS check. Returns the domain record along with the initial check results.
Headers
AuthorizationstringheaderrequiredBearer msk_...
Request body
domainstringbodyrequiredThe domain to monitor (e.g. example.com or mail.example.com).
dkim_selectorstringbodydefault: defaultDKIM selector to check.
Response fields
successbooleantrue when the domain was added.
dataobjectThe created domain record, including id, domain, dkim_selector, overall_score, a dns_check object (spf, dkim, dmarc, mx, overallScore), and created_at.
curl -X POST https://api.misar.io/mail/v1/dmarc/domains \
-H "Authorization: Bearer msk_..." \
-H "Content-Type: application/json" \
-d '{ "domain": "newsletter.example.com", "dkim_selector": "misarmail" }'{
"success": true,
"data": {
"id": "dom_01jabcdef",
"domain": "newsletter.example.com",
"dkim_selector": "misarmail",
"overall_score": 72,
"dns_check": {
"spf": {
"valid": true,
"value": "v=spf1 include:spf.misarmail.com ~all",
"issues": []
},
"dkim": {
"valid": false,
"value": null,
"issues": ["No DKIM record found for selector 'misarmail'"]
},
"dmarc": {
"valid": true,
"value": "v=DMARC1; p=quarantine; rua=mailto:[email protected]",
"issues": [],
"policy": "quarantine"
},
"mx": [
{ "priority": 10, "exchange": "mx1.misarmail.com" }
],
"overallScore": 72
},
"created_at": "2026-05-27T12:00:00Z"
}
}Errors
| Error | HTTP | Meaning |
|---|---|---|
domain_already_monitored | 409 | This domain is already in your monitoring list |
plan_limit_reached | 402 | Your plan's maximum monitored domain count has been reached |
invalid_domain | 400 | The domain string is not a valid hostname |
Remove a Domain
/mail/v1/dmarc/domainsRemoves a domain from monitoring. DNS records are not affected.
Headers
AuthorizationstringheaderrequiredBearer msk_...
Query parameters
domain_idstringqueryrequiredID of the monitored domain to remove.
Response fields
successbooleantrue when the domain was removed.
curl -X DELETE "https://api.misar.io/mail/v1/dmarc/domains?domain_id=dom_01jabcdef" \
-H "Authorization: Bearer msk_..."{ "success": true }Required DNS Records
When you add a domain to MisarMail, publish the following DNS records at your registrar or DNS provider. The POST /mail/v1/dmarc/domains endpoint will verify them immediately after you add the domain.
SPF
Add a TXT record at the root of your sending domain:
Type: TXT
Name: @ (or your subdomain, e.g. "newsletter")
Value: v=spf1 include:spf.misarmail.com ~allIf you already have an SPF record, add include:spf.misarmail.com to the existing record rather than creating a second one. Multiple SPF records on the same name cause a permerror.
DKIM
Add a TXT record for your DKIM selector (replace misarmail with your chosen selector):
Type: TXT
Name: misarmail._domainkey.newsletter.example.com
Value: (copy the public key from your MisarMail dashboard under Domains → DKIM Keys)DMARC
Add a TXT record at _dmarc.yourdomain.com:
Type: TXT
Name: _dmarc.newsletter.example.com
Value: v=DMARC1; p=quarantine; rua=mailto:[email protected]; ruf=mailto:[email protected]; pct=100Start with p=quarantine to soft-fail suspicious mail before moving to p=reject. Once you have confirmed legitimate traffic is passing DMARC checks (visible in your aggregate reports), update to p=reject for maximum protection.
Domains with a p=reject DMARC policy score highest (90+) and are the most protected against spoofing. This is the recommended final configuration for all MisarMail sending domains.
MX (optional but recommended)
For domains that also receive email, ensure MX records point to your mail server:
Type: MX
Name: @
Priority: 10
Value: mx1.misarmail.com