DMARC Monitoring
Monitor DMARC, DKIM, SPF, and MX DNS health for your sending domains
Overview
Email deliverability depends on three DNS-based authentication standards:
| Standard | What it does |
|---|---|
| SPF (Sender Policy Framework) | Declares which IP addresses are authorized to send email on behalf of your domain |
| DKIM (DomainKeys Identified Mail) | Attaches a cryptographic signature to outgoing mail so receivers can verify it wasn't tampered with |
| DMARC (Domain-based Message Authentication, Reporting & Conformance) | Tells receivers what to do with mail that fails SPF/DKIM, and where to send aggregate reports |
Without all three in place, your emails are at higher risk of landing in spam or being spoofed by attackers.
The DMARC monitoring API lets you add domains, run on-demand DNS checks, and track health scores over time — all programmatically.
All endpoints require an API key in the Authorization header.
List Monitored Domains
Returns all domains you are currently monitoring.
GET /v1/dmarc/domains
Headers
Authorization: Bearer msk_...
Response
[
{
"id": "dom_01jabcdef",
"domain": "newsletter.example.com",
"spf_valid": true,
"dkim_selector": "misarmail",
"dkim_valid": true,
"dmarc_valid": true,
"dmarc_policy": "reject",
"mx_records": [
{ "priority": 10, "exchange": "mx1.misarmail.com" },
{ "priority": 20, "exchange": "mx2.misarmail.com" }
],
"overall_score": 98,
"last_checked_at": "2026-05-27T10:00:00Z",
"billing_active": true,
"status": "healthy",
"created_at": "2025-10-01T00:00:00Z"
}
]Score interpretation
| Score | Status | Meaning |
|---|---|---|
| 90–100 | Excellent | All records valid, strong DMARC policy (reject or quarantine) |
| 70–89 | Good | Minor issues — one record has a warning but is broadly valid |
| 50–69 | Warning | Some records missing or misconfigured |
| 0–49 | Critical | Major gaps — domain is at risk of spoofing and deliverability failures |
curl https://api.misar.io/mail/v1/dmarc/domains \
-H "Authorization: Bearer msk_..."const res = await fetch('https://api.misar.io/mail/v1/dmarc/domains', {
headers: { 'Authorization': 'Bearer msk_...' },
});
const domains = await res.json();import httpx
domains = httpx.get(
"https://api.misar.io/mail/v1/dmarc/domains",
headers={"Authorization": "Bearer msk_..."},
).json()Add a Domain
Adds a domain to monitoring and immediately runs a full DNS check. Returns the domain record along with the initial check results.
POST /v1/dmarc/domains
Headers
Authorization: Bearer msk_...
Request body
{
"domain": "newsletter.example.com",
"dkim_selector": "misarmail"
}| Field | Type | Required | Description |
|---|---|---|---|
domain | string | Yes | The domain to monitor (e.g. example.com or mail.example.com) |
dkim_selector | string | No | DKIM selector to check. Default: "default" |
Response 201
{
"success": true,
"data": {
"id": "dom_01jabcdef",
"domain": "newsletter.example.com",
"dkim_selector": "misarmail",
"overall_score": 72,
"dns_check": {
"spf": {
"valid": true,
"value": "v=spf1 include:spf.misarmail.com ~all",
"issues": []
},
"dkim": {
"valid": false,
"value": null,
"issues": ["No DKIM record found for selector 'misarmail'"]
},
"dmarc": {
"valid": true,
"value": "v=DMARC1; p=quarantine; rua=mailto:[email protected]",
"issues": [],
"policy": "quarantine"
},
"mx": [
{ "priority": 10, "exchange": "mx1.misarmail.com" }
],
"overallScore": 72
},
"created_at": "2026-05-27T12:00:00Z"
}
}Error cases:
| Error | HTTP | Meaning |
|---|---|---|
domain_already_monitored | 409 | This domain is already in your monitoring list |
plan_limit_reached | 402 | Your plan's maximum monitored domain count has been reached |
invalid_domain | 400 | The domain string is not a valid hostname |
curl -X POST https://api.misar.io/mail/v1/dmarc/domains \
-H "Authorization: Bearer msk_..." \
-H "Content-Type: application/json" \
-d '{ "domain": "newsletter.example.com", "dkim_selector": "misarmail" }'const res = await fetch('https://api.misar.io/mail/v1/dmarc/domains', {
method: 'POST',
headers: {
'Authorization': 'Bearer msk_...',
'Content-Type': 'application/json',
},
body: JSON.stringify({
domain: 'newsletter.example.com',
dkim_selector: 'misarmail',
}),
});
const { data } = await res.json();
console.log(data.dns_check.overallScore);import httpx
result = httpx.post(
"https://api.misar.io/mail/v1/dmarc/domains",
headers={"Authorization": "Bearer msk_..."},
json={"domain": "newsletter.example.com", "dkim_selector": "misarmail"},
).json()
print(result["data"]["dns_check"]["overallScore"])Remove a Domain
Removes a domain from monitoring. DNS records are not affected.
DELETE /v1/dmarc/domains?domain_id=dom_01jabcdef
Headers
Authorization: Bearer msk_...
Response
{ "success": true }curl -X DELETE "https://api.misar.io/mail/v1/dmarc/domains?domain_id=dom_01jabcdef" \
-H "Authorization: Bearer msk_..."await fetch('https://api.misar.io/mail/v1/dmarc/domains?domain_id=dom_01jabcdef', {
method: 'DELETE',
headers: { 'Authorization': 'Bearer msk_...' },
});Required DNS Records
When you add a domain to MisarMail, publish the following DNS records at your registrar or DNS provider. The POST /v1/dmarc/domains endpoint will verify them immediately after you add the domain.
SPF
Add a TXT record at the root of your sending domain:
Type: TXT
Name: @ (or your subdomain, e.g. "newsletter")
Value: v=spf1 include:spf.misarmail.com ~all
If you already have an SPF record, add include:spf.misarmail.com to the existing record rather than creating a second one. Multiple SPF records on the same name cause a permerror.
DKIM
Add a TXT record for your DKIM selector (replace misarmail with your chosen selector):
Type: TXT
Name: misarmail._domainkey.newsletter.example.com
Value: (copy the public key from your MisarMail dashboard under Domains → DKIM Keys)
DMARC
Add a TXT record at _dmarc.yourdomain.com:
Type: TXT
Name: _dmarc.newsletter.example.com
Value: v=DMARC1; p=quarantine; rua=mailto:[email protected]; ruf=mailto:[email protected]; pct=100
Start with p=quarantine to soft-fail suspicious mail before moving to p=reject. Once you have confirmed legitimate traffic is passing DMARC checks (visible in your aggregate reports), update to p=reject for maximum protection.
Domains with a p=reject DMARC policy score highest (90+) and are the most protected against spoofing. This is the recommended final configuration for all MisarMail sending domains.
MX (optional but recommended)
For domains that also receive email, ensure MX records point to your mail server:
Type: MX
Name: @
Priority: 10
Value: mx1.misarmail.com