oanor
Sign up free
Marketplace Pricing Features Sign in

API · /emailsec-api

Email Security API

healthy 4,971 Subscribers

Inspect any domain's email-authentication posture — its protection against spoofing and phishing — via live DNS. Pass a domain and the service looks up and validates SPF (the v=spf1 record, its all-qualifier and the 10-lookup limit), DMARC (the _dmarc policy p=none/quarantine/reject, plus sp, pct and rua/ruf reporting addresses), DKIM (probing the common selectors at selector._domainkey, or pass your own), BIMI and the MX servers — then returns an A+-to-F grade with a prioritised list of issues and concrete advice. A second endpoint parses the DMARC record tag by tag with a plain-English interpretation of the policy. Built for email-deliverability and anti-spoofing audits, vendor and third-party risk assessment, security onboarding and continuous monitoring. An email-authentication analyzer — distinct from mailbox/address validation (email), raw DNS record lookup (dns) and the HTTP security-header grader (secheaders). Pure live DNS, no upstream key, no cache.

#email-security #dmarc #spf #dkim #security #dns
api.oanor.com/emailsec-api
Get an API key Try in playground → Contact provider

Machine-readable spec so AI agents can integrate this API.

/api/emailsec-api/openapi.json
/api/emailsec-api/llms.txt

Discovery: GET /api/index.json lists every API.

Email Security API — live data on the oanor API marketplace

API health

healthy
Uptime
100.00%
Server probes · 24h
Avg latency
111 ms
Server probes · 24h
Subscribers
4,971
active
Total calls
60
last 7 days
status Full status page → · 12 probes/24h

Pricing

Pick a tier — billed monthly, cancel anytime.

Free

Free

  • 2,380 calls / month
  • 2 requests / second
  • Hard cap (429 above quota, no overage)
  • 2,380 calls/month
  • 2 req/sec
  • SPF/DMARC/DKIM/MX + grade
  • No credit card
Sign in to subscribe

Starter

€6.90 /month

  • 47,500 calls / month
  • 8 requests / second
  • Hard cap (429 above quota, no overage)
  • 47.5k calls/month
  • 8 req/sec
  • DKIM selector probing + BIMI
  • Email support
Sign in to subscribe

Pro

€21.70 /month

  • 242,000 calls / month
  • 20 requests / second
  • Hard cap (429 above quota, no overage)
  • 242k calls/month
  • 20 req/sec
  • Deliverability & audit apps
  • Priority support
Sign in to subscribe

Mega

€57.00 /month

  • 885,000 calls / month
  • 50 requests / second
  • Hard cap (429 above quota, no overage)
  • 885k calls/month
  • 50 req/sec
  • Email-security monitoring scale
  • Dedicated SLA
Sign in to subscribe

Built by

P
PremiumApi

Related APIs

Other APIs with overlapping tags.

MTA-STS API — oanor API marketplace

MTA-STS API

Inspect a domain's SMTP transport-security posture — whether mail servers are required to deliver inbound mail over authenticated TLS, protecting it from downgrade and man-in-the-middle attacks. Pass a domain and the service fetches the MTA-STS policy file from mta-sts.<domain>/.well-known/mta-sts.txt (its version, mode, the permitted MX hosts and max_age), the _mta-sts DNS TXT record (its policy id) and the _smtp._tls TLS-RPT record (the rua reporting address), then reports whether MTA-STS is actually enforced and a prioritised list of issues — no policy file, no DNS record, a mode of only "testing", or a missing TLS-RPT record. A second endpoint returns just the parsed policy file. The request is made server-side and private/internal targets are refused (SSRF-guarded). Built for email-deliverability and anti-downgrade-attack audits, vendor and third-party assessment, and compliance. An MTA-STS / TLS-RPT checker — the SMTP transport-security counterpart to the email-authentication analyzer (emailsec, which covers SPF, DKIM and DMARC), and distinct from raw DNS lookup (dns). No upstream key, no cache.

api.oanor.com/mtasts-api

 Shentu API — oanor API marketplace

Shentu API

Live on-chain data for Shentu (chain id shentu-2.2) — the security-focused Cosmos-SDK Layer-1 of the CertiK ecosystem, whose native token is CTK — served directly from public LCD/REST nodes with multi-node failover. The status endpoint returns the latest block height and time, chain id, the staking bond denom and the current minting inflation rate. The validators endpoint lists the active bonded validator set ranked by stake, each with its moniker, operator address, self-plus-delegated CTK, commission rate and jailed flag. The supply endpoint returns the total CTK supply, the amount bonded in staking and the resulting bonded ratio. The governance endpoint returns the most recent on-chain proposals with their id, title, status and voting window. Token amounts are converted from base micro-CTK (6 decimals) into whole CTK, and every figure is read live from the chain — nothing bundled or modelled — behind a short server-side cache with keep-warm so the feed stays fast and fresh. Ideal for staking dashboards, validator and delegator tooling, explorers, governance trackers and portfolio or analytics apps across the Cosmos and security-infrastructure ecosystem. Live keyless upstream. 5 endpoints.

api.oanor.com/shentu-api

 Solana Program API — oanor API marketplace

Solana Program API

Inspect deployed Solana programs live from public Solana RPC — no key — and answer the question that matters most for safety: can this program still be changed, and by whom? For any program address it resolves the loader it runs under, whether it is executable, its on-chain ProgramData account, the upgrade authority (or that it has been made immutable / frozen), and the slot it was last deployed at. A batch endpoint audits up to twelve programs at once — perfect for checking the upgrade authority of every program a protocol depends on before you trust it — and a loaders endpoint documents Solana's program loaders. Distinct from balance, token and transaction APIs: this is the program and upgrade-authority layer that auditors, wallets and security tooling rely on to judge whether a Solana program is safe. Live from the chain; short cache only.

api.oanor.com/solanaprogram-api

 Crypto Phishing Check API — oanor API marketplace

Crypto Phishing Check API

Tell whether a domain is a known crypto phishing or scam site before a wallet or user connects to it — using MetaMask's canonical eth-phishing-detect blocklist, the same list that protects millions of MetaMask users, read keyless and live. It runs the real detection logic: an exact and subdomain match against the blocklist and allowlist, plus a Levenshtein fuzzy match against high-value lookalike targets to catch typosquats like "myetherwaliet.com" or "app-wallet-uniswap.org". Check a domain or URL for a verdict (blocked, allowed, fuzzy or unknown) with the reason, search the 190,000-entry blocklist, or read its stats. The dApp-connection safety layer every wallet, browser extension, Telegram bot and security tool needs to warn users before they sign. Live, lightly cached.

api.oanor.com/phishingcheck-api

Frequently asked questions

Quick answers about pricing, quotas, and integration.

How do I get an API key for Email Security API?
Sign up for free at oanor.com, generate an API key from the developer dashboard, and call Email Security API with the x-oanor-key header. No credit card needed for the free tier.
What's the rate limit for Email Security API?
Free tier allows 1 request per second. Paid plans scale up to 50 requests per second on the Mega tier. Hard limits return HTTP 429 above the quota — no surprise overage charges.
How much does Email Security API cost?
Email Security API has a free tier with 100 calls / month. Paid plans start at €6.90 / month with higher quotas and faster rate limits.
Can I cancel my subscription anytime?
Yes. Plans are billed monthly and you can cancel anytime from your billing dashboard. No long-term contracts and no cancellation fee.
Is Email Security API GDPR-compliant?
All requests to Email Security API go through our EU-based gateway. Your upstream API key never leaves our server and no personal data is shared with the upstream provider beyond the request you send.

Pick an endpoint from the list on the left to see its details and try it.

Code snippets

Sign up to get an API key, then call any path under your slug.

curl https://api.oanor.com/emailsec-api/SOME_PATH \
  -H "x-oanor-key: oanor_test_..."
const res = await fetch("https://api.oanor.com/emailsec-api/SOME_PATH", {
  headers: { "x-oanor-key": "oanor_test_..." }
});
const data = await res.json();
$ch = curl_init("https://api.oanor.com/emailsec-api/SOME_PATH");
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_HTTPHEADER, ["x-oanor-key: oanor_test_..."]);
$response = curl_exec($ch);
import requests
r = requests.get(
    "https://api.oanor.com/emailsec-api/SOME_PATH",
    headers={"x-oanor-key": "oanor_test_..."},
)
print(r.json())

Ratings

Sign in to rate.

No reviews yet.

Discussion

Ask questions, share usage tips, get answers from the provider and other developers. Public — anyone can read.

Sign in to start a thread or reply.

Sign in

New thread

/ 4000

📌 Pinned 🔒 Locked

·

· ·

/ 4000

🔒 This thread is locked — no new replies.

  • No threads yet — start the discussion.

Support

Private 1:1 support with the provider — billing questions, integration issues, account problems. Only you and the provider team can see these threads.

Sign in to open a support ticket.

Sign in

Open new ticket

Describe what you need help with. The provider team gets an email and replies on the ticket page.

  • No tickets yet for this API.

Subscription active — calls can start immediately.

Send your first request —

Subscription active — copy a snippet and fire off your first call.