Email Auth Validator
Validate email authentication — SPF, DKIM, and DMARC from raw headers.
POST
1 credit
/v1/email/auth
curl -X POST "https://email.toolkitapi.io/v1/email/auth" \
-H "Content-Type: text/plain" \
-d 'From: [email protected]
Return-Path: <[email protected]>
DKIM-Signature: v=1; a=rsa-sha256; d=toolkitapi.io; s=google; ...'
import httpx
resp = httpx.post(
"https://email.toolkitapi.io/v1/email/auth",
json=From: [email protected]
Return-Path: <[email protected]>
DKIM-Signature: v=1; a=rsa-sha256; d=toolkitapi.io; s=google; ...,
)
print(resp.json())
const resp = await fetch("https://email.toolkitapi.io/v1/email/auth", {
method: "POST",
headers: {
"Content-Type": "application/json",
},
body: JSON.stringify(From: [email protected]
Return-Path: <[email protected]>
DKIM-Signature: v=1; a=rsa-sha256; d=toolkitapi.io; s=google; ...),
});
const data = await resp.json();
console.log(data);
# See curl example
Response
200 OK
{
"from_domain": "toolkitapi.io",
"envelope_from": "[email protected]",
"sending_ip": "198.51.100.42",
"dkim_selector": "google",
"dkim_domain": "toolkitapi.io",
"spf_aligned": true,
"dkim_aligned": true,
"dmarc_aligned": true,
"overall_result": "pass",
"checks": [
{"mechanism": "SPF", "result": "pass", "domain": "toolkitapi.io", "detail": "IP 198.51.100.42 is authorized by SPF record"},
{"mechanism": "DKIM", "result": "pass", "domain": "toolkitapi.io", "detail": "Valid DKIM signature for selector 'google'"},
{"mechanism": "DMARC", "result": "pass", "domain": "toolkitapi.io", "detail": "SPF and DKIM aligned with DMARC policy"}
],
"query_time_ms": 112.5
}
Try It Live
Live Demo
Response
Description
Validate email authentication — SPF, DKIM, and DMARC from raw headers.
How to Use
1
1. Copy the raw email headers from the suspicious or problematic email. 2. Send them as the POST body (plain text). 3. Optionally provide the `sending_ip` query parameter if it can't be auto-detected from Received headers. 4. Check `overall_result` — "pass", "fail", or "partial".
About This Tool
Email Auth Validator checks an email's authenticity by validating SPF, DKIM, and DMARC from raw email headers. Paste the full header block and the API parses From, Return-Path, and DKIM-Signature headers, then validates SPF (IP vs SPF record), DKIM (public key exists), and DMARC (policy and domain alignment).
Why Use This Tool
- Phishing analysis — Validate whether an email actually came from who it claims
- Deliverability debugging — Understand why emails fail authentication
- Incident response — Analyze suspicious emails for spoofing indicators
- Email infrastructure testing — Verify your SPF/DKIM/DMARC setup works end-to-end
Frequently Asked Questions
What headers do I need to include?
At minimum: `From`, `Return-Path`, and `DKIM-Signature`. Including `Received` headers helps auto-detect the sending IP.
What does "partial" mean?
Some mechanisms passed while others failed — e.g., SPF passes but DKIM fails.
Start using Email Auth Validator now
Get your free API key and make your first request in under a minute.