DMARC Forensic endpoint

The forensic endpoint returns raw forensic (failure) reports within a specified time period.

The results are paginated. You can pass a page parameter to fetch a particular page of records. If the response contains an empty records field, you've reached the end.


GET /forensic

Description: Get DMARC forensic data.


Parameter Description
start start of Unix time in seconds
end end of Unix time in seconds
page page of records, starting from 1


            "Subject":"FW: [Marketing Medium] Totalspan Australia: Notice to Customer COVID-19",
            "Domain":"[email protected]",
            "Received":"2020-03-20 01:43:37",
            "Headers":"Feedback-Type: auth-failure\nIdentity-Alignment: spf, dkim\nUser-Agent: MimeKit\nVersion: 2.1\nOriginal-Mail-From: [email protected]et\nAuthentication-Results:; spf=pass\n [email protected].atl11.rsgsv.\n net; dkim=pass [email protected]; dmarc=fail action=none\n;\nDelivery-Result: delivered\nDKIM-Domain:\nDKIM-Identity:\nDKIM-Selector: k1..."


curl -H "Authorization: Bearer 12341fc3ce4d57f3368d47cd304812ad" ""