DMARC Forensic endpoint

The forensic endpoint returns raw forensic (failure) reports within a specified time period.

The results are paginated. You can pass a page parameter to fetch a particular page of records. If the response contains an empty records field, you've reached the end.

forensic

GET /forensic

Description: Get DMARC forensic data.

Parameters:

Parameter Description
start start of Unix time in seconds
end end of Unix time in seconds
page page of records, starting from 1

Response:

{
    "status":"SUCCESS",
    "total":"3",
    "records":[
        {
            "ForensicId":"29013",
            "Subject":"FW: [Marketing Medium] Totalspan Australia: Notice to Customer COVID-19",
            "Domain":"[email protected]",
            "Received":"2020-03-20 01:43:37",
            "Amount":"1",
            "Headers":"Feedback-Type: auth-failure\nIdentity-Alignment: spf, dkim\nUser-Agent: MimeKit\nVersion: 2.1\nOriginal-Mail-From: bounce-mc.us15_70631933.15110711-0157d30998@mail72.atl11.rsgsv.net\nAuthentication-Results: mail2.us.scanscope.net; spf=pass\n smtp.mailfrom=bounce-mc.us15_70631933.15110711-0157d30998@mail72.atl11.rsgsv.\n net; dkim=pass [email protected]; dmarc=fail action=none\n header.from=mycompany.com;\nDelivery-Result: delivered\nDKIM-Domain: mailchimpapp.net\nDKIM-Identity: mail72.atl11.rsgsv.net\nDKIM-Selector: k1..."
        },
        ...
    ]
}

Example:

curl -H "Authorization: Bearer 12341fc3ce4d57f3368d47cd304812ad" "https://dmarcly.com/api/forensic?start=0&end=1811111112"