The forensic endpoint returns raw forensic (failure) reports within a specified time period.
The results are paginated. You can pass a page parameter to fetch a particular page of records. If the response contains an empty records field, you've reached the end.
GET /forensic
Description: Get DMARC forensic data.
Parameters:
| Parameter | Description |
|---|---|
| start | start of Unix time in seconds |
| end | end of Unix time in seconds |
| page | page of records, starting from 1 |
Response:
{
"status":"SUCCESS",
"total":"3",
"records":[
{
"ForensicId":"29013",
"Subject":"FW: [Marketing Medium] Totalspan Australia: Notice to Customer COVID-19",
"Domain":"[email protected]",
"Received":"2020-03-20 01:43:37",
"Amount":"1",
"Headers":"Feedback-Type: auth-failure\nIdentity-Alignment: spf, dkim\nUser-Agent: MimeKit\nVersion: 2.1\nOriginal-Mail-From: bounce-mc.us15_70631933.15110711-0157d30998@mail72.atl11.rsgsv.net\nAuthentication-Results: mail2.us.scanscope.net; spf=pass\n smtp.mailfrom=bounce-mc.us15_70631933.15110711-0157d30998@mail72.atl11.rsgsv.\n net; dkim=pass [email protected]; dmarc=fail action=none\n header.from=mycompany.com;\nDelivery-Result: delivered\nDKIM-Domain: mailchimpapp.net\nDKIM-Identity: mail72.atl11.rsgsv.net\nDKIM-Selector: k1..."
},
...
]
}Example:
curl -H "Authorization: Bearer 12341fc3ce4d57f3368d47cd304812ad" "https://dmarcly.com/api/forensic?start=0&end=1811111112"