#email-security

检查域的SMTP传输安全状态 — 邮件服务器是否需要通过经过身份验证的TLS传递入站邮件，以防止降级和中间人攻击。传入一个域，服务将从mta-sts.<domain>/.well-known/mta-sts.txt获取MTA-STS策略文件（其版本、模式、允许的MX主机和max_age）、_mta-sts DNS TXT记录（其策略ID）以及_smtp._tls TLS-RPT记录（rua报告地址），然后报告MTA-STS是否实际执行以及问题的优先级列表 — 无策略文件、无DNS记录、仅“测试”模式或缺少TLS-RPT记录。第二个端点仅返回解析后的策略文件。请求在服务器端进行，私有/内部目标被拒绝（SSRF防护）。专为电子邮件可送达性和防降级攻击审计、供应商和第三方评估以及合规性而构建。MTA-STS / TLS-RPT检查器 — SMTP传输安全对应电子邮件身份验证分析器（emailsec，涵盖SPF、DKIM和DMARC），与原始DNS查找（dns）不同。无上游密钥，无缓存。

api.oanor.com/mtasts-api

Inspect any domain's email-authentication posture — its protection against spoofing and phishing — via live DNS. Pass a domain and the service looks up and validates SPF (the v=spf1 record, its all-qualifier and the 10-lookup limit), DMARC (the _dmarc policy p=none/quarantine/reject, plus sp, pct and rua/ruf reporting addresses), DKIM (probing the common selectors at selector._domainkey, or pass your own), BIMI and the MX servers — then returns an A+-to-F grade with a prioritised list of issues and concrete advice. A second endpoint parses the DMARC record tag by tag with a plain-English interpretation of the policy. Built for email-deliverability and anti-spoofing audits, vendor and third-party risk assessment, security onboarding and continuous monitoring. An email-authentication analyzer — distinct from mailbox/address validation (email), raw DNS record lookup (dns) and the HTTP security-header grader (secheaders). Pure live DNS, no upstream key, no cache.

api.oanor.com/emailsec-api