Skip to main content

Endpoint

GET /domain/{domain}
Validates a domain and returns comprehensive information including disposability status, MX records, reputation data, and more.

Parameters

domain
string
required
The domain to validate (e.g., example.com)

Request Example

curl -X GET "https://api.fraudiant.com/domain/example.com" \
  -H "Authorization: Bearer YOUR_API_KEY"

Response Fields

status
integer
HTTP status code indicating the result of the request
  • 200: Success
  • 400: Invalid domain
  • 429: Rate limit exceeded
domain
string
The normalized form of the input domain
domain_age_in_days
integer | null
Number of days since the domain was registered. Returns null if the age is unknown.
mx
boolean
Indicates whether the domain has valid MX (Mail Exchange) records configured for email delivery
mx_records
array
List of MX records for the domain. Empty array if mx is false.
disposable
boolean
Key Field: Indicates whether the domain is from a temporary or disposable email provider
disposable_provider
string | null
The provider domain name if disposable, otherwise null
public_domain
boolean
Indicates whether the domain is a public email service like Gmail, Yahoo, or Outlook
relay_domain
boolean
Indicates whether the domain is used for email forwarding services
did_you_mean
string | null
Suggested correction if there’s a likely typo in the domain name
blocklisted
boolean
Indicates whether the domain is on your account’s custom blocklist (Pro feature only)
spam
boolean
Indicates whether the domain is associated with spam or abusive activities

Response Examples

Success Response (Valid Domain)

{
  "status": 200,
  "domain": "example.com",
  "domain_age_in_days": 1234,
  "mx": true,
  "mx_records": ["mail.example.com", "mail2.example.com"],
  "disposable": false,
  "disposable_provider": null,
  "public_domain": false,
  "relay_domain": false,
  "did_you_mean": null,
  "blocklisted": false,
  "spam": false
}

Disposable Domain Detected

{
  "status": 200,
  "domain": "tempmail.com",
  "domain_age_in_days": 456,
  "mx": true,
  "mx_records": ["mx1.tempmail.com"],
  "disposable": true,
  "disposable_provider": "tempmail.com",
  "public_domain": false,
  "relay_domain": false,
  "did_you_mean": null,
  "blocklisted": false,
  "spam": true
}
When disposable: true, you should typically block or flag this domain to prevent fraud.

Public Email Provider

{
  "status": 200,
  "domain": "gmail.com",
  "domain_age_in_days": 7500,
  "mx": true,
  "mx_records": ["gmail-smtp-in.l.google.com"],
  "disposable": false,
  "disposable_provider": null,
  "public_domain": true,
  "relay_domain": false,
  "did_you_mean": null,
  "blocklisted": false,
  "spam": false
}
public_domain: true indicates a well-known email provider. These are generally legitimate but don’t identify the organization.

Error Responses

Invalid Domain (400)

{
  "status": 400,
  "error": "The domain is invalid."
}

Rate Limit Exceeded (429)

{
  "status": 429,
  "error": "Too many requests"
}

Learn About Rate Limits

View rate limit details and upgrade options

Common Use Cases

const response = await fetch(`https://api.fraudiant.com/domain/${domain}`, {
  headers: { 'Authorization': 'Bearer YOUR_API_KEY' }
});

const data = await response.json();

if (!data.mx || data.mx_records.length === 0) {
  return { error: 'Domain cannot receive emails' };
}

// Flag domains less than 30 days old as potentially suspicious
if (data.domain_age_in_days !== null && data.domain_age_in_days < 30) {
  console.warn('Domain is less than 30 days old');
  // Apply additional verification
}

if (data.public_domain) {
  console.log('Personal email address (Gmail, Yahoo, etc.)');
} else {
  console.log('Corporate or private domain email');
}

const domains = ['example.com', 'test.com', 'sample.org'];

const results = await Promise.all(
  domains.map(domain =>
    fetch(`https://api.fraudiant.com/domain/${domain}`, {
      headers: { 'Authorization': 'Bearer YOUR_API_KEY' }
    }).then(r => r.json())
  )
);

const disposableDomains = results.filter(r => r.disposable);

Domain vs Email Endpoint

When to use Domain Validation vs Email Validation:

Use Domain Endpoint

  • Validating domain-level blocklists
  • Checking company email policies
  • Bulk domain reputation checks
  • Pre-filtering allowed domains

Use Email Endpoint

  • Validating specific user emails
  • Detecting typos in email addresses
  • Checking role-based accounts
  • Full email-level validation

Best Practices

Use the domain endpoint for initial filtering, then validate specific emails with the email endpoint for comprehensive checks.
Domain reputation doesn’t change frequently. Cache results for 24-48 hours to reduce API calls.
Newly registered domains (< 30 days old) are often used for spam or fraud. Consider additional verification for young domains.
Some fields like domain_age_in_days may return null if data is unavailable. Always handle null values gracefully in your code.