Skip to content
Cloudflare API
Start here
API Reference
Radar
Email
Security
Top
TLDs
Spoof

Get top TLDs by email spoof classification

client.radar.email.security.top.tlds.spoof.get("SPOOF" | "NOT_SPOOF"spoof, SpoofGetParams { arc, dateEnd, dateRange, 9 more } query?, RequestOptionsoptions?): SpoofGetResponse { meta, top_0 }
GET/radar/email/security/top/tlds/spoof/{spoof}

Retrieves the top TLDs by emails classified as spoof or not.

Security
API Token

The preferred authorization scheme for interacting with the Cloudflare API. Create a token.

Example:Authorization: Bearer Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY
API Email + API Key

The previous authorization scheme for interacting with the Cloudflare API, used in conjunction with a Global API key.

Example:X-Auth-Email: user@example.com

The previous authorization scheme for interacting with the Cloudflare API. When possible, use API tokens instead of Global API keys.

Example:X-Auth-Key: 144c9defac04969c7bfad8efaa8ea194
Accepted Permissions (at least one required)
User Details WriteUser Details Read
ParametersExpand Collapse
spoof: "SPOOF" | "NOT_SPOOF"

Spoof classification.

One of the following:
"SPOOF"
"NOT_SPOOF"
query: SpoofGetParams { arc, dateEnd, dateRange, 9 more }
arc?: Array<"PASS" | "NONE" | "FAIL">

Filters results by ARC (Authenticated Received Chain) validation.

One of the following:
"PASS"
"NONE"
"FAIL"
dateEnd?: Array<string>

End of the date range (inclusive).

dateRange?: Array<string>

Filters results by date range. For example, use 7d and 7dcontrol to compare this week with the previous week. Use this parameter or set specific start and end dates (dateStart and dateEnd parameters).

dateStart?: Array<string>

Start of the date range.

dkim?: Array<"PASS" | "NONE" | "FAIL">

Filters results by DKIM (DomainKeys Identified Mail) validation status.

One of the following:
"PASS"
"NONE"
"FAIL"
dmarc?: Array<"PASS" | "NONE" | "FAIL">

Filters results by DMARC (Domain-based Message Authentication, Reporting and Conformance) validation status.

One of the following:
"PASS"
"NONE"
"FAIL"
format?: "JSON" | "CSV"

Format in which results will be returned.

One of the following:
"JSON"
"CSV"
limit?: number

Limits the number of objects returned in the response.

exclusiveMinimum
minimum0
name?: Array<string>

Array of names used to label the series in the response.

spf?: Array<"PASS" | "NONE" | "FAIL">

Filters results by SPF (Sender Policy Framework) validation status.

One of the following:
"PASS"
"NONE"
"FAIL"
tldCategory?: "CLASSIC" | "COUNTRY"

Filters results by TLD category.

One of the following:
"CLASSIC"
"COUNTRY"
tlsVersion?: Array<"TLSv1_0" | "TLSv1_1" | "TLSv1_2" | "TLSv1_3">

Filters results by TLS version.

One of the following:
"TLSv1_0"
"TLSv1_1"
"TLSv1_2"
"TLSv1_3"
ReturnsExpand Collapse
SpoofGetResponse { meta, top_0 }
meta: Meta { confidenceInfo, dateRange, lastUpdated, 2 more }

Metadata for the results.

confidenceInfo: ConfidenceInfo | null
annotations: Array<Annotation>
dataSource: "ALL" | "AI_BOTS" | "AI_GATEWAY" | 22 more

Data source for annotations.

One of the following:
"ALL"
"AI_BOTS"
"AI_GATEWAY"
"BGP"
"BOTS"
"CONNECTION_ANOMALY"
"CT"
"DNS"
"DNS_MAGNITUDE"
"DNS_AS112"
"DOS"
"EMAIL_ROUTING"
"EMAIL_SECURITY"
"FW"
"FW_PG"
"HTTP"
"HTTP_CONTROL"
"HTTP_CRAWLER_REFERER"
"HTTP_ORIGINS"
"IQI"
"LEAKED_CREDENTIALS"
"NET"
"ROBOTS_TXT"
"SPEED"
"WORKERS_AI"
description: string
endDate: string
formatdate-time
eventType: "EVENT" | "GENERAL" | "OUTAGE" | 3 more

Event type for annotations.

One of the following:
"EVENT"
"GENERAL"
"OUTAGE"
"PARTIAL_PROJECTION"
"PIPELINE"
"TRAFFIC_ANOMALY"
isInstantaneous: boolean

Whether event is a single point in time or a time range.

linkedUrl: string
formaturi
startDate: string
formatdate-time
level: number

Provides an indication of how much confidence Cloudflare has in the data.

dateRange: Array<DateRange>
endTime: string

Adjusted end of date range.

formatdate-time
startTime: string

Adjusted start of date range.

formatdate-time
lastUpdated: string

Timestamp of the last dataset update.

formatdate-time
normalization: "PERCENTAGE" | "MIN0_MAX" | "MIN_MAX" | 5 more

Normalization method applied to the results. Refer to Normalization methods.

One of the following:
"PERCENTAGE"
"MIN0_MAX"
"MIN_MAX"
"RAW_VALUES"
"PERCENTAGE_CHANGE"
"ROLLING_AVERAGE"
"OVERLAPPED_PERCENTAGE"
"RATIO"
units: Array<Unit>

Measurement units for the results.

name: string
value: string
top_0: Array<Top0>
name: string
value: string

A numeric string.

Get top TLDs by email spoof classification

import Cloudflare from 'cloudflare';

const client = new Cloudflare({
  apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted
});

const spoof = await client.radar.email.security.top.tlds.spoof.get('SPOOF');

console.log(spoof.meta);
{
  "result": {
    "meta": {
      "confidenceInfo": {
        "annotations": [
          {
            "dataSource": "ALL",
            "description": "Cable cut in Tonga",
            "endDate": "2019-12-27T18:11:19.117Z",
            "eventType": "EVENT",
            "isInstantaneous": true,
            "linkedUrl": "https://example.com",
            "startDate": "2019-12-27T18:11:19.117Z"
          }
        ],
        "level": 0
      },
      "dateRange": [
        {
          "endTime": "2022-09-17T10:22:57.555Z",
          "startTime": "2022-09-16T10:22:57.555Z"
        }
      ],
      "lastUpdated": "2019-12-27T18:11:19.117Z",
      "normalization": "PERCENTAGE",
      "units": [
        {
          "name": "*",
          "value": "requests"
        }
      ]
    },
    "top_0": [
      {
        "name": "com.",
        "value": "10"
      }
    ]
  },
  "success": true
}
Returns Examples
{
  "result": {
    "meta": {
      "confidenceInfo": {
        "annotations": [
          {
            "dataSource": "ALL",
            "description": "Cable cut in Tonga",
            "endDate": "2019-12-27T18:11:19.117Z",
            "eventType": "EVENT",
            "isInstantaneous": true,
            "linkedUrl": "https://example.com",
            "startDate": "2019-12-27T18:11:19.117Z"
          }
        ],
        "level": 0
      },
      "dateRange": [
        {
          "endTime": "2022-09-17T10:22:57.555Z",
          "startTime": "2022-09-16T10:22:57.555Z"
        }
      ],
      "lastUpdated": "2019-12-27T18:11:19.117Z",
      "normalization": "PERCENTAGE",
      "units": [
        {
          "name": "*",
          "value": "requests"
        }
      ]
    },
    "top_0": [
      {
        "name": "com.",
        "value": "10"
      }
    ]
  },
  "success": true
}