# Email Auth # DMARC Reports ## Get DMARC Report Status `email_auth.dmarc_reports.get(DMARCReportGetParams**kwargs) -> DMARCReportGetResponse` **get** `/zones/{zone_id}/email/auth/dmarc-reports` Retrieves the current DMARC report configuration and status for a zone. Returns the RUA prefix, enabled status, approved sources, and DNS records. ### Parameters - `zone_id: str` Identifier. ### Returns - `class DMARCReportGetResponse: …` Response for GET/PATCH /dmarc-reports - `approved_sources: Optional[List[ApprovedSource]]` List of approved sending sources (omitted when empty) - `created: Optional[datetime]` Deprecated, use created_at - `created_at: Optional[datetime]` Creation timestamp - `domain: Optional[str]` The source domain - `ips: Optional[List[str]]` Resolved IP addresses from SPF - `modified: Optional[datetime]` Deprecated, use modified_at - `modified_at: Optional[datetime]` Last modification timestamp - `name: Optional[str]` Source name (typically same as domain) - `slug: Optional[str]` URL-friendly identifier - `tag: Optional[str]` Source UUID - `created: Optional[datetime]` Deprecated, use created_at - `created_at: Optional[datetime]` Creation timestamp - `enabled: Optional[bool]` Whether DMARC reports are enabled - `modified: Optional[datetime]` Deprecated, use modified_at - `modified_at: Optional[datetime]` Last modification timestamp - `records: Optional[Records]` Live DNS records for the zone, grouped by type - `bimi_records: Optional[List[RecordsBimiRecord]]` BIMI TXT records - `id: Optional[str]` DNS record ID - `content: Optional[str]` Record content - `name: Optional[str]` DNS record name - `ttl: Optional[int]` Time to live in seconds - `type: Optional[str]` Record type - `cname_dkim_records: Optional[List[RecordsCnamedkimRecord]]` CNAME records for DKIM - `id: Optional[str]` DNS record ID - `content: Optional[str]` Record content - `name: Optional[str]` DNS record name - `ttl: Optional[int]` Time to live in seconds - `type: Optional[str]` Record type - `cname_dmarc_records: Optional[List[RecordsCnamedmarcRecord]]` CNAME records at _dmarc (problematic) - `id: Optional[str]` DNS record ID - `content: Optional[str]` Record content - `name: Optional[str]` DNS record name - `ttl: Optional[int]` Time to live in seconds - `type: Optional[str]` Record type - `cname_spf_records: Optional[List[RecordsCnamespfRecord]]` CNAME records for SPF - `id: Optional[str]` DNS record ID - `content: Optional[str]` Record content - `name: Optional[str]` DNS record name - `ttl: Optional[int]` Time to live in seconds - `type: Optional[str]` Record type - `dkim_records: Optional[List[RecordsDKIMRecord]]` DKIM TXT records - `id: Optional[str]` DNS record ID - `content: Optional[str]` Record content - `name: Optional[str]` DNS record name - `ttl: Optional[int]` Time to live in seconds - `type: Optional[str]` Record type - `dmarc_records: Optional[List[RecordsDMARCRecord]]` DMARC TXT records - `id: Optional[str]` DNS record ID - `content: Optional[str]` Record content - `name: Optional[str]` DNS record name - `ttl: Optional[int]` Time to live in seconds - `type: Optional[str]` Record type - `spf_records: Optional[List[RecordsSPFRecord]]` SPF TXT records - `id: Optional[str]` DNS record ID - `content: Optional[str]` Record content - `name: Optional[str]` DNS record name - `ttl: Optional[int]` Time to live in seconds - `type: Optional[str]` Record type - `rua_prefix: Optional[str]` Prefix for DMARC RUA addresses (32-char hex string) - `skip_wizard: Optional[bool]` Whether to skip the setup wizard - `status: Optional[Literal["missing-dmarc-report", "multiple-dmarc-reports", "missing-dmarc-rua", "cname-on-dmarc-record"]]` DMARC configuration status - `"missing-dmarc-report"` - `"multiple-dmarc-reports"` - `"missing-dmarc-rua"` - `"cname-on-dmarc-record"` - `tag: Optional[str]` Use `zone_id` instead - `zone_id: Optional[str]` Zone identifier ### Example ```python import os from cloudflare import Cloudflare client = Cloudflare( api_token=os.environ.get("CLOUDFLARE_API_TOKEN"), # This is the default and can be omitted ) dmarc_report = client.email_auth.dmarc_reports.get( zone_id="023e105f4ecef8ad9ca31a8372d0c353", ) print(dmarc_report.zone_id) ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": { "approved_sources": [ { "created": "2024-01-15T10:30:00.12345Z", "created_at": "2024-01-15T10:30:00.12345Z", "domain": "sendgrid.net", "ips": [ "192.168.1.1", "10.0.0.1" ], "modified": "2024-01-15T11:45:00.12345Z", "modified_at": "2024-01-15T11:45:00.12345Z", "name": "SendGrid", "slug": "sendgrid-net", "tag": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415" } ], "created": "2024-01-15T10:30:00.12345Z", "created_at": "2024-01-15T10:30:00.12345Z", "enabled": true, "modified": "2024-01-15T11:45:00.12345Z", "modified_at": "2024-01-15T11:45:00.12345Z", "records": { "bimi_records": [ { "id": "e5bb46707a802688812d5d1c9f7977d4", "content": "\"v=DMARC1; p=none; rua=mailto:rua@dmarc-reports.cloudflare.net\"", "name": "_dmarc.example.com", "ttl": 300, "type": "TXT" } ], "cname_dkim_records": [ { "id": "e5bb46707a802688812d5d1c9f7977d4", "content": "\"v=DMARC1; p=none; rua=mailto:rua@dmarc-reports.cloudflare.net\"", "name": "_dmarc.example.com", "ttl": 300, "type": "TXT" } ], "cname_dmarc_records": [ { "id": "e5bb46707a802688812d5d1c9f7977d4", "content": "\"v=DMARC1; p=none; rua=mailto:rua@dmarc-reports.cloudflare.net\"", "name": "_dmarc.example.com", "ttl": 300, "type": "TXT" } ], "cname_spf_records": [ { "id": "e5bb46707a802688812d5d1c9f7977d4", "content": "\"v=DMARC1; p=none; rua=mailto:rua@dmarc-reports.cloudflare.net\"", "name": "_dmarc.example.com", "ttl": 300, "type": "TXT" } ], "dkim_records": [ { "id": "e5bb46707a802688812d5d1c9f7977d4", "content": "\"v=DMARC1; p=none; rua=mailto:rua@dmarc-reports.cloudflare.net\"", "name": "_dmarc.example.com", "ttl": 300, "type": "TXT" } ], "dmarc_records": [ { "id": "e5bb46707a802688812d5d1c9f7977d4", "content": "\"v=DMARC1; p=none; rua=mailto:rua@dmarc-reports.cloudflare.net\"", "name": "_dmarc.example.com", "ttl": 300, "type": "TXT" } ], "spf_records": [ { "id": "e5bb46707a802688812d5d1c9f7977d4", "content": "\"v=DMARC1; p=none; rua=mailto:rua@dmarc-reports.cloudflare.net\"", "name": "_dmarc.example.com", "ttl": 300, "type": "TXT" } ] }, "rua_prefix": "9233c80fc89f43e3a7b749605f651868", "skip_wizard": false, "status": "missing-dmarc-report", "tag": "023e105f4ecef8ad9ca31a8372d0c353", "zone_id": "023e105f4ecef8ad9ca31a8372d0c353" } } ``` ## Configure DMARC Reports `email_auth.dmarc_reports.edit(DMARCReportEditParams**kwargs) -> DMARCReportEditResponse` **patch** `/zones/{zone_id}/email/auth/dmarc-reports` Updates the DMARC report configuration for a zone. At least one of `enabled` or `skip_wizard` must be provided. When enabling, the handler will ensure the DMARC RUA record exists in DNS. ### Parameters - `zone_id: str` Identifier. - `enabled: Optional[bool]` Enable or disable DMARC reports for this zone - `skip_wizard: Optional[bool]` Skip the DMARC setup wizard ### Returns - `class DMARCReportEditResponse: …` Response for GET/PATCH /dmarc-reports - `approved_sources: Optional[List[ApprovedSource]]` List of approved sending sources (omitted when empty) - `created: Optional[datetime]` Deprecated, use created_at - `created_at: Optional[datetime]` Creation timestamp - `domain: Optional[str]` The source domain - `ips: Optional[List[str]]` Resolved IP addresses from SPF - `modified: Optional[datetime]` Deprecated, use modified_at - `modified_at: Optional[datetime]` Last modification timestamp - `name: Optional[str]` Source name (typically same as domain) - `slug: Optional[str]` URL-friendly identifier - `tag: Optional[str]` Source UUID - `created: Optional[datetime]` Deprecated, use created_at - `created_at: Optional[datetime]` Creation timestamp - `enabled: Optional[bool]` Whether DMARC reports are enabled - `modified: Optional[datetime]` Deprecated, use modified_at - `modified_at: Optional[datetime]` Last modification timestamp - `records: Optional[Records]` Live DNS records for the zone, grouped by type - `bimi_records: Optional[List[RecordsBimiRecord]]` BIMI TXT records - `id: Optional[str]` DNS record ID - `content: Optional[str]` Record content - `name: Optional[str]` DNS record name - `ttl: Optional[int]` Time to live in seconds - `type: Optional[str]` Record type - `cname_dkim_records: Optional[List[RecordsCnamedkimRecord]]` CNAME records for DKIM - `id: Optional[str]` DNS record ID - `content: Optional[str]` Record content - `name: Optional[str]` DNS record name - `ttl: Optional[int]` Time to live in seconds - `type: Optional[str]` Record type - `cname_dmarc_records: Optional[List[RecordsCnamedmarcRecord]]` CNAME records at _dmarc (problematic) - `id: Optional[str]` DNS record ID - `content: Optional[str]` Record content - `name: Optional[str]` DNS record name - `ttl: Optional[int]` Time to live in seconds - `type: Optional[str]` Record type - `cname_spf_records: Optional[List[RecordsCnamespfRecord]]` CNAME records for SPF - `id: Optional[str]` DNS record ID - `content: Optional[str]` Record content - `name: Optional[str]` DNS record name - `ttl: Optional[int]` Time to live in seconds - `type: Optional[str]` Record type - `dkim_records: Optional[List[RecordsDKIMRecord]]` DKIM TXT records - `id: Optional[str]` DNS record ID - `content: Optional[str]` Record content - `name: Optional[str]` DNS record name - `ttl: Optional[int]` Time to live in seconds - `type: Optional[str]` Record type - `dmarc_records: Optional[List[RecordsDMARCRecord]]` DMARC TXT records - `id: Optional[str]` DNS record ID - `content: Optional[str]` Record content - `name: Optional[str]` DNS record name - `ttl: Optional[int]` Time to live in seconds - `type: Optional[str]` Record type - `spf_records: Optional[List[RecordsSPFRecord]]` SPF TXT records - `id: Optional[str]` DNS record ID - `content: Optional[str]` Record content - `name: Optional[str]` DNS record name - `ttl: Optional[int]` Time to live in seconds - `type: Optional[str]` Record type - `rua_prefix: Optional[str]` Prefix for DMARC RUA addresses (32-char hex string) - `skip_wizard: Optional[bool]` Whether to skip the setup wizard - `status: Optional[Literal["missing-dmarc-report", "multiple-dmarc-reports", "missing-dmarc-rua", "cname-on-dmarc-record"]]` DMARC configuration status - `"missing-dmarc-report"` - `"multiple-dmarc-reports"` - `"missing-dmarc-rua"` - `"cname-on-dmarc-record"` - `tag: Optional[str]` Use `zone_id` instead - `zone_id: Optional[str]` Zone identifier ### Example ```python import os from cloudflare import Cloudflare client = Cloudflare( api_token=os.environ.get("CLOUDFLARE_API_TOKEN"), # This is the default and can be omitted ) response = client.email_auth.dmarc_reports.edit( zone_id="023e105f4ecef8ad9ca31a8372d0c353", ) print(response.zone_id) ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": { "approved_sources": [ { "created": "2024-01-15T10:30:00.12345Z", "created_at": "2024-01-15T10:30:00.12345Z", "domain": "sendgrid.net", "ips": [ "192.168.1.1", "10.0.0.1" ], "modified": "2024-01-15T11:45:00.12345Z", "modified_at": "2024-01-15T11:45:00.12345Z", "name": "SendGrid", "slug": "sendgrid-net", "tag": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415" } ], "created": "2024-01-15T10:30:00.12345Z", "created_at": "2024-01-15T10:30:00.12345Z", "enabled": true, "modified": "2024-01-15T11:45:00.12345Z", "modified_at": "2024-01-15T11:45:00.12345Z", "records": { "bimi_records": [ { "id": "e5bb46707a802688812d5d1c9f7977d4", "content": "\"v=DMARC1; p=none; rua=mailto:rua@dmarc-reports.cloudflare.net\"", "name": "_dmarc.example.com", "ttl": 300, "type": "TXT" } ], "cname_dkim_records": [ { "id": "e5bb46707a802688812d5d1c9f7977d4", "content": "\"v=DMARC1; p=none; rua=mailto:rua@dmarc-reports.cloudflare.net\"", "name": "_dmarc.example.com", "ttl": 300, "type": "TXT" } ], "cname_dmarc_records": [ { "id": "e5bb46707a802688812d5d1c9f7977d4", "content": "\"v=DMARC1; p=none; rua=mailto:rua@dmarc-reports.cloudflare.net\"", "name": "_dmarc.example.com", "ttl": 300, "type": "TXT" } ], "cname_spf_records": [ { "id": "e5bb46707a802688812d5d1c9f7977d4", "content": "\"v=DMARC1; p=none; rua=mailto:rua@dmarc-reports.cloudflare.net\"", "name": "_dmarc.example.com", "ttl": 300, "type": "TXT" } ], "dkim_records": [ { "id": "e5bb46707a802688812d5d1c9f7977d4", "content": "\"v=DMARC1; p=none; rua=mailto:rua@dmarc-reports.cloudflare.net\"", "name": "_dmarc.example.com", "ttl": 300, "type": "TXT" } ], "dmarc_records": [ { "id": "e5bb46707a802688812d5d1c9f7977d4", "content": "\"v=DMARC1; p=none; rua=mailto:rua@dmarc-reports.cloudflare.net\"", "name": "_dmarc.example.com", "ttl": 300, "type": "TXT" } ], "spf_records": [ { "id": "e5bb46707a802688812d5d1c9f7977d4", "content": "\"v=DMARC1; p=none; rua=mailto:rua@dmarc-reports.cloudflare.net\"", "name": "_dmarc.example.com", "ttl": 300, "type": "TXT" } ] }, "rua_prefix": "9233c80fc89f43e3a7b749605f651868", "skip_wizard": false, "status": "missing-dmarc-report", "tag": "023e105f4ecef8ad9ca31a8372d0c353", "zone_id": "023e105f4ecef8ad9ca31a8372d0c353" } } ``` ## Domain Types ### DMARC Report Get Response - `class DMARCReportGetResponse: …` Response for GET/PATCH /dmarc-reports - `approved_sources: Optional[List[ApprovedSource]]` List of approved sending sources (omitted when empty) - `created: Optional[datetime]` Deprecated, use created_at - `created_at: Optional[datetime]` Creation timestamp - `domain: Optional[str]` The source domain - `ips: Optional[List[str]]` Resolved IP addresses from SPF - `modified: Optional[datetime]` Deprecated, use modified_at - `modified_at: Optional[datetime]` Last modification timestamp - `name: Optional[str]` Source name (typically same as domain) - `slug: Optional[str]` URL-friendly identifier - `tag: Optional[str]` Source UUID - `created: Optional[datetime]` Deprecated, use created_at - `created_at: Optional[datetime]` Creation timestamp - `enabled: Optional[bool]` Whether DMARC reports are enabled - `modified: Optional[datetime]` Deprecated, use modified_at - `modified_at: Optional[datetime]` Last modification timestamp - `records: Optional[Records]` Live DNS records for the zone, grouped by type - `bimi_records: Optional[List[RecordsBimiRecord]]` BIMI TXT records - `id: Optional[str]` DNS record ID - `content: Optional[str]` Record content - `name: Optional[str]` DNS record name - `ttl: Optional[int]` Time to live in seconds - `type: Optional[str]` Record type - `cname_dkim_records: Optional[List[RecordsCnamedkimRecord]]` CNAME records for DKIM - `id: Optional[str]` DNS record ID - `content: Optional[str]` Record content - `name: Optional[str]` DNS record name - `ttl: Optional[int]` Time to live in seconds - `type: Optional[str]` Record type - `cname_dmarc_records: Optional[List[RecordsCnamedmarcRecord]]` CNAME records at _dmarc (problematic) - `id: Optional[str]` DNS record ID - `content: Optional[str]` Record content - `name: Optional[str]` DNS record name - `ttl: Optional[int]` Time to live in seconds - `type: Optional[str]` Record type - `cname_spf_records: Optional[List[RecordsCnamespfRecord]]` CNAME records for SPF - `id: Optional[str]` DNS record ID - `content: Optional[str]` Record content - `name: Optional[str]` DNS record name - `ttl: Optional[int]` Time to live in seconds - `type: Optional[str]` Record type - `dkim_records: Optional[List[RecordsDKIMRecord]]` DKIM TXT records - `id: Optional[str]` DNS record ID - `content: Optional[str]` Record content - `name: Optional[str]` DNS record name - `ttl: Optional[int]` Time to live in seconds - `type: Optional[str]` Record type - `dmarc_records: Optional[List[RecordsDMARCRecord]]` DMARC TXT records - `id: Optional[str]` DNS record ID - `content: Optional[str]` Record content - `name: Optional[str]` DNS record name - `ttl: Optional[int]` Time to live in seconds - `type: Optional[str]` Record type - `spf_records: Optional[List[RecordsSPFRecord]]` SPF TXT records - `id: Optional[str]` DNS record ID - `content: Optional[str]` Record content - `name: Optional[str]` DNS record name - `ttl: Optional[int]` Time to live in seconds - `type: Optional[str]` Record type - `rua_prefix: Optional[str]` Prefix for DMARC RUA addresses (32-char hex string) - `skip_wizard: Optional[bool]` Whether to skip the setup wizard - `status: Optional[Literal["missing-dmarc-report", "multiple-dmarc-reports", "missing-dmarc-rua", "cname-on-dmarc-record"]]` DMARC configuration status - `"missing-dmarc-report"` - `"multiple-dmarc-reports"` - `"missing-dmarc-rua"` - `"cname-on-dmarc-record"` - `tag: Optional[str]` Use `zone_id` instead - `zone_id: Optional[str]` Zone identifier ### DMARC Report Edit Response - `class DMARCReportEditResponse: …` Response for GET/PATCH /dmarc-reports - `approved_sources: Optional[List[ApprovedSource]]` List of approved sending sources (omitted when empty) - `created: Optional[datetime]` Deprecated, use created_at - `created_at: Optional[datetime]` Creation timestamp - `domain: Optional[str]` The source domain - `ips: Optional[List[str]]` Resolved IP addresses from SPF - `modified: Optional[datetime]` Deprecated, use modified_at - `modified_at: Optional[datetime]` Last modification timestamp - `name: Optional[str]` Source name (typically same as domain) - `slug: Optional[str]` URL-friendly identifier - `tag: Optional[str]` Source UUID - `created: Optional[datetime]` Deprecated, use created_at - `created_at: Optional[datetime]` Creation timestamp - `enabled: Optional[bool]` Whether DMARC reports are enabled - `modified: Optional[datetime]` Deprecated, use modified_at - `modified_at: Optional[datetime]` Last modification timestamp - `records: Optional[Records]` Live DNS records for the zone, grouped by type - `bimi_records: Optional[List[RecordsBimiRecord]]` BIMI TXT records - `id: Optional[str]` DNS record ID - `content: Optional[str]` Record content - `name: Optional[str]` DNS record name - `ttl: Optional[int]` Time to live in seconds - `type: Optional[str]` Record type - `cname_dkim_records: Optional[List[RecordsCnamedkimRecord]]` CNAME records for DKIM - `id: Optional[str]` DNS record ID - `content: Optional[str]` Record content - `name: Optional[str]` DNS record name - `ttl: Optional[int]` Time to live in seconds - `type: Optional[str]` Record type - `cname_dmarc_records: Optional[List[RecordsCnamedmarcRecord]]` CNAME records at _dmarc (problematic) - `id: Optional[str]` DNS record ID - `content: Optional[str]` Record content - `name: Optional[str]` DNS record name - `ttl: Optional[int]` Time to live in seconds - `type: Optional[str]` Record type - `cname_spf_records: Optional[List[RecordsCnamespfRecord]]` CNAME records for SPF - `id: Optional[str]` DNS record ID - `content: Optional[str]` Record content - `name: Optional[str]` DNS record name - `ttl: Optional[int]` Time to live in seconds - `type: Optional[str]` Record type - `dkim_records: Optional[List[RecordsDKIMRecord]]` DKIM TXT records - `id: Optional[str]` DNS record ID - `content: Optional[str]` Record content - `name: Optional[str]` DNS record name - `ttl: Optional[int]` Time to live in seconds - `type: Optional[str]` Record type - `dmarc_records: Optional[List[RecordsDMARCRecord]]` DMARC TXT records - `id: Optional[str]` DNS record ID - `content: Optional[str]` Record content - `name: Optional[str]` DNS record name - `ttl: Optional[int]` Time to live in seconds - `type: Optional[str]` Record type - `spf_records: Optional[List[RecordsSPFRecord]]` SPF TXT records - `id: Optional[str]` DNS record ID - `content: Optional[str]` Record content - `name: Optional[str]` DNS record name - `ttl: Optional[int]` Time to live in seconds - `type: Optional[str]` Record type - `rua_prefix: Optional[str]` Prefix for DMARC RUA addresses (32-char hex string) - `skip_wizard: Optional[bool]` Whether to skip the setup wizard - `status: Optional[Literal["missing-dmarc-report", "multiple-dmarc-reports", "missing-dmarc-rua", "cname-on-dmarc-record"]]` DMARC configuration status - `"missing-dmarc-report"` - `"multiple-dmarc-reports"` - `"missing-dmarc-rua"` - `"cname-on-dmarc-record"` - `tag: Optional[str]` Use `zone_id` instead - `zone_id: Optional[str]` Zone identifier # SPF # Inspect ## Inspect SPF Record `email_auth.spf.inspect.get(InspectGetParams**kwargs) -> InspectGetResponse` **get** `/zones/{zone_id}/email/auth/spf/inspect` Inspects a specific SPF TXT record and returns a parsed tree structure in the spflimit-worker format. The record ID must be provided via the `id` query parameter. Returns a recursive tree showing: - Parsed components with their qualifiers and types - Nested includes recursively resolved within components - Per-component and total lookup counts - Detailed error information with context ### Parameters - `zone_id: str` Identifier. - `id: str` DNS record ID (rec_tag) to inspect ### Returns - `class InspectGetResponse: …` Recursive SPF inspection tree - `components: List[object]` Parsed SPF components (mechanisms) - `domain: str` Domain being inspected - `record: str` Raw SPF record content - `total_lookups: int` Total number of DNS lookups performed across all includes - `errors: Optional[List[Error]]` All errors encountered during inspection, collected from the entire tree. This includes errors from nested includes at any depth, providing a quick overview of all issues without needing to traverse the nested structure. Each error includes a `domain` field to identify where it occurred. Empty array if no errors (omitted from JSON when empty). - `code: str` Error code. Known values: - `lookup_failed` — DNS TXT lookup failed - `spf_not_found` — no SPF record found - `invalid_spf` — record does not start with `v=spf1` - `invalid_domain` — PSL validation failed - `loop_detected` — include/redirect cycle detected - `invalid_mechanism` — unrecognised or malformed mechanism - `resource_limit_exceeded` — internal resource protection limits exceeded (recursion depth or query budget) - `max_lookups` — RFC 7208 10-lookup limit exceeded - `domain: str` Domain where the error occurred - `message: str` Human-readable error message - `details: Optional[str]` Additional error-specific details (optional). - For `invalid_domain` errors: the invalid domain string - For `invalid_mechanism` errors: the invalid mechanism text (e.g., "invalidmech123") - For `loop_detected` errors: the domain that caused the loop - For other error types: not present ### Example ```python import os from cloudflare import Cloudflare client = Cloudflare( api_token=os.environ.get("CLOUDFLARE_API_TOKEN"), # This is the default and can be omitted ) inspect = client.email_auth.spf.inspect.get( zone_id="023e105f4ecef8ad9ca31a8372d0c353", id="id", ) print(inspect.components) ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": { "components": [ {} ], "domain": "example.com", "record": "v=spf1 ip4:203.0.113.1 include:spf.example.com -all", "total_lookups": 2, "errors": [ { "code": "max_lookups", "domain": "example.com", "message": "RFC 7208 10-lookup limit exceeded", "details": "invalid" } ] } } ``` ## Domain Types ### Inspect Get Response - `class InspectGetResponse: …` Recursive SPF inspection tree - `components: List[object]` Parsed SPF components (mechanisms) - `domain: str` Domain being inspected - `record: str` Raw SPF record content - `total_lookups: int` Total number of DNS lookups performed across all includes - `errors: Optional[List[Error]]` All errors encountered during inspection, collected from the entire tree. This includes errors from nested includes at any depth, providing a quick overview of all issues without needing to traverse the nested structure. Each error includes a `domain` field to identify where it occurred. Empty array if no errors (omitted from JSON when empty). - `code: str` Error code. Known values: - `lookup_failed` — DNS TXT lookup failed - `spf_not_found` — no SPF record found - `invalid_spf` — record does not start with `v=spf1` - `invalid_domain` — PSL validation failed - `loop_detected` — include/redirect cycle detected - `invalid_mechanism` — unrecognised or malformed mechanism - `resource_limit_exceeded` — internal resource protection limits exceeded (recursion depth or query budget) - `max_lookups` — RFC 7208 10-lookup limit exceeded - `domain: str` Domain where the error occurred - `message: str` Human-readable error message - `details: Optional[str]` Additional error-specific details (optional). - For `invalid_domain` errors: the invalid domain string - For `invalid_mechanism` errors: the invalid mechanism text (e.g., "invalidmech123") - For `loop_detected` errors: the domain that caused the loop - For other error types: not present