Skip to main content

Rollout Plan

pro
GET/v1/reports/rollout-plan

Emits a phased rollout timeline for advancing email-authentication posture without breaking deliverability. Supports DMARC p=none → quarantine → reject transitions, SPF softfail → strict hardening, and MTA-STS testing → enforce moves. Each phase includes observable signals, rollback criteria, and recommended duration.

What It Does

Reads the current state of the domain's SPF/DMARC/MTA-STS configuration and generates a recommended phased rollout to the target state. For each phase: the record value to publish, how long to hold, what signals to monitor (TLS-RPT, aggregate reports, deliverability), and rollback criteria. Handles common targets: dmarc_reject, spf_strict, mta_sts_enforce.

Why It's Useful

Moving DMARC from p=none to p=reject overnight is how teams break their own email. A rollout plan sequences the change with observation windows so each phase is reversible if deliverability regresses.

Use Cases

Email Admin

Safe DMARC Enforcement

Move from DMARC p=none to p=reject over 6 weeks with aggregate-report monitoring at each step.

Reach enforcement without breaking legitimate mail flows.

Security Engineer

MTA-STS Enforcement Rollout

Move MTA-STS from testing to enforce after TLS-RPT reports stabilize.

Catch misconfigured MX before enforcement rejects legitimate inbound mail.

Parameters

NameTypeRequiredDescription
domainstringRequiredThe domain to plan forExample: example.com
targetstringRequiredThe hardening target: dmarc_reject, spf_strict, or mta_sts_enforceExample: dmarc_rejectOptions: dmarc_reject, spf_strict, mta_sts_enforce

Response Fields

FieldTypeDescription
domainstringThe queried domain
targetstringThe chosen rollout target
starting_stateobjectCurrent observed state for the affected protocol
phasesarrayOrdered phases: label, action, record_value, duration, monitor_signals, rollback_criteria
estimated_total_duration_daysnumberSum of phase durations in days

Code Examples

cURL
curl "https://api.edgedns.dev/v1/reports/rollout-plan" \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -d "domain=example.com" \
  -d "target=dmarc_reject"
JavaScript
const response = await fetch(
  'https://api.edgedns.dev/v1/reports/rollout-plan?domain=example.com&target=dmarc_reject',
  {
    headers: {
      'Authorization': 'Bearer YOUR_API_KEY'
    }
  }
);

const data = await response.json();
console.log(data);
Python
import requests

response = requests.get(
    'https://api.edgedns.dev/v1/reports/rollout-plan',
    headers={'Authorization': 'Bearer YOUR_API_KEY'},
    params={
    'domain': 'example.com',
    'target': 'dmarc_reject'
    }
)

data = response.json()
print(data)

Read the full Rollout Plan guide

Why it matters, real-world use cases, parameters, response fields, and how to call it from Claude, ChatGPT, or Gemini via MCP.

Read the guide →

Related Endpoints

Fix Plan

Prioritized remediation action list from scan findings

DMARC Check

Analyze DMARC policy, alignment, and reporting

SPF Check

Validate SPF record syntax, DNS lookups, and policy

MTA-STS Check

Validate email transport encryption policy

External References

Learn more about the standards and protocols behind this endpoint.

OSINT FrameworkModel Context Protocol

Try This Endpoint

Test the Rollout Plan endpoint live in the playground.

Open in PlaygroundGet API Key