All APIs are accessible at https://caniphish.com. The Domain Supply Chain Scan API is focused on delivering 4 key capabilities. These capabilities are outlined in more detail here.
- Identification of SPF & DMARC Issues
- Extraction of the domains mail sender supply chain
- Extraction of the domains mail receiver supply chain
- Identification of malicious mail senders
API Path
GET /API/SupplyChainScan
Parameters
| Parameter Name | Description | Schema |
|
emailAddress [mandatory] |
The email address associated to your CanIPhish account. | String |
| apiKey [mandatory] | The API key associated to your CanIPhish account. | String |
| domainName [mandatory] | The Domain Name that a Supply Chain Scan will be run against. | String |
emailAddress=<INSERT-EMAIL>&apiKey=<INSERT-API-KEY>&domainName=<INSERT-DOMAIN>
Responses
| HTTP Code | Message | Schema |
| Ok (200) | See the sample response below. | JSON |
| Bad (400) | The SupplyChainScan API requires input of an email address, API key and domain name. | String |
| Bad (400) | The API key provided doesn't match the API key registered for this user. | String |
| Bad (400) | The monthly API Quota on this tenant has been exhausted. | String |
| Bad (400) | The email provided is invalid or doesn't have active access to a CanIPhish tenant. | String |
JSON Response Schema
| JSON Item | Schema | Description |
| DomainName | String | Domain name scanned. |
| SPFRecord | String | Domain's SPF DNS record. |
| DMARCRecord | String | Domain's DMARC DNS record. |
| MailSenderIssues |
Array[] of code, title, detail & severity |
SPF & DMARC security issues identified. |
| MailSenderIPs | Array[] of ip4records, organisationName, country_name, state_prov, spamLookup & lookupDomain | SPF IPs extracted and analysed. |
| MailReceiverIssues | Array[] of supplyDetails, mxRecordSet, directMailSpool & vulnerable | Mail receiver infrastructure queried, analysed and security issues identified. |
Sample Input
GET https://caniphish.com/API/SupplyChainScan?emailAddress=admin@caniphish.com&apiKey=747c4da4-7da0-4h59-f2d3-9435dd6d2691&domainName=commbank.com.au
Sample Output
{
"DomainName":"commbank.com.au",
"SPFRecord":"v=spf1 include:spf1.cba.com.au include:spf2.cba.com.au include:spf.messagelabs.com ~all",
"DMARCRecord":"v=DMARC1; p=quarantine; sp=none; pct=100; rua=mailto:dmarc-rua@cba.com.au; ruf=mailto:dmarc-ruf@cba.com.au; adkim=r; aspf=r; fo=1; rf=afrf; ri=86400",
"MailSenderIssues":[
{
"code":4,
"title":"SPF \"~all\" (SoftFail) mechanism set",
"detail":"This issue has been mitigated through the DMARC policy 'p' qualifier being set to 'Quarantine' or 'Reject'. See the Features page to understand what the unmitigated issue relates to.",
"severity":"Mitigated"
},
{
"code":9,
"title":"Insecure DMARC sub-domain 'p' qualifier",
"detail":"The DMARC policy 'sp' qualifier for sub-domains is set to \"none\". If the DMARC policy is neither \"reject\" nor \"quarantine\", spoofed emails from any commbank.com.au sub-domain utilising an attack technique known as SPF-bypass are likely to be accepted. See FAQs for more information.",
"severity":"High"
}
],
"MailSenderIPs":[
{
"ip4records":"216.82.240.0/20",
"organisationName":"Avago Technologies U.S. Inc.",
"country_name":"United States",
"state_prov":"California",
"spamLookup":"Secure",
"lookupDomain":"nets2.spf.messagelabs.com"
},
{
"ip4records":"67.219.240.0/20",
"organisationName":"MessageLabs Inc.",
"country_name":"United States",
"state_prov":"California",
"spamLookup":"Secure",
"lookupDomain":"nets2.spf.messagelabs.com"
},
{
"ip4records":"117.120.16.0/21",
"organisationName":"Google LLC",
"country_name":"Australia",
"state_prov":"New South Wales",
"spamLookup":"Secure",
"lookupDomain":"nets2.spf.messagelabs.com"
},
{
"ip4records":"103.9.96.0/22",
"organisationName":"Google LLC",
"country_name":"Japan",
"state_prov":"Osaka",
"spamLookup":"Secure",
"lookupDomain":"nets2.spf.messagelabs.com"
},
{
"ip4records":"46.226.48.0/21",
"organisationName":"Messagelabs Limited",
"country_name":"United Kingdom",
"state_prov":"England",
"spamLookup":"Secure",
"lookupDomain":"nets1.spf.messagelabs.com"
},
{
"ip4records":"85.158.136.0/21",
"organisationName":"Messagelabs Limited",
"country_name":"Netherlands",
"state_prov":"North Holland",
"spamLookup":"Secure",
"lookupDomain":"nets1.spf.messagelabs.com"
},
{
"ip4records":"193.109.254.0/23",
"organisationName":"Messagelabs Limited",
"country_name":"United Kingdom",
"state_prov":"England",
"spamLookup":"Secure",
"lookupDomain":"nets1.spf.messagelabs.com"
},
{
"ip4records":"195.245.230.0/23",
"organisationName":"Messagelabs Limited",
"country_name":"Germany",
"state_prov":"Berlin",
"spamLookup":"Secure",
"lookupDomain":"nets1.spf.messagelabs.com"
},
{
"ip4records":"194.106.220.0/23",
"organisationName":"Messagelabs Limited",
"country_name":"United Kingdom",
"state_prov":"England",
"spamLookup":"Secure",
"lookupDomain":"nets1.spf.messagelabs.com"
},
{
"ip4records":"95.131.104.0/21",
"organisationName":"MessageLabs Limited",
"country_name":"United Kingdom",
"state_prov":"England",
"spamLookup":"Secure",
"lookupDomain":"nets1.spf.messagelabs.com"
}
],
"MailReceiverIssues":{
"supplyDetails":[
{
"technology":"Symantec MessageLabs",
"technologyType":"Malware Filter"
},
{
"technology":"Microsoft Exchange On-Premise",
"technologyType":"Mail Server"
},
{
"technology":"Microsoft Exchange Online",
"technologyType":"Mail Server"
},
{
"technology":"Symantec MessageLabs",
"technologyType":"Spam Filter"
},
{
"technology":"Exchange Online Protection",
"technologyType":"Spam Filter"
},
{
"technology":"Exchange Online Protection",
"technologyType":"Malware Filter"
},
{
"technology":"Symantec MessageLabs",
"technologyType":"Mail Server"
}
],
"mxRecordSet":[
"cluster1.us.messagelabs.com.",
"cluster1a.us.messagelabs.com."
],
"directMailSpool":[
"commbank.mail.protection.outlook.com.",
"commbank-com-au.mail.protection.outlook.com",
"commbank-com-au.mail.protection.outlook.com"
],
"vulnerable":true
}
}
Graphical Sample View
Comments
0 comments
Please sign in to leave a comment.