Find every domain on an MX record.

Pass an MX record value. Get back every domain that routes mail through it. Useful for spam-infrastructure clustering and email-vendor mapping.

Talk to us Browse API docs

WHAT THIS API RETURNS

One pivot from MX to its full footprint.

The Reverse MX API queries the indexed corpus for every domain whose MX records point at a given target. Match is on current or historical MX state; the response metadata distinguishes.

Pass the MX hostname (without priority prefix). Use apex and include_subdomains to scope.

This API is the right pivot for spam-infrastructure attribution and for mapping email-routing patterns across vendor portfolios. Legitimate clusters anchor on Google Workspace, Microsoft 365, and a handful of major hosts; outliers are usually interesting.

REQUEST

One endpoint, one required parameter.

Endpoint:

GET https://api.deepinfo.com/v1/discovery/reverse-mx?mx={mx}

Parameters:

Name	In	Type	Required	Description
mx	query	string	Yes	An MX hostname such as `mail.example-host.com`.
apex	query	boolean	No	When true, deduplicate results to apex domains only.
include_subdomains	query	boolean	No	When true, surface FQDNs in addition to apex domains.
page	query	integer	No	Page number for paginated responses. Defaults to 1.
page_size	query	integer	No	Page size for paginated responses. Defaults to a sensible per-endpoint limit; see docs.
ordering	query	string	No	Field to sort by; prefix with `-` for descending order.
export	query	boolean	No	When true, returns the full result set as a downloadable export instead of paginated JSON.
export_format	query	enum	No	Format of the export when `export=true`. Typically `json` or `csv`.
export_scope	query	enum	No	Subset of fields to include in the export. See the docs for per-endpoint scopes.

Authentication is by API token in the request header. See docs.deepinfo.com for the full request reference.

SAMPLE RESPONSE

See what the API returns.

Real response structure for the Find every domain on an MX record endpoint. Field coverage may vary based on query parameters and data availability.

JSON RESPONSE

{
  "_request": {"mx": "mail.example-host.com"},
  "results": [
    {"fqdn": "small-business-1.com", "mx_first_seen": "2024-02-08"},
    {"fqdn": "small-business-2.io",  "mx_first_seen": "2024-04-15"},
    {"fqdn": "spam-relay-front.net", "mx_first_seen": "2025-11-22"}
  ],
  "pagination": {"page": 1, "page_size": 50, "total": 84}
}

STRUCTURED VIEW

Request

mail.example-host.com

Results

Count

First fqdn

small-business-1.com

First mx first seen

2024-02-08

Pagination

Page

Page size

Total

Sample response shown. Real responses depend on query parameters, data availability, and API version. Talk to us for full schema documentation.

USE CASES

“MX-clustering catches spam infrastructure that no other pivot reveals. Routing this through one API instead of running our own passive-DNS scrape pipeline freed engineering cycles for actual detection work.”

— Detection Engineer, Email Security Platform

CONTINUE EXPLORING

Other lookup APIs.

API

GET STARTED

Run a reverse-MX pivot, from any hostname.

We'll set up token access and walk through how teams plug this into anti-phishing workflows.

Talk to us Browse API docs

Find every domain on an MX record.

One pivot from MX to its full footprint.

One endpoint, one required parameter.

See what the API returns.

Workflows this API plugs into directly.

Threat Hunting

Incident Investigation and Response

Phishing Detection and Prevention

Other lookup APIs.

Current Whois state for any domain, in one call.

Current IP allocation state, in one call.

Current DNS state for an FQDN, in one call.

Current TLS state for a host, in one call.

Find every domain on a name server.

Find every domain on an IP.

Capture a target page as the user sees it.

Detect the technology stack of a target, in one call.

Live web-page data for a target, in one call.

Scan a target's open ports, in one call.

Run a reverse-MX pivot, from any hostname.