Overview
PowerAnalyzer gives you a comprehensive analysis of the different records you have published for your domain and informs you about your status. PowerAnalyzer helps you find errors in your DNS records and record configurations in great detail, so that you can resolve them and get a higher score on your domain’s overall security rating. It helps you lookup and validate your DNS records with the click of a button.
Using PowerAnalyzer
PowerAnalyzer is a free tool that you can access on the PowerDMARC website. It is available on all plans and doesn’t require you to pre-register domains or login to your PowerDMARC account while using it.
However, you can also use the tool from your registered account via the steps below:
Step 1: On the left hand side menu, navigate to PowerAnalyzer and click on it.
Step 2: On the PowerAnalyzer page, type in your desired domain, and click on Lookup, as shown below:
Domain Score and Overview DNS Records
Immediately, details on your domain’s record configuration and subsequent security score would be generated by our analyzer, showing you the following details at a glance:
The domain name:
The date of the assessment:
The ability to export the report as PDF
A grade score
A numerical percentage score
Note: While you can simply analyze your domain without specifying a DKIM selector, not specifying it would get you a lower grade than expected since DKIM would not be participating in the security scoring calculation. To specify your DKIM selector simply type it in the section specified for it while analyzing your domain:
Scrolling down below you will be provided with an overview of the correctness of different records configured for your domain like SPF, DKIM, DMARC, BIMI, MTA-STS and TLS-RPT:
If you click on any of the record statuses, you will be redirected to the relevant details section at the bottom of the page for each of the records.
Apart from authentication protocols, we also fetch some other DNS records to give you an overview, such as A, MX, and NS, as shown below:
Analysis of DNS Records
Analysis of DMARC Record
In this section you will find the detailed analysis of your DMARC record, errors found and other relevant information pertaining to your DMARC record.
DMARC TXT record published in your domain’s DNS.
A few key results such as, the validity of the DMARC record:
Note: Incase of an invalid record, the error details will be shown in the "error details" section
DMARC policy mode:
Aggregate (RUA) reports recipient addresses:
Forensic (RUF) reports recipient addresses:
Error Details (in case any errors were found):
A section that individually explains all the tags that have been configured in your DMARC record and their individual functionalities:
The default values that would be used for the tags that have not been explicitly configured in the published DMARC record:
In case your domain is not configured with DMARC, your DMARC record analysis will look something like this:
Analysis of SPF Record
In this section you will find the detailed analysis of your SPF record, errors found and other relevant information pertaining to your SPF record.
The SPF TXT record published in your domain’s DNS:
A few key checkpoints such as, the validity of the SPF record:
SPF failure mode (hardfail/softfail/neutral):
Whether the number of DNS lookups are below 10:
Note: In case the number of DNS lookups exceed the 10 lookup limit, you will be able to expand the SPF tree to view all the nested lookups, in the Error Details section as shown below:
Errors details (in case any errors were found in your SPF record):
You can also expand your SPF lookups to see what subsequent nested lookups are there, as shown below:
A section that explains SPF authentication protocol and how it authenticates your emails:
Analysis of DKIM Record
DKIM Selector: Not Specified
When the DKIM selector is not specified, DKIM would not be participating in the analysis. Instead, you will find some steps on how you can find your DKIM selector if you have already configured DKIM for your domain.
How to Find Your DKIM Selector?
As per the instructions given above, in order to find your DKIM selector:
Send a test mail to your gmail account
Click on the 3 dots next to the email in your gmail inbox
Select “show original”
On the “Original Message” page navigate to the bottom of the page to the DKIM signature section and try to locate the “s=” tag, the value of this tag is your DKIM selector.
DKIM Selector: Specified
When you specify your DKIM selector as shown above, you will now be able to see the following DKIM record details:
The published DKIM DNS TXT record
The validity status of your DKIM record:
The version of your deployed DKIM authentication protocol:
Key algorithm
Public key in your DNS
Analysis of BIMI Record
In this section you will find the detailed analysis of your BIMI record configurations, errors found and other relevant information pertaining to your BIMI record.
A section that will show you the published BIMI DNS record:
The validity of your BIMI record:
A link to your BIMI logo that would redirect you to a page on a new tab, showing your brand logo:
Status of your BIMI VMC certificate:
Errors found in your BIMI record configurations (if any):
In case your domain is NOT configured with BIMI, your BIMI record analysis will look something like this:
Analysis of MTA-STS Record
In this section you will find the detailed analysis of your MTA-STS record configurations, errors found and other relevant information pertaining to your MTA-STS record.
The published MTA-STS DNS TXT record:
The validity of your MTA-STS record:
A link to the hosted MTA-STS policy file that would redirect you to a page on a separate tab displaying the file and its details:
The MTA-STS policy mode
The File age:
The MX records configured for MTA-STS:
Errors found in your MTA-STS record configurations (if any):
In case your domain does not have MTA-STS configured, your MTA-STS record analysis will look something like this:
Analysis of TLS-RPT Record
In this section you will find the detailed analysis of your TLS-RPT record configurations, errors found and other relevant information pertaining to your TLS-RPT record.
The published TLS-RPT DNS TXT record:
The validity of your TLS-RPT record
TLS Aggregate (RUA) Report recipient addresses
Errors found in your TLS-RPT record (if any)
In case your domain is NOT configured with TLS-RPT, your TLS-RPT record analysis will look something like this:
Frequently Asked Questions
Do I need to sign up with PowerDMARC to use PowerAnalyzer?
No. PowerAnalyzer is a free tool that you can use as a guest visitor on our website without signing up with PowerDMARC or registering your domains.
How do I get a high score on PowerAnalyzer?
In case you want to get a high score on PowerAnalyzer for your domain you need to configure email authentication protocols for your domain, with the correct policy and syntax, so that they are valid and enforced. You can view our PowerAnalyzer guide on the step by step process for getting a higher score for your domain.
Why is my domain score on PowerAnalyzer low?
You score can be low due to various reasons. You may not have your authentication protocol policies at enforcement. You may also possess issues in record configuration and syntax errors in your published DNS records. Another reason might be not specifying your DKIM selector or enabling reporting mechanism for your domain (Aggregate (RUA) reports/Forensic (RUF) reports). All of these factors contribute to your domain getting a lower score on PowerAnalyzer.