PowerAnalyzer

Using PowerAnalyzer 

PowerAnalyzer is a free tool that you can access on the PowerDMARC website. It is available on all plans and doesn’t require you to pre-register domains or log in to your PowerDMARC account while using it. 

However, you can also use the tool from your registered account via the steps below:

Step 1: On the left-hand side menu, navigate to PowerAnalyzer under “Analysis Tools” and click on it.

Step 2: On the PowerAnalyzer page, type in your desired domain, and click on Lookup, as shown below: 

Domain Score and Overview DNS Records

Immediately, details on your domain’s record configuration and subsequent security score would be generated by our analyzer, showing you the following details at a glance: 

The domain name:

The date of the assessment: 

The ability to export the report as a PDF

A grade score 

A numerical percentage score 

Note: While you can simply analyze your domain without specifying a DKIM selector, not specifying it would get you a lower grade than expected since DKIM would not be participating in the security scoring calculation. To specify your DKIM selector simply type it in the section specified for it while analyzing your domain: 

Scrolling down below you will be provided with an overview of the correctness of different records configured for your domain like SPF, DKIM, DMARC, BIMI, MTA-STS and TLS-RPT:

If you click on any of the record statuses, you will be redirected to the relevant details section at the bottom of the page for each of the records.  

Apart from authentication protocols, we also fetch some other DNS records to give you an overview, such as A, MX, and NS, as shown below: 

Analysis of DNS Records 

Analysis of DMARC Record 

In this section you will find a detailed analysis of your DMARC record, errors found and other relevant information pertaining to your DMARC record. 

DMARC TXT record published in your domain’s DNS.

A few key results such as the validity of the DMARC record:

Note:In case of an invalid record, the error details will be shown in the "error details" section

DMARC policy mode:

Aggregate (RUA) reports recipient addresses: 

Forensic (RUF) reports recipient addresses:

Error Details (in case any errors were found):

A section that individually explains all the tags that have been configured in your DMARC record and their individual functionalities: 

The default values that would be used for the tags that have not been explicitly configured in the published DMARC record:

In case your domain is not configured with DMARC, your DMARC record analysis will look something like this:

Analysis of SPF Record

In this section you will find a detailed analysis of your SPF record, errors found and other relevant information pertaining to your SPF record. 

The SPF TXT record published in your domain’s DNS:

A few key checkpoints such as, the validity of the SPF record:

SPF failure mode (hardfail/softfail/neutral):

Whether the number of DNS lookups are below 10: 

Note: In case the number of DNS lookups exceed the 10 lookup limit, you will be able to expand the SPF tree to view all the nested lookups, in the Error Details section as shown below: 

Errors details (in case any errors were found in your SPF record):

You can also expand your SPF lookups to see what subsequent nested lookups are there, as shown below:

A section that explains SPF authentication protocol and how it authenticates your emails: 

Analysis of DKIM Record 

DKIM Selector: Not Specified

When the DKIM selector is not specified, DKIM would not be participating in the analysis. Instead, you will find some steps on how you can find your DKIM selector if you have already configured DKIM for your domain. 

How to Find Your DKIM Selector? 

As per the instructions given above, in order to find your DKIM selector: 

Send a test mail to your Gmail account 

Click on the 3 dots next to the email in your Gmail inbox 

Select “show original” 

On the “Original Message” page navigate to the bottom of the page to the DKIM signature section and try to locate the “s=” tag, the value of this tag is your DKIM selector. 

DKIM Selector: Specified 

When you specify your DKIM selector as shown above, you will now be able to see the following DKIM record details:

The published DKIM DNS TXT record

The validity status of your DKIM record: 

The version of your deployed DKIM authentication protocol:

Key Algorithm

The public key in your DNS 

Analysis of BIMI Record 

In this section you will find a detailed analysis of your BIMI record configurations, errors found and other relevant information pertaining to your BIMI record. 

A section that will show you the published BIMI DNS record: 

The validity of your BIMI record: 

A link to your BIMI logo that would redirect you to a page on a new tab, showing your brand logo:

Status of your BIMI VMC certificate: 

Errors found in your BIMI record configurations (if any): 

In case your domain is NOT configured with BIMI, your BIMI record analysis will look something like this: 

Analysis of MTA-STS Record 

In this section you will find a detailed analysis of your MTA-STS record configurations, errors found and other relevant information pertaining to your MTA-STS record. 

The published MTA-STS DNS TXT record:

The validity of your MTA-STS record:

A link to the hosted MTA-STS policy file that would redirect you to a page on a separate tab displaying the file and its details:

The MTA-STS policy mode 

The File age: 

The MX records configured for MTA-STS:

Errors found in your MTA-STS record configurations (if any):

In case your domain does not have MTA-STS configured, your MTA-STS record analysis will look something like this: 

Analysis of TLS-RPT Record 

In this section you will find a detailed analysis of your TLS-RPT record configurations, errors found and other relevant information pertaining to your TLS-RPT record.

The published TLS-RPT DNS TXT record:

The validity of your TLS-RPT record 

TLS Aggregate (RUA) Report recipient addresses

Errors found in your TLS-RPT record (if any) 

In case your domain is NOT configured with TLS-RPT, your TLS-RPT record analysis will look something like this: 

Frequently Asked Questions 

Do I need to sign up with PowerDMARC to use PowerAnalyzer? 

No. PowerAnalyzer is a free tool that you can use as a guest visitor on our website without signing up with PowerDMARC or registering your domains.  

How do I get a high score on PowerAnalyzer? 

In case you want to get a high score on PowerAnalyzer for your domain you need to configure email authentication protocols for your domain, with the correct policy and syntax, so that they are valid and enforced. You can view our PowerAnalyzer guide on the step-by-step process for getting a higher score for your domain. 

Why is my domain score on PowerAnalyzer low? 

Your score can be low due to various reasons. You may not have your authentication protocol policies at enforcement. You may also possess issues in record configuration and syntax errors in your published DNS records. Another reason might be not specifying your DKIM selector or enabling reporting mechanism for your domain (Aggregate (RUA) reports/Forensic (RUF) reports). All of these factors contribute to your domain getting a lower score on PowerAnalyzer.