Views:
PowerAnalyzer gives you a comprehensive analysis of the different records you have published for your domain and informs you about your status. PowerAnalyzer helps you find errors in your DNS records and record configurations in great detail so that you can resolve them and get a higher score on your domain's overall security rating. It helps you look up and validate your DNS records with a click of a button.
 
Using PowerAnalyzer
PowerAnalyzer is a free tool that you can access on the DMARC Director website. It is available on all plans and doesn't require you to pre-register domains or log in to your DMARC Director account while using it.
 
However, you can also use the tool from your registered account via the steps below:
  1. On the left-hand side menu, navigate to PowerAnalyzer and click on it.

 
  1. On the PowerAnalyzer page, type in your desired domain, and click on Lookup, as shown below:

 
Domain Score and Overview DNS Records
Immediately, details on your domain's records configuration and subsequent security score would be generated by our analyzer, showing you the following details at a glance:
  • The domain name:
  • The date of the assessment:
  •  The ability to export the report as PDF:
  • A grade score:
  • A numerical percentage score:

Note: While you can simply analyze your domain without specifying a DKIM selector, not specifying it would get you a lower grade than expected since DKIM would not be participating in the security scoring calculation. To specify your DKIM selector simply type it in the section specified for it while analyzing your domain:

Scrolling down below you will be provided with an overview of the correctness of different records configured for your domain like SPF, DKIM, DMARC, MTA-STS and TLS-RPT:

If you click on any of the record statuses, you will be redirected to the relevant details section at the bottom of the page for each of the records.
 
Apart from authentication protocols, we also fetch some other DNS records to give you an overview, such as A, MX, and NS, as shown below:

 
Analysis of DNS Records
 
Analysis of DMARC Record
In this section you will find the detailed analysis of your DMARC record, errors found and other relevant information pertaining to your DMARC record.
  • DMARC TXT record published in your domain's DNS:
  • A few key results such as, the validity of the DMARC record:
Note: In case of an invalid record, the error details will be shown in the "error details" section
  • DMARC policy mode:
  • Aggregate (RUA) reports recipient addresses:
  • Forensic (RUF) reports recipient addresses:
  • Error Details (in case any errors were found):
  • A section that individually explains all the tags that have been configured in your DMARC record and their individual functionalities.
  • The default values that would be used for the tags that have not been explicitly configured in the published DMARC record:
  • In case your domain is not configured with DMARC, your DMARC record analysis will look something like this:

 
 
Analysis of SPF Record
In this section you will find the detailed analysis of your SPF record, errors found and other relevant information pertaining to your SPF record.
  • The SPF TXT record published in your domain DNS:
  • A few key checkpoints such as the validity of the SPF record:
  • SPF failure mode (hard fail/soft fail/neutral):
  • Whether the number of DNS lookups are below 10:
  • Note: In case the number of DNS lookups exceed the 10-lookup limit, you will be able to expand the SPF tree to view all the nested lookups, in the Error Details section as shown below:

 
  • Errors details (in case any errors were found in your SPF record):
  • You can also expand your SPF lookups to see what subsequent nested lookups are there, as shown below:
  • A section that explains SPF authentication protocol and how it authenticates your emails:

 
Analysis of DKIM Record
 
DKIM Selector: Not Specified
When the DKIM selector is not specified, DKIM would not be participating in the analysis. Instead, you will find some steps on how you can find your DKIM selector if you have already configured DKIM for your domain.
 
DKIM Selector: Specified
When you specify your DKIM selector as shown above, you will now be able to see the following DKIM record details.
  • The published DKIM DNS TXT record:
  • The validity status of your DKIM record:
  • The version of your deployed DKIM authentication protocol:
 
  • Key algorithm

 
Analysis of BIMI Record
In this section you will find the detailed analysis of your BIMI record configuration, errors found and other relevant information pertaining to your BIMI record.
  • A section that will show you the published BIMI DNS record:
  • The validity of your BIMI record:
  • A link to your BIMI logo that would redirect you to a page on a new tab, showing your brad logo:
  • Status of your BIMI VMC certificate:
  • Errors found in your BIMI record configuration (if any):

 
In case your domain is NOT configured with BIMI, your BIMI record analysis will look something like this:

 
Analysis of MTA-STS Record
In this section you will find the detailed analysis of your MTA-STS record configurations, errors found and other relevant information pertaining to your MTA-STS record.
  • The published MTA-STS DNS TXT record:
  • The validity of your MTA-STS record:
  • A link to the hosted MTA-STS policy file that would redirect you to a page on a separate tab displaying the file and its details:
  • The MTA-STS policy mode:
  • The File page:
  • The MX records configured for MTA-STS:
  • Errors found in your MTA-STS record configuration (if any):
  • In case your domain does not have MTA-STS configured, your MTA-STS record analysis will look something like this:

 
Analysis of TLS-RPT Record
In this section you will find the detailed analysis of your TLA-RPT record configurations, errors found and other relevant information pertaining your TLS-RPT record.
 
  • The published TLS-RPT DNS TXT record:
  • The validity of your TLS-RPT record:
  • TLS Aggregate (RUA) Report recipient addresses:
  • Errors found in your TLS-RPT record (if any):
  • In case your domain is NOT configured with TLS-RPT, your TLS-RPT record analysis will look something like this:

 
Frequently Asked Questions
 
How do I get a high score on PowerAnalyzer?
In case you want to get a high score on PowerAnalyzer for your domain you need to configure email authentication protocols for your domain, with the correct policy and syntax, so that they are valid and enforced. You can view our PowerAnalyzer guide on the step-by-step process for getting a higher score for your domain.
 
Why is my domain score on PowerAnalyzer low?
Your score can be low due to various reasons. You may not have your authentication protocols policies at enforcement. You may also possess issues in record configuration and syntax errors in your published DNS records. Another reason might be not specifying your DKIM selector or enabling reporting mechanism for your domain (Aggregate (RUA) reports/Forensic (RUF) reports). All of these factors contribute to your domain getting a lower score on PowerAnalyzer.
 
Keywords: PowerAnalyzer reports give you detailed description of your current security score.

Related Articles (3)

DMARCDirector PDF reporting Getting Started with PowerMTA-STS and PowerTLS-RPT Understanding DMARC RUF Reports