PowerAnalyzer DMARC Domain Checker
Use our PowerAnalyzer to check if your domain name is protected against phishing, spoofing, fraud, and impersonation. You get a full analysis of your domain email security authentication status (DMARC, SPF, DKIM, MTA-STS, TLS-RPT, BIMI) and the needed actions to be taken to improve your security posture.
Use this tool to lookup and validate your SPF, DKIM and DMARC records.
Lookup result for domain
Overview
SPF | ||
DKIM | ||
DMARC | ||
BIMI |
MTA-STS | |
TLS-RPT |
A,NS and MX Records
The following A,NS and MX records were found for example.com
DMARC
The following DMARC DNS record was found for
Valid DMARC record | |
DMARC policy | |
Aggregate Report (RUA) addresses | |
Forensic Report (RUF) addresses |
Warning
Error Details
No error found
DMARC Explained
The following tags have been configured in the published DMARC record
The following default values will be used for the tags that have not been explicitly configured in the published DMARC record:
The following DMARC DNS record was found at
Valid DMARC record | No |
SPF
The following SPF record was detected for
Valid SPF record | |
Failure mode | |
DNS lookups below 10 | |
Void Lookups below 2 |
Error Details
No error found
SPF Explained
When an email server receives an email with in the Mail From address, it will check to see if the sender’s IP has been authorized in the published SPF record.
The following SPF record was detected for
Valid SPF record |
Error details
DKIM
No record found
The following DKIM record was found for
Valid DKIM record | |
Version | |
Key Algorithm | |
Public Key |
Error details
No error found
- Send a test mail to your gmail account
- Click on the 3 dots next to the email in your gmail inbox and select “show original”
- Find the “DKIM signature:” header and search for the “s=” tag, the value of this tag is your DKIM selector
BIMI
Error Details
No error found
The following BIMI DNS record was found at
Valid BIMI record |
MTA-STS
The following MTA-STS DNS record was found at
Valid MTA-STS record | |
Policy Host | |
Mode | |
File age | |
MX records |
Error Details
No error found
The following MTA-STS DNS record was found at
Valid MTA-STS record |
Error Details
No error found
TLS-RPT
The following TLS-RPT DNS record was found at
Valid TLS-RPT record | |
Aggregate Report (RUA) addresses |
Error Details
No error found
The following TLS-RPT DNS record was found at
Valid TLS-RPT record |
Error Details
No error found
The v=DMARC1 property indicates that this DNS record contains a DMARC policy. This value must be the first item in the DMARC record. | |||
Request the receiving server to send aggregate reports to{{ $ruaDemoEmail ?? ” }}. | |||
rua = | Aggregate reports will not be sent as no destination email address has been specified | ||
Request the receiving server to send forensic reports to {{ $rufDemoEmail ?? ” }}. | |||
ruf = | Forensic reports will not be sent as no destination email address has been specified | ||
adkim=R | Indicates that the domain owner is applying relaxed DKIM identifier Alignment | ||
aspf=R | Indicates that the domain owner is applying relaxed SPF identifier Alignment | ||
rf=Afrf | Request failure reporting (send to the ruf address, if set) in the AFRF (RFC6591) format. | ||
ri=86400 | The interval requested between aggregate reports (send to the rua address, if set) in seconds. 86400 seconds equals 1 day. | ||
pct=100 | This policy defined in p and/or sp should be applied to 100% of emails that fail authentication. | ||
fo= | Generate DMARC Failure reports if DKIM and SPF don’t pass or align. | Generate DMARC Failure Reports if DKIM or SPF don’t pass or align. | Generate DMARC Failure Reports if DKIM doesn’t pass or align. |
sp=Reject | The policy that will be applied to DMARC failing emails sent from a subdomain. |