DKIM Record Checker - Verify Your DKIM Records for errors

DKIM (DomainKeys Identified Mail) is a method of email authentication that enables the recipient to verify that an email was actually sent and approved by the domain owner of that domain. This is achieved by adding a digital signature to the email. This DKIM signature is included to the message as a header and is encrypted for security.

When using DKIM, the sender server uses a key to sign an email. This contains the body as well as many significant headers, including the From and To lines, the subject, and the date. This "signature" is included as an additional header so that mail servers that receive it may validate it.

The public is hosted in the DNS server of the sending domain. The receiving server may verify that the message arrived exactly as it was delivered by using the public key and the signature in the message.

It functions in conjunction with DMARC (and SPF). Check out our page on DKIM to learn more about this topic.

The DKIM record lookup tool determines whether or not a certain selector's DKIM record has been published for the domain and if it is accurate. Additionally, it tells you of any necessary actions in relation to the outcome of the DKIM record validation. In the Email ID section, enter the email ID for the domain for which you want to do a DKIM check, enter your selector name, then hit enter to check the domain’s DKIM record.

1. Verifies whether the DKIM TXT record is published or not.
2. Checks if the DKIM syntax is valid.
3. Validates if the DKIM public key associated with the selector is present.

A DKIM selector is a component of the DKIM record that allows you to publish several DKIM keys on your domain. The DKIM selector is mentioned in the DKIM-Signature header and determines where the DKIM keypair's public key may be found in DNS. To ensure that the email message is valid and unmodified, the receiving server use the DKIM selector to identify and extract the public key.

When an email is sent, the DKIM selector is inserted as a s= tag into the DKIM-Signature email header. Sending an email to yourself is the simplest approach to find the selector for your domain.

There are no restrictions. You can have numerous DKIM Records since each DKIM record can be paired with a different selector. In reality, if your domain sends emails through different email services (Marketing, Transactional, etc.), you must use multiple DKIM selectors and private/public key pairs to distinguish these services.

DMARC only works if SPF and DKIM are properly configured. DMARC relies on these two protocols to give recipient email servers instructions on how to handle unauthenticated mails.

Read more about DKIM in our knowledge section.