Free DKIM Record Checker – Validate DKIM Signatures Instantly

by

Validate and analyze your DKIM signatures for email authentication

Common selectors: default, google, k1, k2, dkim, mail, selector1, selector2

Checking DKIM record…

DKIM Record Status

What is a DKIM Record Checker?

A DKIM (DomainKeys Identified Mail) checker is an essential email authentication tool that validates and analyzes your domain’s DKIM records. DKIM uses cryptographic signatures to verify that an email message hasn’t been altered during transit and confirms that it was authorized by the domain owner.

Our DKIM record checker performs real-time DNS lookups to retrieve your domain’s DKIM public key, validates its format, analyzes key parameters, and provides detailed insights to ensure your email authentication is properly configured.

Why Use Our DKIM Checker?

🔍 Real-Time Validation

Instantly verify your DKIM records with live DNS queries and immediate validation results.

🔑 Key Analysis

Detailed analysis of your DKIM public key including algorithm, key type, and length.

✅ Format Verification

Automatically detect syntax errors, malformed keys, and configuration issues.

🛡ī¸ Security Assessment

Evaluate key strength and identify potential security vulnerabilities in your setup.

📊 Comprehensive Reports

Get detailed insights into your DKIM configuration with actionable recommendations.

đŸŽ¯ Selector Support

Check multiple DKIM selectors to ensure all your email services are properly configured.

How to Use the DKIM Checker

  1. Enter Your Domain: Type your domain name (e.g., example.com) into the domain field.
  2. Enter DKIM Selector: Provide the DKIM selector used by your email service. Common selectors include: default, google, k1, mail, selector1.
  3. Click “Check DKIM Record”: Our tool will query your DNS for the DKIM TXT record at selector._domainkey.domain.com.
  4. Review the Results: The checker will display your DKIM record status, public key details, and validation results.

Understanding DKIM Records

A DKIM record is a TXT record published in your domain’s DNS that contains a public key used to verify email signatures. The record is located at:

selector._domainkey.example.com

For example, if your selector is “google” and your domain is “example.com”, the DKIM record would be at:

google._domainkey.example.com

DKIM Record Tags Explained

  • v=: Version (always DKIM1)
  • k=: Key type (usually rsa, sometimes ed25519)
  • p=: Public key data (Base64 encoded)
  • t=: Flags (y for testing, s for strict)
  • s=: Service type (email, * for all)
  • h=: Acceptable hash algorithms
  • n=: Notes or comments

How DKIM Works

  1. Email Signing: When an email is sent, the sending server signs it with a private key
  2. Header Addition: A DKIM-Signature header is added to the email containing the signature
  3. DNS Lookup: The receiving server looks up the public key from DNS
  4. Verification: The signature is verified using the public key
  5. Result: Email passes or fails DKIM authentication

DKIM Selectors Explained

A selector is a string that helps identify which DKIM key to use. Selectors are useful because they allow you to:

  • Rotate keys without breaking existing signatures
  • Use different keys for different email services
  • Maintain multiple active keys simultaneously
  • Test new keys before switching completely

Common DKIM Selectors by Email Service

  • Google Workspace: google, google1, google2, google3
  • Microsoft 365: selector1, selector2
  • SendGrid: s1, s2, or custom
  • Mailchimp: k1, k2, k3
  • Amazon SES: Usually custom, check your SES settings
  • ProofPoint: proofpoint, or custom

DKIM Key Lengths and Security

DKIM keys come in different lengths, with longer keys providing better security:

  • 512-bit: Deprecated, not recommended (weak security)
  • 1024-bit: Minimum recommended length, widely supported
  • 2048-bit: Recommended for new deployments, strong security
  • 4096-bit: Maximum security but may have compatibility issues

DKIM Best Practices

  1. Use 2048-bit keys: For optimal security and compatibility
  2. Rotate keys regularly: Every 6-12 months for security
  3. Use descriptive selectors: Makes management easier
  4. Keep private keys secure: Never expose or share private keys
  5. Test before deployment: Use t=y flag for testing
  6. Monitor DKIM failures: Check email logs and DMARC reports
  7. Document your selectors: Keep a list of active selectors and their purpose
  8. Align with DMARC: Ensure DKIM domain aligns with From domain

DKIM, SPF, and DMARC Together

DKIM works best as part of a comprehensive email authentication strategy:

  • DKIM: Verifies message integrity and sender authenticity via cryptographic signatures
  • SPF: Verifies the sending server is authorized to send for the domain
  • DMARC: Provides policy and reporting based on SPF and DKIM results

Implementing all three protocols provides the strongest protection against email spoofing and phishing.

Common DKIM Problems and Solutions

Problem: DKIM Record Not Found

Solution: Verify you’re using the correct selector. Check with your email service provider for the proper selector name.

Problem: Invalid Public Key Format

Solution: Ensure the public key is properly Base64 encoded and contains no line breaks or spaces in the p= tag value.

Problem: DKIM Signature Verification Failures

Solution: Check that the selector matches, the public key is correct, and the private key hasn’t changed without updating DNS.

Problem: Multiple DKIM Records

Solution: Each selector should have its own unique DNS record. Don’t create multiple TXT records for the same selector.

DKIM and Email Deliverability

Proper DKIM implementation significantly improves email deliverability:

  • Higher inbox placement rates
  • Better sender reputation
  • Reduced spam classification
  • Protection against message tampering
  • Enhanced trust with receiving mail servers

Frequently Asked Questions

How do I find my DKIM selector?

Check your email service provider’s documentation or DNS records. You can also examine the DKIM-Signature header in sent emails to find the s= tag value, which contains your selector.

Can I have multiple DKIM records?

Yes! You can have multiple DKIM records with different selectors. This is useful when using multiple email services or during key rotation.

What happens if my DKIM key is compromised?

Immediately rotate to a new key by generating a new key pair, publishing the new public key with a different selector, and configuring your mail server to use the new private key.

Do I need DKIM if I have SPF?

Yes. While SPF and DKIM serve similar purposes, they protect different aspects of email authentication. DKIM verifies message integrity, while SPF verifies the sending server. Both are important.

How long does DKIM DNS propagation take?

DNS propagation typically takes 24-48 hours, but can be faster. You can test immediately using direct DNS queries or our DKIM checker tool.

Can DKIM prevent email spoofing completely?

DKIM alone cannot prevent spoofing. It must be combined with SPF and DMARC for comprehensive protection. DMARC ensures that either SPF or DKIM passes and aligns with the From domain.

Related Tools

🎨 BIMI Checker

Validate Brand Indicators for Message Identification

🔐 DKIM Checker

Validate DKIM signatures and records

🛡ī¸ DMARC Analyzer

Analyze and validate DMARC policies

đŸĨ Domain Health Checker

Comprehensive domain email authentication check

📧 SPF Checker

Validate SPF records and syntax