DKIM Record Checker

Verify your DKIM configuration and email signature setup

vpn_key

FULL WIZARD

Configure all protocols in one flow

SPF, DKIM, DMARC, and BIMI -- guided setup in one session.

arrow_forward START WIZARD

About DKIM

DKIM (DomainKeys Identified Mail) adds a digital signature to your emails, proving they were sent by your domain and haven't been tampered with in transit. Unlike SPF which verifies the sending server's IP address, DKIM uses cryptographic signatures to verify the email content itself.

When your email server sends a message, it signs it with a private key and adds a DKIM signature to the email header. Receiving servers then look up your public key in your DNS records using the DKIM selector and verify the signature. If the signature is valid, it proves the email is authentic and unmodified.

DKIM records are published as DNS TXT records at specific subdomains called selectors (e.g., selector1._domainkey.example.com). Most email providers use their own selectors, so you may have multiple DKIM records for different services. This tool automatically probes common selectors to discover your DKIM configuration.

Frequently Asked Questions

What is DKIM?

DKIM (DomainKeys Identified Mail) is an email authentication method that uses cryptographic signatures to verify that an email was sent by an authorized server and was not modified in transit.

How do I find my DKIM selector?

DKIM selectors are set by your email provider. Common selectors include 'google' for Google Workspace, 'k1' for Mailchimp, 's1'/'s2' for Amazon SES, and 'default' for many providers. This tool probes the most common selectors automatically.

What key size should my DKIM record use?

Use at least 2048-bit RSA keys. While 1024-bit keys are technically valid, they are considered weak and may be rejected by some receivers. Ed25519 keys are also supported and offer strong security with smaller key sizes.

Why is my DKIM signature failing?

Common causes include: DNS record not published, selector mismatch between signing and DNS, email modified in transit (forwarding), key rotation without updating DNS, or expired keys.