Important Alert: Google and Yahoo will require DMARC starting from Feb 2024.

DKIM Record Checker

Free online DKIM lookup tool to lookup, check, and validate your DKIM DNS record with a single click!

DKIM Record Checker

By enabling it the system will detect and fetch the DKIM selectors
Domain
Please enter a valid domain name, without http:// prefix
Selector
Enter the DKIM record selectors Auto-Detect Selector

DKIM Status

Record Checks

Valid DKIM record
Public Key Found
Key Algorithm
Error Details
Warning

Tags Found

Tag Value Description
v Version
g Granularity of the key
h DKIM hash algorithm
k DKIM key type
n Notes
p Public Key
s Service type
t Flag
DKIM Record Lookup

What is a DKIM Checker?

A DKIM checker is an online tool that examines email messages’ DomainKeys Identified Mail (DKIM) signatures. With the use of the DKIM email authentication method, the sender of an email can digitally sign the message, demonstrating that it came from a reliable source and wasn’t altered while in transit.

The tool is valuable for email administrators, email service providers, and email security professionals to set up and validate DKIM for their domains so they can effectively verify the authenticity of email messages sent from their own domains. Checking DKIM records can ensure that emails are legitimately sent from the claimed domain and have not been altered in transit, helping you combat email spoofing, phishing, and other fraudulent email practices.

How DKIM Checker Works

Start by entering the domain for which you wish to lookup DKIM record in the input field. Typically, this is the domain of the email sender whose identity you want to confirm.

  • DNS Request: To obtain the DKIM records connected to the supplied domain, the DKIM checker tool does a DNS request. TXT (text) DNS records are commonly used to hold DKIM records.

  • Selector: To differentiate between multiple DKIM keys connected to the same domain, DKIM records are organized using “selector,” a special label. The selector in the DNS query used by the DKIM record lookup tool allows users to choose which DKIM key they want to get. Typically, the selection is stated in the DKIM-Signature header of the email.

  • Retrieve Public Key: The utility then extracts the DKIM public key from the DNS records after retrieving the DKIM records. The DKIM signature of incoming email messages from the given domain is checked using this public key.

  • Display Information: The DKIM checker tool could give you access to the DKIM public key in addition to other details found in the DKIM records, like the key’s selector and policy details.

  • Verification: You can use the DKIM public key to check the DKIM signatures on emails coming from the domain if you have it in your possession. It is verified that an email is valid and that it wasn’t altered during transmission if the signature on it matches the public key.

The DKIM public key can be easily retrieved from a domain’s DNS records using a DKIM record checker tool, which is necessary for confirming the validity of email communications and guarding against email spoofing and phishing attempts. It is essential to email security since it makes sure that messages are transmitted from trusted sources and are not corrupted while in transit.

DKIM Checker Results Explained

When you use a DKIM lookup tool to query a domain’s DNS for DKIM records, you can receive various results, depending on what information is found in the DNS records. Here are the possible DKIM checker tool results:

Valid DKIM Record

Checks-the-existence-of-your-published-SPF-record

  • Result: The DKIM validation tool successfully retrieves a DKIM record from the domain’s DNS.
  • Explanation: This means that the domain has configured DKIM properly, and the tool has obtained the public key used for DKIM signature verification. This result is desirable, as it indicates that the domain is taking steps to secure its email communications.

Invalid DKIM Record

Detects-Multiple-Lookups

  • Result: The DKIM checker tool finds a DKIM record in the DNS, but there are issues with the record’s format, or it is incomplete.
  • Explanation: An invalid DKIM record can lead to DKIM signature verification failures and should be corrected by the domain owner. Common issues might include missing or malformed DNS records, incorrect formatting, or missing key information.

No DKIM Record Found

Notifies-Syntax-Errors

  • Result: The tool cannot find any DKIM records in the domain’s DNS.
  • Explanation: This indicates that the domain may not have implemented DKIM for its email authentication. While it’s not necessarily a problem, having no DKIM record means that DKIM signature verification cannot be performed on emails from this domain, which could affect email security and trustworthiness.

Selector Not Found

Helps-Fix-Errors-Faster

  • Result: The DKIM tester tool successfully finds a DKIM record in the DNS, but the specified selector (a label used to distinguish between different DKIM keys) provided in the query is not found within the record.
  • Explanation: The selector should be specified correctly based on the information in the email’s DKIM-Signature header. If it doesn’t match, DKIM signature verification might fail. This result suggests a configuration issue or mismatch between selectors in the DKIM signature and DNS record.

Key Mismatch

DKIM checker

  • Result: The DKIM record checker tool retrieves a DKIM record with the correct selector, but the public key within the record doesn’t match the key specified in the DKIM signature header of the email message.
  • Explanation: This result indicates that the public key in the DKIM record doesn’t align with the key used to sign the email. It may result from a configuration error, DNS record mismanagement, or potential foul play, such as a man-in-the-middle attack.

Incomplete Information

Automatic-Subdomain-Detection

  • Result: The DKIM verification tool retrieves a DKIM record from the DNS, but the record is missing essential information, such as the public key.
  • Explanation: Incomplete DKIM records can lead to DKIM signature verification failures. The domain owner should update the DNS record with the necessary information to ensure proper email authentication.

Where can I find my Selector?

Your DKIM selector is typically specified in the DKIM-Signature header of an email message sent from your domain. It’s a label used to distinguish between different DKIM keys that a domain may use for email authentication. To find your DKIM selector, follow these steps:

  • Examine a message sent from your domain: Access an email that was sent from your domain to get started. The selection should be present in the DKIM-Signature header of this email.

  • Check Email Header: Depending on your email provider or client, you may need to check the email header in order to see the DKIM signature details. You might need to refer to the documentation or support resources for your particular email client or service because the procedure to read email headers differs from one email service to another.

  • You can look for the “DKIM-Signature” field in the email header. The selector and other details about the DKIM signature will be contained in this field.

  • Find the Selector: A value like “s=your_selector” can be found in the DKIM-Signature header.

We have covered this topic in detail in our how to find DKIM selector guide. Our DKIM checker tool can auto-detect your select when you enter your domain name and click to activate the auto-detect option in case you are unable to find or enter your selector manually.

what type of information does a dkim lookup provide

What type of information does a DKIM lookup provide?

  • DKIM record validation status

  • Checks to confirm the presence of a published DKIM TXT record in your DNS

  • Checks your DKIM tags, record value, and protocol version

  • Checks your DKIM record syntax

  • Highlights errors associated with your DKIM TXT record

Understanding and Troubleshooting DKIM errors

Your lookup may lead to the discovery of several errors and vulnerabilities in your authentication system, and you need to take steps to resolve them quickly before the next attack incident. To troubleshoot:

  • Enable a strict policy (adkim=s)

  • Monitor your authentication results (either using your DMARC reporting tool or by directly viewing your email header information)

  • Make sure you are aligning your third-party sending sources (e.g. MailChimp, Office 365)

Troubleshooting DKIM errors

DKIM checkerLookup, check, and validate your record using our Free DKIM record checker!