Important Alert: Google and Yahoo will require DMARC starting from April 2024.
Read more

DKIM Record Checker

Free online DKIM checker tool to lookup, check, and validate your DKIM DNS record with a single click and improve email deliverability.

DKIM Record Checker

By enabling it the system will detect and fetch the DKIM selectors
Domain
Please enter a valid domain name, without http:// prefix
Selector
Enter the DKIM record selectors Auto-Detect Selector

DKIM Status

Record Checks

Valid DKIM record
Public Key Found
Key Algorithm
Error Details
Warning

Tags Found

Tag Value Description
v Version
g Granularity of the key
h DKIM hash algorithm
k DKIM key type
n Notes
p Public Key
s Service type
t Flag
DKIM Record Lookup

What is a DKIM Checker?

A DKIM checker is an online tool that examines email messages’ DomainKeys Identified Mail (DKIM) digital signatures. With the use of the DKIM email authentication protocol, the sender of an email can digitally sign the message, demonstrating that it came from a reliable source and wasn’t altered while in transit.

The DKIM email authentication technique can aid you in combating email spoofing, phishing attacks, and other fraudulent email practices. Along with other protocols like SPF and DMARC, it can also reduce email deliverability issues.

But what is DKIM and why you need it in the first place?

DKIM is a protocol that verifies the authenticity of emails sent from/on behalf of your domain. During authentication, a DKIM signature is appended to outgoing emails. This signature or private key is matched with a DKIM public key published on your Domain Name System. A match indicates the genuinety of the message. 

More often than not, attackers can intercept email communications and make changes to the message content. They may include suspicious phishing links or attachments laden with malware. DKIM comes in handy during these situations to verify that the message content has not been altered throughout its journey.

Our DKIM test tool is valuable for email administrators, email service providers, and email security professionals to set up and validate DKIM key pairs for their domains so they can effectively verify the DKIM-signature email header configured for your domain. Checking DKIM records with our DKIM tester can ensure that emails are legitimately sent from the claimed domain and email address and that the email content has not been altered in transit.

How to Perform DKIM Lookups?

The process for using our DKIM checker to perform DKIM lookups is pretty straightforward. These are the steps:

  • 1. Enter your domain name without https:// or www like shown below.

    DKIM checker

  • 2. You can either manually enter your selector or leave it blank and let our system auto-detect it. By default, auto detection mode will be turned on. To manually enter your selector you can turn it off and then proceed to enter your selector.

    DKIM checker

  • 3. Finally, hit the “lookup” button to analyze your DKIM check results.

    DKIM checker

How Are DKIM Keys Checked?

Start by entering the domain for which you wish to lookup DKIM key pair in the input field in our DKIM test tool. Typically, this is the domain of the email sender whose identity you want to confirm.

  • DNS Request: To obtain the DKIM records connected to the supplied domain, the DKIM checker tool performs a DNS request. TXT (text) DNS records are commonly used to hold DKIM records.

  • Selector: To differentiate between multiple DKIM keys connected to the same domain, DKIM records are organized using “selector,” a special label. The selector in the DNS query used by the DKIM record lookup tool allows users to choose which DKIM key they want to get. Typically, the selection is stated in the DKIM-Signature header of the email.

  • Retrieve Public Key: The utility then extracts the DKIM public key from the DNS records after retrieving the DKIM records. The DKIM signature of incoming email messages from the given domain is checked during the DKIM test using this public key.

  • Display Information: The DKIM checker tool could give you access to the DKIM public key in addition to other details found in the DKIM records, like the key’s selector and policy details.

  • Verification: You can use the DKIM public key to check DKIM signatures on emails coming from the domain if you have it in your possession. It is verified that an email is valid and that it wasn’t altered during transmission if the signature on it matches the public key.

The DKIM public key can be easily retrieved from a domain’s DNS records using a DKIM checker tool, which is necessary for confirming the validity of email communications and guarding against email spoofing and phishing attempts. Performing DKIM tests is essential to email security since it makes sure that messages are transmitted from trusted sources and are not corrupted while in transit.

DKIM Test Results Explained

When you use a DKIM lookup tool to query a domain’s DNS for DKIM records, you can receive various results, depending on what information is found in the DNS records. Here are the possible DKIM test results:

Valid DKIM Record

Checks-the-existence-of-your-published-SPF-record

  • Result: The DKIM validation tool successfully retrieves a DKIM record from the domain’s DNS.
  • Explanation: This means that the domain has configured DKIM properly, and the tool has obtained the public key used for DKIM signature verification. This result is desirable, as it indicates that the domain is taking steps to secure its email communications.

Invalid DKIM Record

Detects-Multiple-Lookups

  • Result: The DKIM checker tool finds a DKIM record in the DNS, but there are issues with the record’s format, or it is incomplete.
  • Explanation: An invalid DKIM record can lead to DKIM signature verification failures and should be corrected by the domain owner. Common issues might include missing or malformed DNS records, incorrect formatting, or missing key information.

No DKIM Record Found

Notifies-Syntax-Errors

  • Result: The DKIM test tool cannot find any DKIM records in the domain’s DNS.
  • Explanation: This indicates that the domain may not have implemented DKIM for its email authentication. While it’s not necessarily a problem, having no DKIM record means that DKIM signature verification cannot be performed on emails from this domain, which could affect email security and trustworthiness.

DKIM Selector Not Found

Helps-Fix-Errors-Faster

  • Result: The DKIM tester tool successfully finds a DKIM record in the DNS, but the specified selector (a label used to distinguish between different DKIM keys) provided in the query is not found within the record.
  • Explanation: The selector should be specified correctly based on the information in the email’s DKIM-Signature header. If it doesn’t match, DKIM signature verification might fail. This result suggests a configuration issue or mismatch between selectors in the DKIM signature and DNS record.

DKIM Key Mismatch

DKIM checker

  • Result: The DKIM checker tool retrieves a DKIM record with the correct selector, but the public key within the record doesn’t match the key specified in the DKIM signature header of the email message.
  • Explanation: This result indicates that the public key in the DKIM record doesn’t align with the key used to sign the email. It may result from a configuration error, DNS record mismanagement, or potential foul play, such as a man-in-the-middle attack.

Incomplete Information

Automatic-Subdomain-Detection

  • Result: The DKIM verification tool retrieves a DKIM record from the DNS, but the record is missing essential information, such as the public key.
  • Explanation: Incomplete DKIM records can lead to DKIM signature verification failures. The domain owner should update the DNS record with the necessary information to ensure proper email authentication.

DKIM Tags Explained

DKIM signatures are created by the sending mail server and added as headers to outgoing email messages. These signatures contain various tags, each serving a specific purpose in the DKIM authentication process. Here are some common DKIM tags:

Tags Description
v This tag specifies the DKIM version being used. For example, “v=1” indicates the 1st version of the DKIM protocol.
p A mandatory field that specifies the DKIM public key.
a The “a” tag specifies the cryptographic algorithm used to create the signature. Common values include “rsa-sha1” and “rsa-sha256”.
s This tag specifies the DKIM selector. The selector is a string used to locate the DKIM public key in the DNS records of the signing domain.
h The “h” tag lists the headers that are included in the signature. It specifies which message headers are being signed.
b The “b” tag contains the cryptographic signature itself. It is generated using the private key of the sending domain and is used to verify the authenticity of the message.
bh This tag contains the hash of the email body. It is used to verify that the body of the message has not been altered during transit.

How to Check DKIM Manually?

You can check DKIM manually for specific email messages by analyzing your email headers. To do so:

  • 1. Open the message, the DKIM signature of which you wish to verify. Click on the more option

    DKIM checker

  • 2. Click on View Original

  • 3. Inspect the summary of the original message to see whether DKIM passed/failed at a glance.

    DKIM checker

  • 4. Review the extended raw headers and look for “dkim-signature” and “dkim=” fields.

    DKIM checker

Understanding and Troubleshooting DKIM errors

Your lookup may lead to the discovery of several errors and vulnerabilities in your authentication system, and you need to take steps to resolve them quickly before the next attack incident. To troubleshoot:

  • Enable a strict policy (adkim=s)

  • Monitor your authentication results (either using your DMARC reporting tool or by directly viewing your email header information)

  • Make sure you are aligning your third-party sending sources (e.g. MailChimp, Office 365)

Overcome DKIM errors

Additional Information on DKIM

The benefits of having a valid DKIM record Why should you perform DKIM lookups? Where can I find my DKIM Selector?
The benefits of having a valid DKIM record
  • DKIM, along with DMARC (Domain-based Message Authentication, Reporting, and Conformance) and optionally SPF can help prevent phishing emails from being sent from your domain.
  • Malicious emails can be used to launch potential attacks on your domain name that will hinder your business functions. A DKIM setup can help keep your domain reputation intact with an additional layer of security and authentication.
  • DKIM helps prevent alterations in message content by threat actors
  • DKIM survives email forwading situations where other authentication protocols like SPF fail.
Add this to your email setup today to take your email authenticity to the next level!
Why should you perform DKIM lookups?
DKIM checks help you lookup your DKIM record validation status and check to confirm the presence of a published DKIM TXT record in your DNS. The DKIM checker tool examines your DKIM tags, record value, and protocol version as well as validates DKIM record syntax while highlighting errors associated with your DKIM CNAME or TXT record.
Where can I find my DKIM Selector?
Your DKIM selector is typically specified in the DKIM-Signature header of an email message sent from your domain. It’s a label used to distinguish between different DKIM keys that a domain may use for email authentication. To find your DKIM selector, follow these steps:
  • Examine a message sent from your domain: Access an email that was sent from your domain to get started. The selection should be present in the DKIM-Signature header of this email.
  • Check Email Header: Depending on your email provider or client, you may need to check the email header in order to see the DKIM signature details. You might need to refer to the documentation or support resources for your particular email client or service because the procedure to read email headers differs from one email service to another.
  • You can look for the “DKIM-Signature” field in the email header. The selector and other details about the DKIM signature will be contained in this field.
  • Find the Selector: A value like “s=your_selector” can be found in the DKIM-Signature header.
We have covered this topic in detail in our DKIM selector guide. Our DKIM checker tool can auto-detect your selection when you enter your domain name and click to activate the auto-detect option in case you are unable to find or enter your selector manually.

DKIM checker

What Our Clients & Partners Say About Us

“Very easy and intuitive multi-tenant management. Flexible partner program with easy to work with terms and pricing. Overall a fantastic company, product, and MSP vendor.”

Joe Burns | Co-founder and CEO of Reformed IT

Read More

DKIM checkerLookup, check, and validate your record using our Free DKIM record checker!

Start 15-day trial Speak to an expert