How to Find DKIM Selector for My Domain?

If you are still looking for the DKIM selector for your domain, this blog is for you! To check your DKIM record or add a new record in your DNS, you need to define a selector. Once you set up your record with a DKIM selector, mail transfer agents can start authenticating your emails.  

DKIM, or DomainKeys Identified Mail is your standard email authentication protocol that fights against email spoofing. It uses cryptography to verify that your email contents have not been messed with. 

To make DKIM work its magic, you need a DKIM selector. It’s like a unique ID that points to your DKIM public key, stored securely in your domain’s DNS records.

This article will guide you through everything you need to know about DKIM selectors: what they are, why they’re important, and how to find yours for your domain. By the end, you’ll be equipped to ensure your emails get delivered safely and securely.

What is a DKIM Selector?

A DKIM selector is a short code you choose when setting up DKIM for your email domain. It is a string variable that points toward the DKIM public key in your domain’s DNS. Hence your selector is an identifier for your DKIM DNS record. You can spot the DKIM selector for your domain as an “s=” tag in your DKIM signature header. The receiving MTA authenticates your outbound messages by matching the private key assigned to your email, against the public key in your DNS to check for the legitimacy of the email.

Since your selector is a unique identifier, it has to be different for different email exchange services or vendors you are using.

How Does a DKIM Selector Work?

DKIM selectors play a pivotal role in the DKIM authentication process. It aids in the DKIM key identification process. When you include the selector in your DKIM signature header as s=(selector name), during the authentication process it points to the specific DKIM public key in your DNS. 

The selector is used to locate the correct DNS TXT record that contains the public key needed to verify the DKIM signature. The DNS record format is “selector._domainkey.yourdomain.com“. For instance, if the selector is dkim1, the record would be “dkim1._domainkey.example.com“.

Here’s a brief rundown on how DKIM authentication works: 

• When you send an email with DKIM enabled, a DKIM signature is added to the email header.
• This DKIM signature includes the DKIM selector you chose.
• The receiving email server uses the DKIM selector to locate your DKIM DNS record.
• The DNS record points the server to your DKIM public key.
• The DKIM public key is used to verify the DKIM signature in the email header.
• If the verification is successful, the email is considered legitimate.

DKIM Selector Examples

If your Hostname is s1._domainkey.domain.com (i.e. your record is published on this subdomain), s1 is your selector. You can configure any selector of your choice, it can be an alphanumeric value and may contain hyphens where the hyphen cannot be the first character. Here are a few DKIM selector examples:

s1._domainkey.domain.com

mn009._domainkey.domain.com

abc-12345._domainkey.domain.com

How to Configure a DKIM Selector?

You can configure your DKIM selector manually if you have the technical expertise and are aware of the record format and syntax. While configuring the DKIM selector, make sure in doesn’t exceed 2048 bits and is not too easy to crack. You can publish multiple DKIM records for your domain using a different selector each time to facilitate DKIM key rotation. This will further enhance your domain security. 

PowerDMARC makes it easy to configure a DKIM selector by using an automatic DKIM generator tool. Here’s how you can do it: 

1. Sign up to access our free DKIM record using our DKIM record generator tool.
2. Enter your domain name (e.g. company.com) and enter a selector of your choice. Make sure your selector is a unique combination of letters and numbers and something that may reflect your brand. 
3. Click on the “Generate” button to create your DKIM TXT record. 
4. Access your DNS management console to publish the record. 
5. Finally, verify your published record using our DKIM checker tool. 

How to Find DKIM Selector? 

There are 2 ways to find your DKIM selector:

1. Finding DKIM Selector Using a Test Mail

You can find your selector using the following 3 steps:

1) Send a test mail to your Gmail account

2) Click on the 3 dots next to the email in your Gmail inbox

3) Select “show original”

4) On the “Original Message” page navigate to the bottom of the page to the DKIM signature section and try to locate the “s=” tag, the value of this tag is your DKIM selector.

In the above example, s1 is my DKIM selector. This is one of the methods you can use to identify and locate yours.

2. Finding DKIM Selector with PowerDMARC

Alternatively, you can sign up with PowerDMARC to be on your free DMARC analyzer trial and enable DMARC reporting for your domain. Here you can easily locate and identify the DKIM selectors for each of your sending sources in the DMARC aggregate reports view. This way you no longer have to manually send yourself test mails to search for it every time.

1) On the PowerDMARC control panel, go to DMARC aggregate reports and your desired view. For this example, I am working with the “Per sending source” view

2) Cascade the row of the sending source for which you want to view your DKIM selector

3) Cascade the row of the sender hostname

4) You will now be able to find the selector under the DKIM verification box, as shown below:

Once you have found your DKIM selector you can freely perform a DKIM record check to configure errors in your DKIM record and resolve issues. Hope this blog helped you find your DKIM selector. Get your free DMARC analyzer today to implement error-free SPF, DKIM, and DMARC for your domain!

DKIM Selector Benefits

The benefits of using DKIM selectors are as follows:

1. Key Rotation: DKIM selectors allow you to rotate your DKIM keys effortlessly, without affecting email delivery.
2. Multiple Keys: Selectors support using different keys for different purposes (e.g., marketing emails, transactional emails) by using different selectors.
3. Key Management: Selectors facilitate easier management and organization of DKIM keys within the same domain.

Using DKIM selectors effectively helps in maintaining email security and integrity, ensuring that emails are not forged or altered.

DKIM Selector Best Practices

When configuring your DKIM selector, you can take into consideration the following best practices: 

1. Configure unique selectors: Using a short and easy-to-predict selector can leave you vulnerable to cyber attacks. Just like your passwords should be complex and hard to guess, make sure your selectors are also unique and complicated. 
2. Use 2048 DKIM key bits for extra security: By using 2048- bits DKIM keys you make it harder for attackers to tamper with your messages. 
3. Rotate your DKIM keys: Rotating DKIM keys periodically can help you prevent impersonation attacks and email tampering, enhancing your domain’s security. 

Final Words

By consistently following email authentication best practices, you can significantly strengthen your DKIM implementation. This will help ensure your domain remains secure against impersonation and email fraud.

Prioritizing the use of selectors, periodic rotation, and stringent private key protection will not only safeguard your outgoing emails but also reinforce the trust and reliability of your communication. 

For expert consultation and domain security solutions, contact us today!

• About
• Latest Posts

Yunes Tarada

Yunes is an Operations Team Lead at PowerDMARC with expert knowledge in email authentication and security. Yunes is a Microsoft-certified Azure Administrator Associate with certifications in CompTIA A+ and many more.

Latest posts by Yunes Tarada (see all)

• BIMI Setup Guide for Zoho Mail – Getting the Blue Verified Checkmark - September 6, 2024
• Setting up SPF Records for Gmail and Google Workspace - August 29, 2024
• How to Add HubSpot SPF, DMARC, and DKIM Records? - July 30, 2024