Free DKIM Checker Tool

Use our free DKIM checker tool to lookup, check, and validate your DKIM DNS record with a single click and improve email deliverability.

DKIM Record Checker

By enabling it the system will detect and fetch the DKIM selectors

Domain

Please enter a valid domain name, without http:// prefix

Selector

Enter the DKIM record selectors Auto-Detect Selector

DKIM Status

Record Checks

Valid DKIM record
Public Key Found
Key Algorithm
Error Details
Warning

Tags Found

Tag Value Description
v Version
g Granularity of the key
h DKIM hash algorithm
k DKIM key type
n Notes
p Public Key
s Service type
t Flag

Analyze DKIM the right way with PowerDMARC

How to Use Our DKIM Checker Tool

The process for using our DKIM checker to perform DKIM lookups is pretty straightforward. These are the steps:

  • 1. Enter your domain name without https:// or www like shown below.

    DKIM record lookup

  • 2. You can either manually enter your selector or leave it blank and let our system auto-detect it. By default, auto detection mode will be turned on. To manually enter your selector you can turn it off and then proceed to enter your selector.

    DKIM lookup

  • 3. Finally, hit the “lookup” button to analyze your DKIM check results.

    DKIM record checker

DKIM Test Results Explained

Our DKIM lookup tool analyzes your DKIM DNS records to produce various results. These results convey the information found during the checking process. Below you will find a detailed explanation of some possible DKIM test results:

Result: Valid DKIM Record

Checks-the-existence-of-your-published-SPF-record

Explanation: This means that your domain is correctly configured with DKIM, and the DKIM record published on your DNS is correct. You are looking for this result as it indicates that your domain is protected using DKIM authentication.

Result: Invalid DKIM Record

Detects-Multiple-Lookups

Explanation: This indicates the DKIM record in your DNS is invalid. This can happen due to a variety of reasons including syntax errors, incorrect formatting, or missing fields. The best course of action on getting this result is to create your DKIM records again using an automated online tool and republish it without trying to manually implement your record.

Notifies-Syntax-Errors

Explanation: This indicates that the domain may not have implemented DKIM authentication. A missing record is the most common reason behind this result. In case you come across this result, you can request DNS hosting provider to republish your DKIM record and check again once implemented.

Result: DKIM Selector Not Found

Helps-Fix-Errors-Faster

Explanation: Your DKIM selector is a mandatory part of a DKIM record that allows receiving MTAs to locate the correct record for a domain. If our DKIM tester tool informs that your selector is missing, you should edit your DNS information to include a selector in your record.

Result: DKIM Key Mismatch

Explanation: This result indicates that there is a mismatch between your DKIM public and private keys. Your DKIM public key is published on your DNS and accessible to all, while your DKIM private key is used to sign your outgoing messages. During DKIM authentication, the key values are tallied to confirm a match – indicating authenticity of your message.

How to Check DKIM Manually?

You can check DKIM manually for specific email messages by analyzing your email headers. To do so:

  • 1. Open the message, the DKIM signature of which you wish to verify. Click on the more option

  • 2. Click on View Original

  • 3. Inspect the summary of the original message to see whether DKIM passed/failed at a glance.

    DKIM check

  • 4. Review the extended raw headers and look for “dkim-signature” and “dkim=” fields.

    DKIM checker

What is a DKIM Checker?

A DKIM checker is an online tool that examines the digital signatures of email messages using DomainKeys Identified Mail (DKIM). With the use of the DKIM email authentication protocol, the sender of an email can digitally sign the message, demonstrating that it came from a reliable source and wasn’t altered while in transit.

The DKIM email authentication technique can aid you in combating email spoofing, phishing attacks, and other fraudulent email practices. Along with other protocols like SPF and DMARC, it can also reduce email deliverability issues.

What is DKIM and why do you need it?

DKIM is a protocol that verifies the authenticity of emails sent from/on behalf of your domain. During authentication, a DKIM signature is appended to outgoing emails. This signature or private key is matched with a DKIM public key published on your Domain Name System. A match indicates the genuineness of the message. 

More often than not, attackers can intercept email communications and make changes to the message content. They may include suspicious phishing links or attachments laden with malware. DKIM comes in handy during these situations to verify that the message content has not been altered throughout its journey.

Our DKIM test tool is valuable for email administrators, email service providers, and email security professionals to set up and validate DKIM key pairs for their domains so they can effectively verify the DKIM signature email header configured for your domain. Checking DKIM records with our DKIM tester can ensure that emails are legitimately sent from the claimed domain and email address and that the email content has not been altered in transit.

How Are DKIM Keys Checked?

To use a DKIM test tool, you first need to enter the domain name of the sender whose email you want to verify. This domain name is where the DKIM public key is stored. Once you input the domain, the tool will query the DNS to retrieve this public key.

  • DNS Request: To obtain the DKIM records connected to the supplied domain, the DKIM checker tool performs a DNS request. TXT (text) DNS records are commonly used to hold DKIM records.

  • Selector: To differentiate between multiple DKIM keys connected to the same domain, DKIM records are organized using “selector,” a special label. The selector in the DNS query used by the DKIM record lookup tool allows users to choose which DKIM key they want to get. Typically, the selection is stated in the DKIM-Signature header of the email.

  • Retrieve Public Key: The utility then extracts the DKIM public key from the DNS records after retrieving the DKIM records. The DKIM signature of incoming email messages from the given domain is checked during the DKIM test using this public key.

  • Display Information: The DKIM checker tool could give you access to the DKIM public key in addition to other details found in the DKIM records, like the key’s selector and policy details.

  • Verification: You can use the DKIM public key to check DKIM signatures on emails coming from the domain if you have it in your possession. It is verified that an email is valid and that it wasn’t altered during transmission if the signature on it matches the public key.

The DKIM public key can be easily retrieved from a domain’s DNS records using a DKIM checker tool, which is necessary for confirming the validity of email communications and guarding against email spoofing and phishing attempts. Performing DKIM tests is essential to email security since it makes sure that messages are transmitted from trusted sources and are not corrupted while in transit.

DKIM Tags Explained

DKIM signatures are created by the sending mail server and added as headers to outgoing email messages. These signatures contain various tags, each serving a specific purpose in the DKIM authentication process. Here are some common DKIM tags:

Tags Description
v This tag specifies the DKIM version being used. For example, “v=1” indicates the 1st version of the DKIM protocol.
p A mandatory field that specifies the DKIM public key.
a The “a” tag specifies the cryptographic algorithm used to create the signature. Common values include “rsa-sha1” and “rsa-sha256”.
s This tag specifies the DKIM selector. The selector is a string used to locate the DKIM public key in the DNS records of the signing domain.
h The “h” tag lists the headers that are included in the signature. It specifies which message headers are being signed.
b The “b” tag contains the cryptographic signature itself. It is generated using the private key of the sending domain and is used to verify the authenticity of the message.
bh This tag contains the hash of the email body. It is used to verify that the body of the message has not been altered during transit.

Understanding and Troubleshooting DKIM errors

Your lookup may lead to the discovery of several errors and vulnerabilities in your authentication system, and you need to take steps to resolve them quickly before the next attack incident. To troubleshoot:

  • Enable a strict policy (adkim=s)

  • Monitor your authentication results (either using your DMARC XML reader or by directly viewing your email header information)

  • Make sure you are aligning your third-party sending sources (e.g. MailChimp, Office 365)

DKIM validator

Additional Information on DKIM

The benefits of having a valid DKIM record

Why should you perform DKIM lookups?

Where can I find my DKIM Selector?

The benefits of having a valid DKIM record
  • DKIM, along with DMARC (Domain-based Message Authentication, Reporting, and Conformance) and optionally SPF can help prevent phishing emails from being sent from your domain.
  • Malicious emails can be used to launch potential attacks on your domain name that will hinder your business functions. A DKIM setup can help keep your domain reputation intact with an additional layer of security and authentication.
  • DKIM helps prevent alterations in message content by threat actors
  • DKIM survives email forwarding situations where other authentication protocols like SPF fail.
Add this to your email setup today to take your email authenticity to the next level!
Why should you perform DKIM lookups?
DKIM checks help you lookup your DKIM record validation status and check to confirm the presence of a published DKIM TXT record in your DNS. The DKIM checker tool examines your DKIM tags, record value, and protocol version as well as validates DKIM record syntax while highlighting errors associated with your DKIM CNAME or TXT record.
Where can I find my DKIM Selector?
Your DKIM selector is typically specified in the DKIM-Signature header of an email message sent from your domain. It’s a label used to distinguish between different DKIM keys that a domain may use for email authentication. To find your DKIM selector, follow these steps:
  • Examine a message sent from your domain: Access an email that was sent from your domain to get started. The selection should be present in the DKIM-Signature header of this email.
  • Check Email Header: Depending on your email provider or client, you may need to check the email header in order to see the DKIM signature details. You might need to refer to the documentation or support resources for your particular email client or service because the procedure to read email headers differs from one email service to another.
  • You can look for the “DKIM-Signature” field in the email header. The selector and other details about the DKIM signature will be contained in this field.
  • Find the Selector: A value like “s=your_selector” can be found in the DKIM-Signature header.
We have covered this topic in detail in our DKIM selector guide. Our DKIM checker tool can auto-detect your selection when you enter your domain name and click to activate the auto-detect option in case you are unable to find or enter your selector manually.

What Our Clients & Partners Say About Us

“Very easy and intuitive multi-tenant management. Flexible partner program with easy to work with terms and pricing. Overall a fantastic company, product, and MSP vendor.”

Joe Burns | Co-founder and CEO of Reformed IT

Lookup, check, and validate your record using our Free DKIM record checker!