If you have tried to validate your DKIM record with DKIM record lookup, you need to specify your DKIM selector. In this blog we will discuss the various ways for how to find it for your domain. DKIM, or DomainKeys Identified Mail is your standard email authentication protocol that makes use of cryptography to authenticate your messages. DKIM exists in your DNS as a DNS TXT record that you can easily generate using our free DKIM record generator, and subsequently published in your domain’s DNS to configure the protocol for your domain.

What is a DKIM Selector?

You can spot the DKIM selector for your domain as an “s=” tag in your DKIM signature header. It is a string variable that helps in pointing towards the DKIM public key in your domain’s DNS while authenticating your messages using DKIM authentication protocol. The receiving MTA authenticates your outbound messages by matching the private key assigned to your email, against the public key in your DNS to check for the legitimacy of the email.

Your selector is a unique identifier and has to be different for different email exchange services or vendors you are using.

How to Find DKIM Selector using Test Mail?

You can find your selector using the following 3 steps:

1) Send a test mail to your gmail account
2) Click on the 3 dots next to the email in your gmail inbox

3) Select “show original”

4) On the “Original Message” page navigate to the bottom of the page to the DKIM signature section and try to locate the “s=” tag, the value of this tag is your DKIM selector.

In the above example, s1 is my DKIM selector. This is one of the methods you can use to identify and locate yours.

DKIM Selector Examples

If your Hostname is (i.e. your record is published on this subdomain), s1 is your selector. You can configure any selector of your choice, it can be an alphanumeric value, and may contain hyphens where the hyphen cannont be the first character. Here are a few DKIM selector examples:

How to Find DKIM Selector with PowerDMARC

Alternatively, you can sign up with PowerDMARC to be on your free DMARC analyzer trial and enable DMARC reporting for your domain. Here you can easily locate and identify the DKIM selectors for each of your sending sources in the DMARC aggregate reports view. This way you no longer have to manually send yourself test mails to search for it every time.

1) On the PowerDMARC control panel, go to DMARC aggregate reports and your desired view. For this example I am working with the “Per sending source” view
2) Cascade the row of the sending source for which you want to view your DKIM selector
3) Cascade the row of the sender hostname
4) You will now be able to find the selector under the DKIM verification box, as shown below:

Once you have found out your DKIM selector you can freely perform DKIM record check to configure errors in your DKIM record and resolve issues. Hope this blog helped you find your DKIM selector. Get your free DMARC analyzer today to implement error-free SPF, DKIM and DMARC for your domain!

Before we get into how to setup DKIM for your domain, let’s talk a bit about what is DKIM. DKIM, or DomainKeys Identified Mail, is an email authentication protocol that is used for verifying the authenticity of outbound emails. The process involves using a private cryptographic key generated by your mail server which signs each outgoing email message. This ensures your recipients can verify that the emails they receive were sent from your mail server and are not forged. This can improve deliverability and help weed out spam. To place it simply an email from a DKIM enabled mail server contains a digital signature or more correctly, a cryptographic signature, which can be validated by the receiver’s email server.

DKIM was created by combining existing technologies like DomainKeys (from Yahoo) and Identified Internet Mail (from Cisco). It has developed into a widely adopted authentication method, which is known as DKIM and it is also registered as an RFC (Request for Comments) by the IETF (Internet Engineering Task Force). All major ISPs like Google, Microsoft and Yahoo create a digital signature that is embedded in the email header of outgoing emails and validate incoming mail with their own policies.

In the blog we are going to delve into the mechanism used in DKIM to validate your emails and its various advantages, as well as learn about how to setup DKIM for your own domain.

How to Setup DKIM to Protect Your Domain from Spoofing?

The DKIM signature is generated by the MTA and is stored in the list domain. After receiving the email, you can verify the DKIM by using the public key. DKIM as an authentication mechanism that can prove the identity of a message. This signature proves that the message is generated by a legitimate server.

This is especially required since domain spoofing attacks are on the rise in recent times.

What is a DKIM Signature?

In order to use DKIM, you need to decide what should be included in the signature. Typically this is the body of the email and some default headers. You can’t change these elements once they’re set, so choose them carefully. Once you have decided what parts of the email will be included in the DKIM signature, these elements must remain unchanged to maintain a valid DKIM signature.

Not to be confused with DKIM selector, DKIM signature is nothing more than a consortium of arbitrary string values also known as “hash values”. When your domain is configured with DKIM, your sending email server encrypts this value with a private key that only you have access to. This signature ensures that the email you send has not been altered or tampered after it was sent. To validate the DKIM signature, the email receiver will run a DNS query to search for the public key. The public key will have been provided by the organization that owns the domain. If they match, your email is classified as authentic.

How to Setup DKIM in 3 Easy Steps?

In order to implement DKIM easily with PowerDMARC all you need to do is generate your DKIM record using our free DKIM record generator. Your DKIM record is a DNS TXT record that is published in your domain’s DNS. Next you can conduct a free DKIM lookup, using our DKIM record lookup tool. This free tool provides a one-click DKIM check, ensuring that your DKIM record is error-free and valid. However, in order to generate the record, you need to first identify your DKIM selector.

How Do I Identify My DKIM Selector?

A common question often raised by domain owners is how do I find my DKIM? In order to find your DKIM selector, all you need to do is:

1) Send a test mail to your gmail account 

2) Click on the 3 dots next to the email in your gmail inbox

3) Select “show original” 

4) On the “Original Message” page navigate to the bottom of the page to the DKIM signature section and try to locate the “s=” tag, the value of this tag is your DKIM selector. 


A common question that you may often find yourself asking is whether implementing DKIM is enough? The answer is no. While DKIM helps you encrypt your email messages with a cryptographic signature in order to validate the legitimacy of your senders, it doesn’t provide a way for email receiver’s to respond to messages that fail DKIM. This is where DMARC steps in!

Domain-Based Message Authentication, Reporting and Conformance (DMARC) is an email authentication protocol that helps domain owners take action against messages that fail SPF/DKIM authentication. This in turn minimizes chances of domain spoofing attacks and BEC. DMARC along with SPF and DKIM can improve email deliverability by 10% over time and boost your domain reputation.

Sign up with PowerDMARC today to avail of your free DMARC analyzer trial today!