Verify Email Signatures Instantly
DKIM Record Checker
Look up any domain's DKIM record by selector โ inspect the public key, key type, hash algorithms, and flags. Quick-check common selectors with one click.
Frequently Asked Questions
What is DKIM?
DKIM (DomainKeys Identified Mail) is an email authentication method that allows the sender to sign outgoing messages with a cryptographic signature. The recipient verifies the signature using the public key published in the sender's DNS, ensuring the email hasn't been tampered with in transit.
What is a DKIM selector?
A DKIM selector is a string used to locate the specific DKIM public key in DNS. The full lookup is <selector>._domainkey.<domain>. Different selectors allow a domain to use multiple DKIM keys for different services (e.g. 'google' for Google Workspace, 's1' for Mailchimp).
What key length should DKIM use?
DKIM keys should be at least 1024 bits, but 2048 bits is strongly recommended for better security. Some older systems only support 1024-bit keys. Keys shorter than 1024 bits are considered insecure and should be rotated immediately.
What does t=y mean in a DKIM record?
The flag t=y indicates that the domain is in testing mode for DKIM. During testing, receiving servers should treat signed messages the same as unsigned ones. This is useful when deploying DKIM for the first time. Remove the testing flag once you've verified everything works.
How do I find my DKIM selector?
Check your email provider's documentation โ common selectors include 'google' (Google Workspace), 'selector1'/'selector2' (Microsoft 365), 's1'/'s2' (Amazon SES), 'k1' (Mailchimp), and 'default'. You can also find it by viewing the DKIM-Signature header in a received email.
Complete Guide: How to Use the DKIM Record Checker
Look up and validate DKIM (DomainKeys Identified Mail) public key records. Our tool retrieves the DKIM TXT record for a given selector, verifies key length, algorithm, and flags. DKIM digitally signs outgoing emails, allowing recipients to verify the message hasn't been altered in transit.
Step-by-Step Instructions
- 1
Enter the domain
Type the domain whose DKIM record you want to check (e.g., example.com).
- 2
Enter the DKIM selector
Type the DKIM selector (e.g., 'google' for Google Workspace, 's1' for Microsoft 365, 'k1' for Mailchimp). The tool looks up selector._domainkey.domain.
- 3
View the public key
See the parsed DKIM record including version (v=DKIM1), key type (k=rsa), public key (p=...), and flags (t=).
- 4
Check validation results
The tool verifies key length (2048-bit recommended), algorithm support, and proper formatting.
Common Use Cases
- โEmail setup โ verify DKIM keys are published after configuring a new email service
- โKey rotation โ confirm new DKIM keys are live after rotating old ones
- โTroubleshooting โ diagnose DKIM verification failures causing email delivery issues
- โSecurity audit โ verify DKIM key strength meets current security standards (2048-bit minimum)
- โMulti-sender verification โ check DKIM records for all email services sending on behalf of your domain
- โCompliance โ ensure DKIM configuration satisfies email authentication policies
Pro Tips
Related Tools
DNS Lookup Tool
Check DNS records for any domain. Lookup A, AAAA, MX, CNAME, TXT and NS records online.
DMARC Record Checker
Validate your domain's DMARC policy. Check alignment, policy mode, reporting URIs and configuration issues.
SPF Record Checker
Validate SPF records and detect issues โ too many lookups, syntax errors, and missing includes.
BIMI Record Checker
Check BIMI (Brand Indicators for Message Identification) DNS records. Verify your brand logo in email clients.