DKIM Lookup

Check DKIM keys published in DNS

Validate domain signing keys for outbound email.

Use selector._domainkey.example.com to lookup DKIM records.

Record FiltersDNS Toolkit

Your ad could be here

What is DKIM?

DKIM (DomainKeys Identified Mail) signs outgoing email to prove authenticity.

DKIM records are stored at selector._domainkey.domain and include a public key.

Proper DKIM setup improves trust and helps prevent spoofing.

DKIM uses selectors so multiple keys can coexist. Each selector has a TXT record containing the key.

Use the selector provided by your email service to find the DKIM record.

DKIM records are TXT values published at selector._domainkey.domain.

Host	Value	TTL
s1._domainkey	v=DKIM1; k=rsa; p=MIIBIjANBgkqh...	3600

The p= value contains the public key.

Selectors help rotate keys without downtime.

Common DKIM tags and how to read them.

Tag	Value	Explanation
v	DKIM1	DKIM protocol version.
g	*	Granularity. Limits which local parts can use this key.
h	sha256 \| sha1	Allowed hash algorithms. sha256 is recommended.
n	any text	Notes for humans. Optional.
s	* \| email	Service types allowed for this selector.
q	dns/txt	Query methods used to retrieve the key.
l	0	Body length limit. Optional and rarely used.
k	rsa \| ed25519	Key type used to generate the signature.
t	y \| s	Flags. y=test mode, s=strict subdomain usage.
p	base64 key	Public key for signature verification.

The domain does not exist in DNS. Check the spelling or registration status.

The resolver failed to answer. This can be caused by DNSSEC issues or upstream outages.

The DNS server did not respond in time. Try again or check connectivity.

Confirm authorized mail senders.

Check DMARC alignment and policy.

Your email provider supplies the selector value in the DKIM setup instructions.

The selector might be wrong, or the DNS record is not published yet.

Yes, but SPF and DMARC together provide stronger protection.