DKIM Checker

Look up a DKIM public key by selector and domain. Parse tags and spot common issues.

About DKIM

DKIM publishes a public key in DNS at selector._domainkey.domain so receivers can verify message signatures.

This tool fetches and parses the TXT record, showing tags like v, k, p, s, and t, and warns about common misconfigurations.

How to use:

  • Enter the DKIM selector (e.g., default, or provider-specific like google/mandrill/mail) and your domain.
  • The tool queries selector._domainkey.domain for a TXT record and parses its tags.

Why it matters:

  • Valid DKIM lets receivers verify message integrity and sender authenticity.
  • Improves deliverability and is required for DMARC alignment (SPF or DKIM must pass and align).
  • Reduces spoofing and phishing risk from your domain.

When to use:

  • During initial email setup or when adding a new sending service.
  • When rotating keys, changing selectors, or migrating providers.
  • When DKIM/DMARC checks fail or messages land in spam.

Best practices:

  • Use at least 2048-bit RSA keys; rotate periodically.
  • Publish only the required tags; ensure p= (public key) is present and not empty.
  • For long keys, split TXT values into multiple quoted chunks (<255 chars each).
  • Use provider-recommended selectors or CNAMEs when they manage DKIM for you.
Illustration