DKIM Record Checker
Our DKIM Inspector helps verify that the public key portion of the DKIM signature has been published correctly. The DKIM selector value specifies where the public key is located in DNS.
Warning
Error
Access/bookmark this inspection at
Did you mean
?
Public key length
Notes
Warnings / Errors
Details
Tag
Name
Value
Default
None
Congratulations! Your DKIM record is valid.
There is something wrong with your DKIM record.
Query
Enter domain
Enter selector
Inspect DKIM
Legend
| TAG | NAME | DEFAULT | TRANSLATION |
|---|---|---|---|
| v | Version | DKIM1 | Version of the DKIM key record (plain-text; RECOMMENDED). This tag MUST be the first tag in the record if present. Warning: some ISPs may mark the DKIM authentication check as neutral if the version tag is invalid. |
| h | Hash algorithms | * (allow all) | Acceptable hash algorithms (plain-text; OPTIONAL). A colon-separated list of hash algorithms that might be used. Unrecognized algorithms MUST be ignored. The currently recognized algorithms are “sha1” and “sha256”. |
| k | Key type | rsa | Key type (plain-text; OPTIONAL). Unrecognized key types MUST be ignored. Supported values: “rsa”, “ed25519”. |
| n | Notes | (empty) | Notes that might be of interest to a human (OPTIONAL). Not interpreted in any way. |
| p | Public key | (none) | Public-key data (base64; REQUIRED). An empty value means that this public key has been revoked. This is the only required tag. |
| s | Service type | * (allow all) | Service Type (plain-text; OPTIONAL). A colon-separated list of service types to which this record applies. Unrecognized service types MUST be ignored. Currently only “email” is recognized |
| t | Flags | (no flags set) | Flags (plain-text; OPTIONAL). A colon-separated list of names. Unrecognized flags MUST be ignored. The defined flags are as follows: “y” – this domain is testing DKIM (test mode) “s” – verifiers MUST check for domain alignment (strict mode) |
