Skip to main content

DKIM Record Checker

The DKIM selector is specified in the DKIM-Signature header and indicates where the public key portion of the DKIM keypair exists in DNS.

With the DKIM Inspector you can check if the public part of your DKIM signature—using the selector—has been implemented correctly in the DNS of your domain.

NOTE: The Yahoo and Google DMARC requirement came into force February 1, 2024. We’ve written a guide to help you with the new sender requirements and to ensure your emails won’t be disrupted.

Why look up your DKIM record?

  • Is there any public DKIM key present?
  • If present, is the DKIM syntax correctly implemented?

Our tools are under maintenance. Please try again later.

Warning

Error

Access/bookmark this inspection at

Did you mean

?

Public key length

Notes

Warnings / Errors

Details

Tag

Name

Value

Default

None

Congratulations! Your DKIM record is valid.

There is something wrong with your DKIM record.

Query

Enter domain

Enter selector

Inspect DKIM

Legend
TAGNAMEDEFAULTTRANSLATION
vVersionDKIM1Version of the DKIM key record (plain-text; RECOMMENDED). This tag MUST be the first tag in the record if present. Warning: some ISPs may mark the DKIM authentication check as neutral if the version tag is invalid.
hHash algorithms* (allow all)Acceptable hash algorithms (plain-text; OPTIONAL). A colon-separated list of hash algorithms that might be used. Unrecognized algorithms MUST be ignored. The currently recognized algorithms are “sha1” and “sha256”.
kKey typersa Key type (plain-text; OPTIONAL). Unrecognized key types MUST be ignored. Supported values: “rsa”, “ed25519”.
nNotes(empty)Notes that might be of interest to a human (OPTIONAL). Not interpreted in any way.
pPublic key (none)Public-key data (base64; REQUIRED). An empty value means that this public key has been revoked. This is the only required tag.
sService type* (allow all)Service Type (plain-text; OPTIONAL). A colon-separated list of service types to which this record applies. Unrecognized service types MUST be ignored. Currently only “email” is recognized
tFlags(no flags set)Flags (plain-text; OPTIONAL). A colon-separated list of names. Unrecognized flags MUST be ignored. The defined flags are as follows: “y” – this domain is testing DKIM (test mode) “s” – verifiers MUST check for domain alignment (strict mode)

Get your domains into compliance.
Try out dmarcian for free!