Skip to main content

DKIM Validator

Our DKIM Validator is a diagnostic tool that helps verify that the DKIM public key is correct prior to adding it to your DNS. The tool can help senders ensure they don’t have any DKIM-related authentication failures.

Our tools are under maintenance. Please try again later.



Access/bookmark this inspection at

Did you mean


Public key length


Warnings / Errors







Congratulations! Your DKIM record is valid.

There is something wrong with your DKIM record.


Enter DKIM record

Validate DKIM

vVersionDKIM1Version of the DKIM key record (plain-text; RECOMMENDED). This tag MUST be the first tag in the record if present. Warning: some ISPs may mark the DKIM authentication check as neutral if the version tag is invalid.
hHash algorithms* (allow all)Acceptable hash algorithms (plain-text; OPTIONAL). A colon-separated list of hash algorithms that might be used. Unrecognized algorithms MUST be ignored. The currently recognized algorithms are “sha1” and “sha256”.
kKey typersa Key type (plain-text; OPTIONAL). Unrecognized key types MUST be ignored. Supported values: “rsa”, “ed25519”.
nNotes(empty)Notes that might be of interest to a human (OPTIONAL). Not interpreted in any way.
pPublic key(none)Public-key data (base64; REQUIRED). An empty value means that this public key has been revoked. This is the only required tag.
sService type* (allow all) Service Type (plain-text; OPTIONAL). A colon-separated list of service types to which this record applies. Unrecognized service types MUST be ignored. Currently only “email” is recognized.
tFlags(no flags set)Flags (plain-text; OPTIONAL). A colon-separated list of names. Unrecognized flags MUST be ignored. The defined flags are as follows: “y” – this domain is testing DKIM (test mode) “s” – verifiers MUST check for domain alignment (strict mode)

Get your domains into compliance.
Try out dmarcian!