DKIM Record Checker & Lookup Tool

Check your DKIM records

Verify the presence of DKIM records to send authenticated emails from your Mailbox and Email Service Provider.

What Are DKIM Selectors?

A selector is a text string at the beginning of your DKIM TXT or CNAME record host/name used to identify or point to a specific DKIM public key.

Common DKIM Selectors

DKIM selectors are specific to each mailbox and email service provider and set up by domain owners to enable DKIM authentication.

Mailbox Providers

Provider DKIM Selector
Gmail (Google Workspace) google
Yahoo Mail yahoo
Outlook (Microsoft 365) selector1, selector2
AOL Mail dkim
Apple Mail (iCloud) apple
FastMail fm1
Zoho Mail zoho

Email Service Providers

Provider DKIM Selector
MailChimp k1, k2, k3
SendGrid s1, s2
Constant Contact ctct1, ctct2
HubSpot hubspot
Campaign Monitor cm1, cm2
AWeber aweber
ActiveCampaign activecampaign
MailerLite litesrv
Mailgun smtp
Klaviyo kl, kl2

DKIM Frequently Asked Questions

Questions frequently asked by our users regarding DKIM records and authentication.

If I have an SPF record, do I have to implement DKIM?

Yes, it is highly recommended to implement both SPF and DKIM for comprehensive email authentication. While SPF helps verify the sending server's identity and prevents email spoofing, DKIM provides an additional layer of security by ensuring that the email content has not been altered in transit. While SPF is effective in some cases, DKIM is especially important in scenarios involving email forwarding, as it is designed to withstand these situations and maintain email integrity. Therefore, having both SPF and DKIM protocols in place strengthens your email security measures effectively.

Is DKIM part of DMARC protection?

Yes, DKIM is a crucial component of DMARC protection. DMARC (Domain-based Message Authentication, Reporting, and Conformance) utilizes DKIM, alongside SPF (Sender Policy Framework), as one of the essential authentication mechanisms. To successfully pass a DMARC check, at least one of these authentication protocols, such as DKIM, must be properly implemented and validated. Therefore, DKIM plays a significant role in enhancing the security and reliability of email communication under the DMARC framework.

How can I investigate DKIM issues?

To investigate DKIM issues, there are several steps that can be taken:

  1. Use our DKIM Lookup tool to validate the implementation of your DKIM record and public key.
  2. Review DMARC reports to gain insights into DKIM passes and failures. It can be beneficial to use a tool like Postmark's free DMARC monitoring service for a more comprehensive analysis.
  3. Analyze email headers to locate the DKIM-Signature and evaluate the outcomes derived from this data.
  4. If using third-party ESPs and received the DKIM Public key from them, ensure to configure it correctly on their platform to avoid any issues.

How many DKIM records can I have?

You can have as many DKIM records as you want. The quantity of DKIM records you can use is not limited, and the only restriction would be the capacity and support provided by your DNS provider. Each DKIM record can be linked with its unique selector. It is crucial to utilize multiple selectors for each email sending service to properly manage and authenticate your email messages.

What are some common DKIM issues?

Some common DKIM issues that can arise include DNS configuration errors, key length problems, mismatched domain names, incorrect signing algorithms, and message body changes.

DNS configuration errors can lead to DKIM failures if there are issues with setting up the required DNS TXT records, such as missing or incorrect records or syntax errors.

Key length is crucial in DKIM, as it must be at least 1024 bits to function properly. Using a key that is too short may result in DKIM failures, as some email providers may require longer keys.

DKIM requires that the domain name used in the DKIM signature matches the domain name in the email's From address. A mismatch in domain names can cause DKIM to fail, impacting DMARC compliance and alignment.

Incorrect signing algorithms can also be a common issue with DKIM. Not all email providers support all signing algorithms, so using an unsupported algorithm can lead to DKIM failures.

Lastly, changes to the email message body after it has been signed can result in an invalid DKIM signature. This can occur if the email passes through a gateway or is modified by a content filter, causing the DKIM signature to fail verification at the recipient's email server.

How can I analyze the DKIM selector from Email Headers?

To analyze the DKIM selector from Email Headers, you can look for the DKIM-Signature email header in the email message. The DKIM selector is typically included within this header as an 's=' tag. This tag represents the selector value associated with the DKIM signature, which helps identify the specific key used to sign the message.

When examining the DKIM-Signature header, pay close attention to the 's=' tag, which indicates the selector for that particular DKIM signature. This selector is crucial for verifying the authenticity of the sender and ensuring that the message has not been tampered with in transit.

By identifying and analyzing the DKIM selector from the email headers, you can gain insights into the cryptographic key used to sign the message and validate its origin, thereby enhancing the security and trustworthiness of the email communication.