DKIM Record Lookup

Enter a domain and selector to verify your DKIM configuration.

✨ 100% Free Tool

DKIM Record Lookup: Validating Your Email Authentication

What is a DKIM Record?

DomainKeys Identified Mail (DKIM) is an email authentication method designed to detect forged sender addresses in emails (email spoofing). It allows the receiver to check that an email claimed to have come from a specific domain was indeed authorized by the owner of that domain.

A DKIM record is a text (TXT) record published in your domain's DNS. It contains a public key that receiving mail servers use to verify a digital signature attached to your emails. If the signature matches, it proves the email hasn't been altered in transit and truly originated from your domain.

Why is DKIM Important?

  • Prevents Email Spoofing: DKIM makes it extremely difficult for attackers to impersonate your domain and send phishing emails.
  • Improves Email Deliverability: Email providers (like Gmail, Yahoo, Outlook) trust authenticated emails more. Correct DKIM records ensure your legitimate emails land in the Inbox, not the Spam folder.
  • Protects Brand Reputation: By preventing abuse of your domain, you maintain a positive sender reputation.
  • Required for DMARC: DKIM is a key component of DMARC (Domain-based Message Authentication, Reporting, and Conformance), which provides even stronger protection and policy control.

How to Use This Tool

  1. Enter Domain Name: Type the domain name you want to check (e.g., google.com) into the "Domain Name" field.
  2. Enter Selector: The "selector" is a string used to identify the specific public key. Common selectors include default, google, mail, or a date-based string like 20230601. If you are unsure, try default or check your email provider's settings.
  3. Click Check: Hit the "Lookup DKIM Record" button. The tool will query the DNS for the specific TXT record at selector._domainkey.domain.
  4. Analyze Results: Review the raw record and the parsed tag analysis to ensure your public key (p=) and key type (k=) are correctly configured.

Other Related Important Sections

Common DKIM Tags

v=Version, usually "DKIM1".
k=Key type, typically "rsa" or "ed25519".
p=The Public Key data (base64 encoded).
t=Flags, e.g., "s" for strict domain matching.

Frequently Asked Questions

Common questions about DKIM records, errors, and validation.

DKIM (DomainKeys Identified Mail) is an email security standard that uses a digital signature to verify that an email was indeed sent by the owner of the domain. It helps prevent email spoofing, phishing, and significantly improves email deliverability by building trust with receiving mail servers.
This error usually means the digital signature in the email header does not match the public key published in your DNS. To fix this: 1) Verify your DKIM selector is correct. 2) Check for syntax errors in your DNS TXT record (e.g., missing semicolons, extra spaces). 3) Ensure your email provider has signed the message correctly.
'temperror' indicates a temporary failure, often due to a DNS lookup timeout or network connectivity issue. It implies that the verification could not be completed at that moment, but retrying might work. Ensure your DNS hosting provider is reliable and responding quickly.
The selector is a unique identifier specified by your email provider (e.g., 'google', 'default', 'k1'). You can usually find it in your email service admin panel setup instructions, or by inspecting the 'Authentication-Results' or 'DKIM-Signature' header of a raw email you have sent.
DNS propagation can take anywhere from a few minutes to 48 hours depending on your TTL (Time To Live) settings and DNS providers. If you recently added or changed your DKIM record, you might need to wait. Use this DKIM Record Lookup tool periodically to check if it's visible globally.
Yes, distinct domains can share the same public key record using CNAME records (CNAME delegation), or you can publish the exact same TXT record on each domain. However, creating unique keys for each domain is generally recommended for better security isolation.
2048-bit keys are cryptographically stronger and are the current industry standard. 1024-bit keys are now considered weak and potentially vulnerable to cracking. Most major email providers (like Google and Microsoft) now require or strongly recommend using at least 2048-bit keys.
DKIM can work independently to verify the sender's identity, but it is most effective when combined with SPF (to verify authorized sender IPs) and DMARC. DMARC relies on SPF and DKIM results to tell receiving servers what to do if an email fails authentication (e.g., reject it).

Related DNS & Network Tools

Explore more powerful tools in this category.

MX Record Checker

Check Mail Exchange (MX) records for any domain name instantly.

SPF Record Checker

Verify Sender Policy Framework (SPF) records to prevent email spoofing.

DMARC Checker

Analyze DMARC records to ensure email authentication policies.

BIMI Record Checker

Check Brand Indicators for Message Identification (BIMI) records.

MTA-STS Record Checker

Verify MTA Strict Transport Security configurations.

TLS-RPT Record Checker

Check TLS Reporting (TLS-RPT) DNS records.

Email Blacklist Checker

Check if your mail server IP is listed on major DNSBL blacklists.

Online Port Checker

Check if a specific port is open on a target server or IP.

Advance DNS Leak Test

Verify if your VPN is leaking DNS queries and protect your online privacy.

Resolve IP to Hostname

Perform a reverse DNS lookup to find the hostname of an IP.

Website to IP Lookup

Convert domain names to IP addresses with detailed DNS and geolocation information.

Advanced Traceroute Online

Record the whole path through which network request routes to the provided Domain or IP Address.

Advanced - IPsec VPN Phase 1 & 2 Parameter Matcher

Troubleshoot VPN site-to-site configuration mismatches by comparing Local and Remote Phase 1 and Phase 2 parameters.

Advanced DNSSEC Checker

Verify DNSSEC records (DNSKEY, DS, RRSIG) and check the Chain of Trust status instantly.

Advanced DANE Record Checker

Check and validate TLSA records for DANE (DNS-Based Authentication of Named Entities).

Advanced VoIP MOS Score Calculator

Calculate Mean Opinion Score (MOS) for VoIP based on Latency, Jitter, and Packet Loss.

Advanced Fresnel Zone Calculator

Calculate 1st Fresnel Zone radius and recommended clearance for wireless links.

Advanced EIRP Calculator

Calculate Effective Isotropic Radiated Power (EIRP) for wireless links.

Advanced Fiber Loss Budget Calculator

Calculate total optical fiber loss budget, including splices and connectors, for reliable network planning.

Advanced Antenna Downtilt and Coverage Calculator

Calculate optimal antenna downtilt angle and coverage radius for precise network planning.

Advanced MTU Calculator

Calculate MTU, MSS, and protocol overheads (IPv4, IPv6, VLAN, PPPoE, etc.) for network optimization.