DKIM Record Validator
Enter a domain and selector to check its DKIM public key record.
Validation Result:
How Does a DKIM Check Work?
DKIM (DomainKeys Identified Mail) combats email tampering by adding a cryptographic signature to every outgoing message. This signature is created with a private key that only your mail server knows. The corresponding public key is published in your DNS as a DKIM record.
When another server receives your email, it looks up the DKIM record for your domain using a unique "selector." It then uses the public key to verify the signature. A successful match proves the email is authentic and hasn't been altered. Our validator checks that this public key is correctly published and accessible.
DKIM Validator FAQs
How do I find my DKIM selector?
Your DKIM selector is provided by the service you use to send email (e.g., Google Workspace, Microsoft 365, Mailchimp). You can typically find it in the email authentication or domain settings section of that service's admin console. Common selectors are 'default', 'google', or service-specific names.
What does it mean if the DKIM check fails?
A DKIM check failure in an email header means the digital signature attached to the email did not match the public key published in the DNS. This can happen if the email was tampered with, or if the DKIM record is not configured correctly. A validator helps you confirm the DNS record itself is correct.
Why do I need to check my DKIM record?
You need to check your DKIM record to ensure your public key has been published correctly in your DNS. Without a valid and accessible DKIM record, receiving mail servers cannot verify your email signatures, which will cause your emails to fail DKIM authentication and negatively impact DMARC alignment and deliverability.