DKIM Record Checker & Lookup Tool

Identify and resolve possible issues with your domain's DKIM record for a specific selector.

Start Free Trial Start Free Trial

How to Use the DKIM Check Tool?

There are two ways to check a DKIM record:
# 1: Input the domain and selector separated by a colon, like ''.
# 2: Use the host/name format. Enter the selector, followed by ._domainkey., and then the domain, such as ''. If you choose this method, enter all components into the Domain Name field and leave the Selector field empty.

DKIM Record Checker: Look up your domain's DKIM record for a specific DKIM selector to identify and address potential issues.
DKIM Record Generator: To complete the second step of email authentication, generate a valid DKIM record and integrate it into your DNS configuration.

DKIM Record Checker & Lookup Tool

MX Layer DKIM Record Checker

Verify email authenticity by checking a domain's DKIM record to ensure correct implementation of sender authorization.

What is DKIM Record Checker?

DKIM, short for DomainKeys Identified Mail, checks the sender's identity using signatures and public keys from their domain. It teams up with DMARC to make sure emails are genuine and trustworthy, boosting confidence in email communication.

Why Do You Need a DKIM Record Checker?

DKIM authentication ensures emails are from legitimate senders. It enhances deliverability and prevents spoofing attacks. Valid DKIM records reduce the risk of emails being marked as spam. Verifying DKIM records is vital for configuring third-party email services. It also helps troubleshoot delivery issues. Overall, it maintains a positive reputation and reliable communication.

DKIM (Domain Keys Identified Mail) Lookup

You can use DKIM Lookup to ensure that your DNS servers for your domain correctly send your DKIM record.

To perform the DKIM Lookup, enter your domain name and DKIM selector in the query field above and click the 'Check' button.

DKIM Tag Explanations

The DKIM Record Checker displays the following tags:

v Indicates the DKIM version, which should always be set to 1.
p (required) Represents the public key generated during DKIM setup. Leaving it empty renders it invalid.
t Lists flags in a colon-separated sequence, including defined flags y and s. Ignore undefined flags.
s Lists service types applicable to the record. Receiving servers must ignore missing or unrecognized types.
h Defines acceptable hash algorithms. By default, it allows all algorithms. Ignore unrecognized ones.
k Represents the key type tag with a default value of "rsa". Both sending and receiving servers must support it.
n Serves as an optional note field for administrators. Recommended for use only if necessary.

Connect to our experts

  1. Block all email-based threats
  2. Get real-time intelligence on attacks
  3. Zero Investment to Start
For more information, please see our Privacy Policy.

Frequently Asked Questions

DKIM works by using two keys: one private and one public, to confirm messages.
The private key adds an encrypted signature header to outgoing emails from your domain.
The public key is placed in your domain's DNS via a DKIM record.
Recipient servers retrieve the public key to check the email's signature and validate its source.
This process ensures that emails haven't been altered during transit.
DKIM helps spot fake header fields and content in emails.

Generate a DKIM record quickly using MX Layer’s DKIM Record Generator tool. Make sure to create DKIM records for all authorized sending domains in your organization. If you use a third-party email service provider (ESP) like MailChimp, Google, or Microsoft365, go to your ESP portal to get your DKIM key. ESPs keep their private DKIM key on their servers and give users a public DKIM key to add to their DNS zones.

Using MX Layer's DKIM generator is straightforward. In just a few clicks, you can create a DKIM record and keys. Follow these steps:
1- Choose a unique name for your DKIM selector to easily identify it later.
2- Enter your domain name, ensuring it matches the visible "From" address domain.
3- Select your desired key length from the options provided: 1024, 2048, or 4096 bits.

After generating the DKIM record:
• Safeguard the private key by storing it in your mail server configurations as a .pem file.
• Implement the public key in your DNS Zone.

If you're using third-party ESPs like Google or Microsoft365, you'll obtain your public DKIM keys from their portals. They don't share private keys for security reasons. However, if you have your own dedicated email servers, you can utilize MX Layer's DKIM Record Generator. This tool simplifies the process for you. After generating the keys, ensure to securely store the private key on your server. Additionally, add the public key to your DNS for implementation.

Generating a DKIM record is only necessary for your dedicated mail servers. Third-party Email Service Providers (ESPs) like Google Workspace, Microsoft, Mailchimp, etc., manage a private DKIM key within their server setups and offer public signatures for users. To set up DKIM for your domain, you'll retrieve the public signature or key from your ESP portal, integrate it into your DNS, and activate DKIM within your ESP portal settings.

To locate a DKIM signature, follow these steps:
1- Open the email and right-click.
2- Choose "view source" from the menu.
3- Look for the "DKIM-Signature" entry within the email source.
4- Within the DKIM-Signature header, identify the "s=" tag.
5- This "s=" tag serves as a selector, guiding the receiving server in its DKIM record lookup.