DKIM Checker

Verify DKIM selector records and check domain key configuration. Validate signature setup to improve email authentication and delivery.

Run a check to see results

APIPOST /api/v1/email/dkim
4.8(20 votes)
9
checks performed
Try also: SPF Checker
Run Check

Key Features

100% Free

No registration required, unlimited checks

Instant Results

Real-time analysis with detailed output

REST API Access

Integrate into your workflow via API

Accurate Data

Live queries to authoritative sources

What is DKIM Checker?

The DKIM checker verifies DomainKeys Identified Mail records for any domain by querying the DKIM public key at the specified selector. DKIM is an email authentication protocol that uses public-key cryptography to digitally sign outgoing messages — the sending server signs each email with a private key, and the receiving server verifies the signature using the public key published in DNS. This proves two things: the email genuinely originated from the claimed domain (authentication), and the message body and key headers were not modified in transit (integrity).

The tool retrieves the DKIM TXT record, displays the public key, verifies the key length meets security standards (1024-bit minimum, 2048-bit recommended), checks the algorithm type (RSA or Ed25519), and validates the record syntax. This free DKIM lookup tool is used by email administrators confirming DKIM is correctly deployed after setup, deliverability specialists diagnosing DKIM failures reported in DMARC aggregate reports, and security teams verifying the key strength of a domain's DKIM configuration.

How to Use

  1. 1Enter the domain name and the DKIM selector (e.g., domain: example.com, selector: google or s1)
  2. 2Click 'Run Check' to query the DKIM TXT record at selector._domainkey.example.com
  3. 3Review the public key data, algorithm (RSA/Ed25519), and key bit length
  4. 4Verify the key length is at least 1024 bits (2048-bit is recommended for better security)
  5. 5Check for any syntax errors or missing required fields in the DKIM record

Who Uses This

System Administrators

Monitor and troubleshoot infrastructure

Developers

Debug network issues and integrate via API

SEO Specialists

Verify domain configuration and performance

Security Analysts

Audit and assess network security

Frequently Asked Questions

What is DKIM and how does it protect email?
DKIM (DomainKeys Identified Mail) is an email authentication protocol that adds a cryptographic digital signature to every outgoing email. The sending mail server signs the message using a private key, and a hash of the signature is added to the email headers as a DKIM-Signature field. When the receiving server gets the email, it retrieves the public key from the sender's DNS (at selector._domainkey.domain.com) and uses it to verify the signature. If verification passes, it proves the email was sent by the domain owner and was not modified during transit. DKIM is one of the three essential email authentication protocols alongside SPF and DMARC.
How do I find my DKIM selector?
Your DKIM selector is a prefix configured by your email provider that identifies which key to use for verification. Common selectors: Google Workspace uses 'google', Microsoft 365 uses 'selector1' and 'selector2', Amazon SES uses a long alphanumeric string, Mailchimp uses 'k1', SendGrid uses 's1' and 's2'. To find your specific selector, send an email to yourself and view the raw headers — look for the 'DKIM-Signature' header and find the 's=' field, which contains the selector name.
Why is DKIM important for email deliverability?
DKIM is critical because it provides cryptographic proof that an email genuinely came from your domain and wasn't tampered with. Without DKIM, receiving servers have no way to verify message integrity, making your emails more likely to be spam-filtered or rejected. Gmail, Outlook, and Yahoo all check DKIM as part of their spam filtering. DKIM is also required for DMARC alignment — without it, DMARC can only rely on SPF, which fails when emails are forwarded. Since Google and Yahoo tightened requirements in 2024, DKIM is effectively mandatory for any domain sending more than 5,000 emails per day.
What key length should my DKIM record use?
DKIM keys should be at least 1024 bits, but 2048-bit RSA keys are strongly recommended and increasingly required. A 1024-bit key is the minimum accepted by most mail providers but is considered weak by modern cryptographic standards. 2048-bit keys provide significantly stronger security against forgery attempts. Some providers now support Ed25519 keys, which offer equivalent security with shorter key sizes. The DKIM checker displays the detected key length so you can verify your configuration meets current standards. If your key is 1024-bit, consider rotating to a 2048-bit key.
Why is my DKIM check failing?
Common causes of DKIM verification failure: the DKIM TXT record is missing or has a typo in DNS (check that it's published at the correct selector._domainkey.domain.com path), the DNS record exceeds the 255-character TXT string limit and needs to be split into multiple strings, the private key on your mail server doesn't match the public key in DNS (happens after key rotation if DNS wasn't updated), the record contains formatting errors like extra spaces or line breaks, or your DNS provider is stripping or truncating the record. The DKIM checker highlights the specific issue found.

Related Articles

Robots.txt Checker: How to Test & Validate Your Robots.txtGuide

Robots.txt Checker: How to Test & Validate Your Robots.txt

Learn how to check your robots.txt file for errors that block search engines. Free robots.txt checker, common mistakes, templates, and step-by-step guide.

NetVizor Team
Apr 11, 2026
Robots.txt Checker: How to Test and Validate Your Robots.txt FileGuide

Robots.txt Checker: How to Test and Validate Your Robots.txt File

Check and validate your robots.txt file online for free. Learn what robots.txt does, how to write it correctly, and how to fix common mistakes that hurt your SEO

NetVizor Team
Apr 3, 2026
Master SPF, DKIM, DMARC Setup in Just 30 MinutesWiki

Master SPF, DKIM, DMARC Setup in Just 30 Minutes

Learn how to set up SPF, DKIM, and DMARC in 30 minutes to secure your email communications effortlessly.

NetVizor Team
Mar 2, 2026

Related Tools

SPF Checker

DMARC Checker

MX Lookup

Email Header Analyzer

Popular Tools

DNS Lookup

WHOIS Lookup

Domain Age

Nameserver Checker

API Endpoint

POST /api/v1/email/dkim
View Documentation