Page contents
Use Sendmarc’s DKIM record checker to instantly validate your DomainKeys Identified Mail (DKIM) record. Confirm your domain’s public key is correctly published, detect syntax issues, and strengthen email authentication.
To begin, enter your selector and domain in the checker below and click Lookup.
When you check your DKIM record, you’ll need two things: Your domain name and a selector.
The selector tells the receiving server (and tools like ours) which public DKIM key to look for in the DNS. Think of a selector as an employee number. There may be many Johns in your organization, but only one JHN001. The unique selector (sent with the private key) helps identify the right public key.
Even though most users never have to think about selectors, understanding what they do helps verify configuration accuracy.
Sendmarc’s DKIM record checker is an online tool that fetches, analyzes, and verifies the presence and validity of DKIM records published in the domain’s DNS.
A DKIM validator performs a DKIM check, which allows users to:
selector._domainkey.domain.com
v=DKIM1
), key type (k=rsa
), and key lengthWant to know how secure your business’s domain really is? Check its domain score.
DKIM is an email authentication protocol that uses cryptographic signatures to prove that a message hasn’t been modified in transit.
Without a valid record, your company’s domain becomes vulnerable to Man-in-the-Middle (MitM) attacks. Misconfigured or missing records can lead to email failures, where legitimate messages are marked as Spam or rejected outright, damaging both delivery and brand trust.
A DKIM record checker is essential for any business that wants to maintain secure, authenticated communication and protect its brand from abuse.
Email providers use DKIM to verify email legitimacy. A valid record enhances inbox placement for your company’s legitimate messages.
The tool can help identify syntax issues and incorrectly formatted keys that can break authentication.
Email authentication standards are evolving. Checking your organization’s record regularly helps keep its domain compliant and secure.
Easily review selectors to streamline management across different email services.
Want to see the results of your DKIM test?
s=
(selector) and d=
(domain) values.
A missing or misconfigured record exposes your business’s domain to unnecessary risks.
Messages might be rejected or filtered into Spam if DKIM fails
Attackers can impersonate your company’s domain, putting customers at risk
An invalid DKIM setup might not meet industry authentication standards
Use the checker to pinpoint syntax errors, incorrect selectors, or missing keys
Regenerate and republish the correctly configured record
Run the tool again to confirm the configuration has been fixed
Tip: Perform a DKIM record check on your organization’s record regularly, especially when adding or changing email senders.
Use Sendmarc’s free DKIM checker to validate your record, identify misconfigurations, and protect your email integrity. Perform a DKIM lookup now.
Check DKIM
Get started with Sendmarc’s full email authentication platform to prevent spoofing, enhance compliance, and improve email deliverability with DKIM, SPF, and DMARC.
A DKIM record is a DNS TXT record that contains the public cryptographic key used to verify the DomainKeys Identified Mail (DKIM) signature on outgoing emails. The record allows receiving email servers to authenticate that messages weren’t altered during transit.
v=DKIM1
(version) and k=rsa
(key type). The record must be correctly published in the DNS under the appropriate selector, and it must be free of syntax errors to be considered valid. If a DKIM record is incorrect, email authentication will fail. This can result in messages being marked as Spam or rejected by receiving servers. An invalid record also increases the risk of cybercriminals spoofing the domain or launching phishing attacks.
To fix a DKIM misconfiguration, confirm that the correct selector and domain names are used, ensure the record is accurately published in the DNS, and verify that the key’s format and length (we recommend 2048 bits) meet security standards. Test DKIM after to validate the correct configuration.
DKIM improves email deliverability by authenticating that emails are legitimate and unmodified. This reduces the likelihood that messages will be filtered into Spam or rejected by recipient email servers, improving inbox placement.
Yes, multiple DKIM records can be published by using different selectors. This allows for the rotation of cryptographic keys and the use of separate keys for different email sources, improving security and operational flexibility.
Yes, DKIM is still necessary even if the Sender Policy Framework (SPF) protocol is implemented. While SPF verifies the sending IP address, DKIM verifies the integrity and authenticity of the message content. When used together with Domain-based Message Authentication, Reporting, and Conformance (DMARC), SPF and DKIM provide a more complete email authentication strategy.
To ensure proper configuration, test DKIM and SPF records with validation tools. This helps verify SPF and DKIM implementation.