DKIM record checker tool
Use Sendmarc’s DKIM record checker to instantly validate your DomainKeys Identified Mail (DKIM) record. Confirm your domain’s public key is correctly published, detect syntax issues, and strengthen email authentication.
To begin, enter your selector and domain in the checker below and click Lookup.
Why do I need a selector for the DKIM record checker?
When you check your DKIM record, you’ll need two things: Your domain name and a selector.
The selector tells the receiving server (and tools like ours) which public DKIM key to look for in the DNS. Think of a selector as an employee number. There may be many Johns in your organization, but only one JHN001. The unique selector (sent with the private key) helps identify the right public key.
Even though most users never have to think about selectors, understanding what they do helps verify configuration accuracy.
What is a DKIM record checker?
Sendmarc’s DKIM record checker is an online tool that fetches, analyzes, and verifies the presence and validity of DKIM records published in the domain’s DNS.
A DKIM validator performs a DKIM check, which allows users to:
- Confirm that a valid record is published at
selector._domainkey.domain.com - Validate syntax and ensure the record is correctly structured
- Detect configuration issues that might cause authentication failures
- Confirm key details like version (
v=DKIM1), key type (k=rsa), and key length
Want to know how secure your business’s domain really is? Check its domain score.
Why does DKIM matter?
DKIM is an email authentication protocol that uses cryptographic signatures to prove that a message hasn’t been modified in transit.
Without a valid record, your company’s domain becomes vulnerable to Man-in-the-Middle (MitM) attacks. Misconfigured or missing records can lead to email failures, where legitimate messages are marked as Spam or rejected outright, damaging both delivery and brand trust.
Why your organization should use a DKIM record checker
A DKIM record checker is essential for any business that wants to maintain secure, authenticated communication and protect its brand from abuse.
Key benefits:
Improve deliverability
Email providers use DKIM to verify email legitimacy. A valid record enhances inbox placement for your company’s legitimate messages.
Detect and fix errors
The tool can help identify syntax issues and incorrectly formatted keys that can break authentication.
Ensure compliance
Email authentication standards are evolving. Checking your organization’s record regularly helps keep its domain compliant and secure.
Simplify key management
Easily review selectors to streamline management across different email services.
Want to see the results of your DKIM test?
How to verify with a DKIM record checker
Checking DKIM with Sendmarc’s tool is quick and simple.Steps to check the record:
1. Enter the selector and domain
Open a recently sent email, check the DKIM-Signature header, and locate thes= (selector) and d= (domain) values.
2. Run the check
Input the values and click Lookup. The tool will request the record from the DNS.3. Review the results
Confirm if a valid record exists and view key attributes, including version, key type, and length.4. Take action if needed
Fix any errors identified by the tool, such as incorrect formatting or weak key strength.Missing or incorrect record? Use a DKIM record checker
A missing or misconfigured record exposes your business’s domain to unnecessary risks.
Risks of a misconfigured record:
Email delivery issues
Messages might be rejected or filtered into Spam if DKIM fails
Spoofing vulnerability
Attackers can impersonate your company’s domain, putting customers at risk
Security and compliance failures
An invalid DKIM setup might not meet industry authentication standards
How to fix record issues
1. Identify the problem
Use the checker to pinpoint syntax errors, incorrect selectors, or missing keys
2. Update DNS
Regenerate and republish the correctly configured record
3. Revalidate
Run the tool again to confirm the configuration has been fixed
Tip: Perform a DKIM record check on your organization’s record regularly, especially when adding or changing email senders.
Try Sendmarc’s record checker now
Use Sendmarc’s free DKIM checker to validate your record, identify misconfigurations, and protect your email integrity. Perform a DKIM lookup now.
Check DKIM
Need complete email protection?
Get started with Sendmarc’s full email authentication platform to prevent spoofing, enhance compliance, and improve email deliverability with DKIM, SPF, and DMARC.
DKIM record checker: FAQs
What is a DKIM record?
A DKIM record is a DNS TXT record that contains the public cryptographic key used to verify the DomainKeys Identified Mail (DKIM) signature on outgoing emails. The record allows receiving email servers to authenticate that messages weren’t altered during transit.
What does a valid DKIM record look like?
v=DKIM1 (version) and k=rsa (key type). The record must be correctly published in the DNS under the appropriate selector, and it must be free of syntax errors to be considered valid.
What happens if a DKIM record is incorrect?
If a DKIM record is incorrect, email authentication will fail. This can result in messages being marked as Spam or rejected by receiving servers. An invalid record also increases the risk of cybercriminals spoofing the domain or launching phishing attacks.
How do you fix a DKIM misconfiguration?
To fix a DKIM misconfiguration, confirm that the correct selector and domain names are used, ensure the record is accurately published in the DNS, and verify that the key’s format and length (we recommend 2048 bits) meet security standards. Test DKIM after to validate the correct configuration.
How does DKIM affect email deliverability?
DKIM improves email deliverability by authenticating that emails are legitimate and unmodified. This reduces the likelihood that messages will be filtered into Spam or rejected by recipient email servers, improving inbox placement.
Can you have multiple DKIM records?
Yes, multiple DKIM records can be published by using different selectors. This allows for the rotation of cryptographic keys and the use of separate keys for different email sources, improving security and operational flexibility.
Is DKIM necessary if SPF is already in place?
Yes, DKIM is still necessary even if the Sender Policy Framework (SPF) protocol is implemented. While SPF verifies the sending IP address, DKIM verifies the integrity and authenticity of the message content. When used together with Domain-based Message Authentication, Reporting, and Conformance (DMARC), SPF and DKIM provide a more complete email authentication strategy.
To ensure proper configuration, test DKIM and SPF records with validation tools. This helps verify SPF and DKIM implementation.