Skip to Navigation
Ensure your emails are authenticated and trusted with a free DKIM record checker.
Mailtrap Tip
To find the DKIM selector for an email, start by viewing the full email headers in your email client (usually found under “Show Original” or “View Source”). Look for the DKIM-Signature header—within it, locate the s= tag, which indicates the selector (e.g., s=selector1 ).
| Tag | Name | Value |
|---|
Mailtrap Tip
“v=” tag is recommended by RFC 6376.
A DKIM (DomainKeys Identified Mail) record checker is a tool that verifies the existence and accuracy of your domain’s DKIM record. It ensures that your DKIM public key is properly published in your domain’s DNS (Domain Name System), enabling email servers to validate email authenticity.
A DKIM checker operates by performing the following steps:
DNS query: The tool retrieves the DKIM TXT record or CNAME record published in your domain’s DNS.
Syntax validation: It verifies the structure and DKIM record syntax to ensure correctness.
Key verification: The checker validates the public key in the DKIM record to confirm it matches the private key used to sign emails.
Result report: It provides a report indicating whether the DKIM record is correctly configured.
A DKIM record lookup tool is essential for the following:
Email authentication: Ensure email security and authenticity.
Email deliverability: Improve the chances of your emails reaching inboxes.
Domain security: Protect your domain from email spoofing and phishing attacks.
Message integrity: Ensure message headers and content haven’t been tampered with during transit.
If issues are detected by the DKIM check tool, follow these steps to resolve them:
Identify the issue: Review the DKIM check tool’s report to pinpoint the problem, such as missing records, syntax errors, or mismatches in configuration.
Update your DKIM record: Correct errors by ensuring the DKIM record is properly configured in your DNS settings through accurate DKIM selector names, key lengths, and alignment with your email server.
Verify DNS updates: Allow time for DNS changes to take effect and confirm the updates are correctly applied.
Test your setup: Re-run the DKIM check to ensure the issue is resolved.
Monitor regularly: Perform periodic checks to maintain DKIM validity and ensure email authentication remains intact.
Mailtrap Tip
Combine DKIM with an SPF record and DMARC for enhanced email security and deliverability.
DKIM is an email authentication technique that uses cryptographic signatures (DKIM signatures) to verify that an email was sent from an authorized server and has not been altered during transit.
A DKIM record is a type of DNS record that contains the public key used to authenticate emails sent from your domain. This record enables receiving servers to verify that an email’s digital signature matches the private key, ensuring the email message’s authenticity and integrity.
The DKIM record is important because it helps prevent email spoofing and phishing by verifying the authenticity of your messages. It improves email deliverability, builds trust with recipients, and ensures your outgoing emails are less likely to end up in spam folders.
To create a DKIM record, generate a DKIM key pair (public and private keys) using your email provider or a key generator. Then, publish the public key as a TXT record in your domain’s DNS settings and configure your email server to sign outgoing messages with the private key. Finally, test the setup using a DKIM record tester to ensure proper configuration and functionality.
DKIM works alongside other email authentication protocols like SPF (Sender Policy Framework) and DMARC (Domain-based Message Authentication, Reporting, and Conformance) to provide defense against email spoofing and phishing. While DKIM verifies the integrity and authenticity of a message, SPF confirms the email sender’s IP, and DMARC ensures alignment between the two, enabling domain owners to enforce policies and receive reports on email activity.
When creating a DKIM record, avoid common mistakes such as using an incorrect selector, insufficient key length (use at least 2048-bit), or typos in the record. Also, ensure the DKIM record is properly published in your DNS settings with the correct TXT record type and format. Finally, to maintain security and confirm proper functionality, regularly update keys and test authentication thoroughly.
