Get Started Client Area

DKIM Checker

Verify DKIM (DomainKeys Identified Mail) records for email signing. Complete email authentication with SPF and DMARC checks.

Common selectors: default, mail, google, selector1

Enter your input above and click "Check" to see results.

What Is DKIM?

DKIM (DomainKeys Identified Mail) is an email authentication method that lets the receiving server verify that a message was sent and signed by the domain it claims. Your mail server signs outgoing messages with a private key; the public key is published in a DNS TXT record at selector._domainkey.yourdomain.com. Receivers use this DKIM record to validate the signature and detect tampering or spoofing. A valid DKIM signature improves trust and helps prevent your domain from being used in phishing.

Why DKIM Is Important for Email Deliverability

Gmail, Outlook, and other providers use DKIM (along with SPF and DMARC) to filter spam and protect users. When your DKIM record is valid and your keys are strong, your sender reputation improves and messages are less likely to land in spam. Missing or misconfigured DKIM can lead to lower deliverability and more bounces. Use this DKIM validation tool to verify your record and selector before going live.

How to Check a DKIM Record

  1. Enter your domain and selector (e.g. default or mail) in the DKIM checker online form above.
  2. Click Check to run a DKIM selector lookup. The tool queries the TXT record at selector._domainkey.yourdomain.com.
  3. Review the result: record found or not, key type (RSA), key length (bits), and security rating (weak / recommended / strong).
  4. Fix any issues (e.g. weak key, wrong selector) and re-check. You can also use our DNS Lookup to inspect TXT records directly.

Common DKIM Issues

  • Missing or wrong selector — The receiving server looks up DKIM using the selector in the email header. Use the same selector you configured in your mail system (e.g. default, mail, google).
  • Weak key (1024-bit) — Many providers prefer 2048-bit or 4096-bit RSA. Upgrade and publish the new public key in DNS.
  • Multiple DKIM records — Only one TXT record should exist for a given selector; duplicates cause undefined behavior.
  • Empty p= value — The public key (p=) must be present and non-empty. Revoked keys use p= with no value to indicate no valid key.
  • Version or key type — Use v=DKIM1 and k=rsa. Invalid formatting can cause the record to be ignored.

Our DKIM checker performs real-time DNS TXT lookups for your selector and domain, parses the record to verify DKIM version and key type, and calculates RSA key length so you can check DKIM key length and strength at a glance. Use this free DKIM validation tool to verify DKIM online before going live—no signup required.

Complete your email setup with the SPF Checker, DMARC Checker, and DNS Lookup for full authentication and DNS visibility.

DKIM Checker FAQ

What is a DKIM record?

A DKIM record is a DNS TXT record that stores the public key used to verify email signatures. It is published at selector._domainkey.yourdomain.com, so a DKIM TXT record check involves querying that hostname. Receiving mail servers perform a DKIM selector lookup to fetch the record and validate that messages signed by your domain are authentic and unaltered. The record contains tags such as v= (version), k= (key type), and p= (public key). Without a valid DKIM record, receivers cannot verify your signatures and may treat mail as less trustworthy.

How do I verify my DKIM record?

To verify DKIM online, use a free DKIM checker: enter your domain and the selector your mail system uses (e.g. default, mail, google). The tool runs a DKIM selector lookup and performs a DKIM TXT record check against the DNS. You will see whether the record was found, the key type (e.g. RSA), and the key length. A good DKIM validation tool also reports version (v=DKIM1), empty or invalid public key (p=), and multiple records. Run the check after publishing or changing your DKIM record to confirm it is live.

What DKIM key length should I use?

Use at least 2048-bit RSA (recommended); 1024-bit is weak and many providers discourage it. 4096-bit is strong and future-proof. You can check DKIM key length with any DKIM validation tool that decodes the public key: it will show the bit length and a security rating (weak, recommended, or strong). Upgrade to 2048 or 4096 if you see a weak rating, then update the p= value in your DNS TXT record and re-run a DKIM TXT record check to confirm.

Why is my DKIM check failing?

Common reasons a DKIM check fails: wrong selector (the lookup domain must match what your mail server uses in the signature), no TXT record for that selector yet, empty or invalid p= (public key), or DNS propagation delay. Verify the selector with your email provider or hosting panel, then run a DKIM selector lookup again. A DKIM checker that performs real-time DNS lookups will show whether the record exists and whether the key is present and valid—use that to verify DKIM online and fix configuration issues.

How does DKIM work with SPF and DMARC?

SPF specifies which servers are allowed to send for your domain; DKIM proves that the message was cryptographically signed by you and not modified in transit. DMARC tells receiving servers what to do when SPF or DKIM fail (e.g. quarantine or reject). Use all three for strong email authentication and better deliverability. After you verify DKIM online and check DKIM key length, run our SPF Checker and DMARC Checker to complete your setup.

Related Tools

SPF Checker

Check SPF records for email authentication

DMARC Checker

Verify DMARC policy configuration
Explore more Email tools →