DKIM record is another DNS TXT record. It is used to store the public key: a randomized string used to verify the authenticity of an email. DKIM record and the public key can be accessed by the email servers by querying the domain's DNS records.
DKIM signature verifies your messages using two steps. The first action occurs on a server that sends DKIM-signed emails, while the second takes place on a receiver server that verifies incoming messages for DKIM signatures.
A pair of private/public keys are used to complete this process. The sender uses the private key to sign messages, and the receiver uses a public key to verify signatures. The email provider generates both keys, and the public key is given to the domain owner. The domain owner stores this public key as the DKIM record.
DKIm header is included in all the emails sent from that domain, and it has a section of data signed with the private key. Email servers can obtain the public key from the DKIM DNS record and use it to verify the digital signature.
DKIM record has 4 parts:
1. Name -
3. Content -
v=DKIM1indicates that this TXT record should be interpreted as DKIM.
4. TTL -
DKIM Record Checker is used to validate the published DKIM record of a domain. It will authenticate the reputation and identity of the sender by testing the domain name and selector for a valid published DKIM record.
DKIM lookup verifies that the public key part of the DKIM signature is implemented correctly.
A DKIM verification can return several values:
SPF and DKIM Records, and DMARC Records work in conjunction. Hence setting SPF and DKIM Records is required before implementing a DMARC record.
A DKIM selector is specified when the key pair is created. The DKIM selector is inserted into the DKIM-Signature email header as an
s= tag. You can easily discover the selector for your domain by sending an email to yourself.
NSLOOKUPand press enter.
q=txtand press enter.
[selector]._domainkey.[domain]and press enter.
You can use languages like Python or Php to verify DKIM manually.
hashed_headerusing the DKIM-Signature header’s parameter
(view all free tools)