DKIM Record Checker

What is a DKIM Record?

DKIM record is another DNS TXT record. It is used to store the public key: a randomized string used to verify the authenticity of an email. DKIM record and the public key can be accessed by the email servers by querying the domain's DNS records.

How Do DKIM Records Work?

DKIM signature verifies your messages using two steps. The first action occurs on a server that sends DKIM-signed emails, while the second takes place on a receiver server that verifies incoming messages for DKIM signatures.

A pair of private/public keys are used to complete this process. The sender uses the private key to sign messages, and the receiver uses a public key to verify signatures. The email provider generates both keys, and the public key is given to the domain owner. The domain owner stores this public key as the DKIM record.

DKIm header is included in all the emails sent from that domain, and it has a section of data signed with the private key. Email servers can obtain the public key from the DKIM DNS record and use it to verify the digital signature.

What Does An Example DKIM Record Look Like?

DKIM record has 4 parts:

1. Name - [selector]._domainkey.[domain]

• selector
  • Special value used by the domain. it is issued by the email service provider.
• _domainkey
  • Default value included in all DKIM records.
• domain
  • Domain name.

2. Type

3. Content - v=DKIM1; p=76E629F05F709EF665853333EEC3F5ADE69A2362BECE40658267AB2FC3CB6CBE

• The public key is listed here.
• v=DKIM1 indicates that this TXT record should be interpreted as DKIM.

4. TTL - 6000

• Time to live - Duration that the record should be considered valid.

What is DKIM Record Checker, and How does it Work?

DKIM Record Checker is used to validate the published DKIM record of a domain. It will authenticate the reputation and identity of the sender by testing the domain name and selector for a valid published DKIM record.

What is DKIM Lookup Used For?

DKIM lookup verifies that the public key part of the DKIM signature is implemented correctly.

Understanding the DKIM Record Results

A DKIM verification can return several values:

• Pass - The email has a DKIM signature and passed the verification check.
• Fail - The email has a DKIM signature. But, error in the verification check.
• Policy- The email has a DKIM signature. But, not accepted by the mailbox provider.
• Neutral - The email may or may not have a DKIM signature.
• None - No DKIM record was found for the domain.
• PermError - The email has a DKIM signature. But, a permanent error has occurred.
• TempError - The email has a DKIM signature. But, a tempory error has occurred.

FAQs

Is DKIM part of DMARC protection?

SPF and DKIM Records, and DMARC Records work in conjunction. Hence setting SPF and DKIM Records is required before implementing a DMARC record.

How do I find my DKIM selector?

A DKIM selector is specified when the key pair is created. The DKIM selector is inserted into the DKIM-Signature email header as an s= tag. You can easily discover the selector for your domain by sending an email to yourself.

How to check if you have DKIM enabled?

1. Send an email to a Gmail account.
2. Access the email, and click the “respond” button.
3. Choose the "display original" option, which will allow you to test DKIM. If you see “signed by along with your domain name” in the original format, your DKIM signature is working.

How do I know if DKIM is working?

1. Send an email to a Gmail account.
2. Access the email, and click the “respond” button.
3. Choose the "display original" option, which will allow you to test DKIM. If you see “signed by along with your domain name” in the original format, your DKIM signature is working.

How do I check my DKIM record nslookup?

1. Open the command prompt.
2. Enter the commandNSLOOKUP and press enter.
3. Type q=txt and press enter.
4. Finally, type [selector]._domainkey.[domain] and press enter.

How do I manually verify DKIM?

You can use languages like Python or Php to verify DKIM manually.

1. First, you need to calculate the email body’s hash value.
2. Then, compare the calculated hash to the email’s DKIM-Signature header’s bh value.
3. After that, create the hashed_header using the DKIM-Signature header’s parameter h.
4. Finally, verify the signature.