What is DKIM Validation?

DKIM validation verifies that a domain's DKIM record is properly configured in DNS. This tool checks if the public key is published correctly and validates the record structure according to DKIM standards (RFC 6376).

How This Tool Works

1. Enter the domain name you want to validate
2. Provide the DKIM selector (if you don't know it, try "default", "google", or "s1")
3. The tool queries DNS for the DKIM record at: selector._domainkey.domain.com
4. It validates the record structure and checks for required tags
5. Results show whether the DKIM record is properly configured

DKIM Record Components

A valid DKIM record contains these tags:

• v=DKIM1: Version identifier (required)
• k=rsa: Key type, typically RSA (optional, defaults to rsa)
• p=: Public key data in base64 (required)
• t=: Flags, such as testing mode (optional)
• s=: Service type, typically email (optional)
• h=: Acceptable hash algorithms (optional)

Common Validation Issues

• Record not found: Check selector spelling or DNS propagation
• Missing v= tag: Record must start with v=DKIM1
• Missing p= tag: Public key is required
• Empty public key: Key may be revoked (p= with no value)
• DNS timeout: DNS server may be slow or unreachable

Finding Your DKIM Selector

If you don't know your DKIM selector, try these common ones:

You can also check outgoing email headers for the DKIM-Signature field:

Example: Valid DKIM Record

Best Practices

• Validate DKIM records after initial setup and key rotations
• Test email sending and check headers for DKIM pass results
• Monitor DKIM failures using DMARC aggregate reports
• Keep private keys secure and rotate them annually
• Use strong key sizes (2048 bits or higher)
• Maintain multiple selectors for zero-downtime key rotation

Related Tools

• DKIM Record Generator - Create new DKIM records
• Email Header Analyzer - Check DKIM signatures in emails
• Email Deliverability Tester - Test complete authentication
• DNS Record Viewer - View all DNS records
• SPF Checker - Validate SPF records