DKIM Record Lookup DKIM Record Lookup

What is an Online DKIM Record?

The DKIM checker inspects the domain's published DKIM record for a specific selector. The tool performs the DKIM record lookup and examines whether the DKIM record is published at a particular selector and whether it's deployed correctly or not. DKIM is an acronym for DomainKeys Identified Mail. An email authentication technique allows the email receiver to check that an email is sent from the domain it says has not been tampered with. It's an accessible technology used to link a piece of email back to the domain. It gives protection from spammers to spoof a legitimate domain name.

 

Why is DKIM important?

Although, DKIM is not required. But email(s) signed with DKIM makes it more legitimate to the recipients. They are less likely to go to spam or junk folder. Spoofing and phishing from the popular domain(s) are widespread, but DKIM makes it harder to impersonate. DKIM also helps in building the domain reputation among ISPs. With a low bounce rate and high engagement, your email deliverability improves.

Example of DKIM record
NameTypeContentTTL
[selector]._domainkey.[domain]TXTv=DKIM1; p= public key3600

Here,

Name: The DKIM records are stored under the specialized name. It follows the format mentioned in the example. Suppose, for instance, abc.com uses XYZ as its email service provider. Suppose XYZ employs the DKIM selector XYZ-email. Their DKIM DNS record for abc.com would be under xyz-email._domainkey.abc.com.

In the above example:

  1. Name
    • selector: The DKIM selector is in the DKIM-Signature header that specifies where the public key of the DKIM key pair exists in the Domain Name System (DNS). The receiving email server uses the DKIM selector for locating and fetching the public key to verify that an email message is authentic and arrived unaltered.
    • _domainkey: It's included in all DKIM record names.
    • domain: It's an email domain name after the "@" symbol.
  2. Type: It's a TXT record.
  3. Content: Here, the v=DKIM1 means that the record is a DKIM record, and whatever comes after the "p" is the public key. 

How can I find my DKIM selector?

Finding your DKIM selector is not a difficult task. A better way is to send an email to yourself.

  • When you open an email, click on the three dots and go to "Show original." Your primary goal is to view the header information with the DKIM authentication results.
  • Search for "DKIM-Signature" to find the DKIM signature applied to your email.
  • If you see multiple DKIM-Signature headers, then search for the header that contains your domain name "d=value."
  • The DKIM-Signature email header contains an s= tag. It's used as a selector that the receiving server should use for DKIM record lookup.
  • Suppose you fail to find the DKIM signature or the one that contains your domain. Work on it and contact the authority responsible for sending your email. 

Note*: Not two services can have the same selector. For example, if you are sending emails from several services, like Gmail, Yahoo, etc., on behalf of your domain. Then each service must have a unique key and selector in your DNS. If the selectors are the same, the recipient server cannot tell which key to decipher a particular email.

DKIM and DMARC

DKIM, by itself, is not a reliable way to authenticate the email sender's identity. DMARC is an email authentication system built on top of SPF and DKIM. DMARC tells what to do if an email fails SPF and DKIM checks. Together, they allow the organization(s) to prevent email spam and spoofing.