DKIM Checker
DomainKeys Identified Mail (DKIM) uses cryptographic signatures to verify that emails are authentic and unmodified.
Check your domainWhat is DKIM?
DKIM (DomainKeys Identified Mail) is an email authentication method that adds a digital signature to outgoing emails. Receiving mail servers validate this signature using a public key published in the sender’s DNS records.
Why DKIM matters
- Protects email content from tampering
- Improves inbox placement and deliverability
- Required for DMARC alignment
How DKIM works
- The sending mail server signs the email with a private key
- The DKIM signature is added to the email headers
- The receiving server retrieves the public key from DNS
- The signature is verified to confirm authenticity
Example DKIM record
selector1._domainkey.example.com TXT "v=DKIM1; k=rsa; p=MIIBIjANBgkq..."
DKIM records are published on selector-based subdomains. The selector name is chosen by the email provider and referenced in the email headers.
Common DKIM mistakes
- No DKIM record published
- Incorrect or missing selector
- DKIM disabled in the email provider settings
- Emails sent by third-party services without DKIM signing
DKIM, SPF, and DMARC
DKIM works together with SPF and DMARC to authenticate email. SPF verifies the sending server, DKIM verifies message integrity, and DMARC defines how failures should be handled.