The DKIM checker inspects the domain's published DKIM record for a specific selector. The tool performs the DKIM record lookup and examines whether the DKIM record is published at a particular selector and whether it's deployed correctly or not.
DKIM is an acronym for DomainKeys Identified Mail. An email authentication technique allows the email receiver to check that an email is sent from the domain it says has not been tampered with.
It's an accessible technology used to link a piece of email back to the domain. It gives protection from the spammers to spoof a legitimate domain name.
Although, DKIM is not required. But email(s) signed with DKIM make it more legitimate to the recipients. They are less likely to go to spam or junk folder.
Spoofing and pishing from a popular domain(s) is widespread, but DKIM makes it harder to impersonate.
DKIM also helps in building the domain reputation among the ISPs. With a low bounce rate and high engagement, your email deliverability improves.
The DKIM works with SPF and DMARC to protect the email traffic. Emails that fail to pass the SPF and DMARC are not delivered by the email servers or may get to "spam." It allows the organization(s) to authenticate the emails.
For using the DKIM, the email server is configured to attach the DKIM signatures while sending emails. These signatures travel along with emails and are verified by the receiving servers (helping them reach their final destination).
These signatures work as a watermark.
Note: A receiver server can never use the public key to sign the messages and vice versa.
An example of a DKIM record is
|[selector]._domainkey.[domain]||TXT||v=DKIM1; p= public key||3600|
Name: The DKIM records are stored under the specialized name. It follows the format as mentioned in the example. Suppose, for instance, abc.com uses XYZ as their email service provider. Suppose XYZ employs the DKIM selector xyz-email. Their DKIM DNS record for abc.com would be under
In the above example:
Finding your DKIM selector is not a difficult task. A better way is to send an email to yourself.
Note: Not two services can have the same selector. For example, if you are sending emails from several services, like Gmail, Yahoo, etc., on behalf of your domain. Then each service must have a unique key and selector in your DNS. If the selectors are the same, the recipient server cannot tell which key to decipher a particular email.
To perform the DKIM record lookup for a particular selector. Please complete the following steps.
That usually happens when the "d=value" in the header "From" does not match with the "d=value" in the "DKIM-Signature." It may negatively impact email deliverability.
Thus, it's essential to examine all the messages that fail to identify the source as "valid." If you find a legitimate source, you can investigate it and set the DKIM correctly. If the source is not recognized, analyze it because it would send malicious emails or impersonate the domain.
DKIM, by itself, is not a reliable way to authenticate the email sender's identity. DMARC is an email authentication system built on top of SPF and DKIM. DMARC tells what to do if an email fails SPF and DKIM checks. Together, they allow the organization(s) to prevent email spam and spoofing.