Is your DKIM
correctly configured?

Check DKIM keys and signatures in seconds. Verify selectors, key length, and TXT records to prevent spoofing and delivery issues.

Enter your domain and (optionally) a selector to validate your DKIM setup.

Please enter a valid domain.
You must agree before scanning.
User verifying DKIM configuration on a laptop

Use DMARCFlow's DKIM Record Check Tool to Identify and Resolve Email Authentication Problems

DMARCFlow's DKIM Checker tests and verifies your domain's DKIM configuration to ensure it's set up correctly. It confirms emails are signed with your private key and that the signature remains intact-ensuring authenticity and message integrity.

Validate that a public key is correctly published under a selector and spot issues before they affect delivery or security.

DKIM results dashboard
Diagram explaining DKIM record structure

What Is a DKIM Record?

A DKIM record is a DNS TXT entry containing a selector and a public key. The selector points to the private key that signs emails; the public key lets receivers verify the signature and confirm integrity.

Scan Domain

Example of a DKIM Record

Example: mailo is the selector, and dmarcflow.online is the domain. v=DKIM1 marks the record type, k=rsa the key algorithm, and p=... contains the public key.

Example DKIM record on DNS UI
How DKIM works illustration

How Does DKIM Work?

DKIM adds a digital signature to outgoing emails. Your server signs with a private key; receivers fetch your public key from DNS and verify the signature. Matching signatures indicate authenticity; mismatches flag risk. Result: stronger reputation and better inbox placement.

Implement, Manage & Rotate DKIM Keys the Right Way

A quick checklist to keep authentication tight and deliverability high

Use 2048-bit RSA

Prefer 2048-bit keys for stronger security and better acceptance by major inboxes.

Publish per Selector

Use distinct selectors per mail stream (marketing, transactional) to rotate safely.

Avoid CNAME Keys

Publish TXT records directly unless your provider requires a managed alias.

Rotate Regularly

Introduce new selectors, update signers, then deprecate old keys after cutover.

Frequently Asked Questions

Common questions about DKIM & DMARCFlow

Questions? We have answers!

DKIM uses cryptographic signatures to prove a message wasn’t altered in transit and that it came from a server authorized by your domain.

Generate a key pair, configure your mail system to sign messages with the private key, and publish the public key in DNS at selector._domainkey.example.com.

A selector identifies which key to use. It’s part of the DNS name and lets you rotate keys with zero downtime.

They offer stronger protection and are widely recommended by mailbox providers for better security and deliverability.

DMARC (Domain-based Message Authentication, Reporting, and Conformance) helps protect your domain from unauthorized use by verifying that incoming emails align with your domain's SPF and DKIM records.

By ensuring your SPF, DKIM, and DMARC records are properly configured, DMARCFlow helps legitimate emails reach inboxes while blocking suspicious ones.

Yes-clear instructions and actionable insights guide you even without a technical background.

Yes-core tools like record lookups and basic analysis are free to use.

Email spoofing, phishing, and related fraud-by authenticating the source of your messages.