DKIM Lookup

Find DKIM records for the selector using your domain name.

DKIM record

Domain Keys Identified Mail (DKIM) is a DNS protocol mainly used in email authentication. A DKIM record is defined under TXT along with SPF and DMARC (DMARC is an email authentication mechanism built on top of SPF and DKIM). Generally, DKIM records contain a pair of public and private keys, referred to as the digital signature. The private key is used to sign the email, and the public key at the receiver’s end will be used to unlock and validate the sender's identification and legitimacy.

DKIM blocks attackers from making phishing attacks. Emails that do not pass both SPF and DKIM checks will be handled with the action mentioned in a DMARC report.

DKIM header

When the sender sends the email, its header, body, and private key are wrapped using the digital signature. This signature is then attached to the email during transmission as DKIM header.

Components of DKIM

Name | Type | Content | TTL

1. Name:

[selector]._domainkey.[domain]

Selector: Special name/value issued by the email service provider that the domain uses

._domainkey: Included in all DKIM records.

domain: Name of the domain.

For instance, the name component is defined as: abc-email._domainkey.abc.com

Here, abc-email is the selector name followed by the DomainKey keyword and its domain name, abc.com.

2. Type:

DKIM records are defined under TXT, so its type will be a TXT record.

3. Content:

This lists all of the public keys. V=DKIM indicates that this TXT record should be considered as a DKIM.

DKIM record lookup

With the help of Zoho Toolkit's DKIM tool, you can easily look up and pull DKIM records for any domain. Simply type in the domain name of the DKIM record and the selector name. Zoho Toolkit retrieves and gives us the host name, followed by its selector name, its DKIM value, and TTL.

DKIM mechanism

DKIM authentication is a five-step process—starting from creating the digital signature (public and private key), adding the digital signature to the email header and body, transmitting and receiving the email at the receiving end, and, finally, authenticating the digital signature.

Once the email is received, the digital signature is identified and decrypted using the selector name. Finally, the receiving server will do the authentication check on the email with the help of DKIM.

Frequently Asked Questions

  • How does DKIM work?

    DKIM works as an encapsulation by wrapping the email content with a digital signature and ensures that the authenticity of the email is maintained throughout its transmission.

  • What is the difference between DKIM and SPF records?

    Though both SPF and DKIM are email authentication mechanisms, they both differ on their usage. SPF is mainly used to validate an IP's legitimacy, whereas DKIM uses a digital signature to ensure that no message is tampered with or altered during the transmission.

  • Is it possible to have more than one DKIM record?

    Yes, it is possible to have more than one DKIM record. Each DKIM might have a different DKIM selector added to its signature. The receiving server looks up this selector in order to verify and validate the keys.

  • What is a DKIM selector?

    A DKIM selector helps the receiving server identify and validate the sender's public key. Because a domain can have multiple DKIM records, the selector helps you identify the particular public key pair used in the email.

  • How do I find my DKIM selector name?

    Once you get to the DKIM header, the tag that starts with 's=' denotes the selector that is being used for your signature.