Utinzo

DKIM Record Checker

Look up and validate the DKIM (DomainKeys Identified Mail) public key record for a domain and selector.

Did this tool work for you?

AdSense336 × 280
AdSense336 × 280

How to use this calculator

  1. 1

    Enter the domain name and the DKIM selector (ask your email provider which selector to use).

  2. 2

    Common selectors: google, mail, dkim, selector1, selector2, k1, smtp.

  3. 3

    Click "Check Now" to look up the selector._domainkey.domain TXT record.

  4. 4

    A valid public key confirms DKIM signing is configured.

AdSense · 728 × 90

Frequently asked questions

What is DKIM?

DKIM (DomainKeys Identified Mail) lets a domain owner sign outgoing emails with a private key. The corresponding public key is published in DNS. Receiving servers verify the signature using the public key to confirm the email wasn't tampered with and genuinely came from your domain.

What is a DKIM selector?

A selector is a label that allows multiple DKIM keys for one domain (e.g. different keys for different email services). The DKIM record lives at selector._domainkey.yourdomain.com. Google Workspace uses "google", Microsoft 365 uses "selector1" and "selector2".

How do I find my DKIM selector?

Check your email provider's documentation. For Google Workspace: go to Admin Console → Apps → Google Workspace → Gmail → Authenticate email. For Microsoft 365: check your domain's DNS records in the Microsoft 365 admin center. Also try checking the headers of a sent email — look for DKIM-Signature: s=selector.

What does an empty p= value mean?

An empty p= (public key) in a DKIM record means the key has been revoked. Any signature verification for that selector will fail. This is used to intentionally invalidate a DKIM key — for example, if the private key was compromised.

About dkim record checker

DKIM Record Checker — Verify your email signing configuration

How DKIM signing works

Your email server signs each outgoing message with a private key, adding a DKIM-Signature header. The public key — published as a DNS TXT record at selector._domainkey.yourdomain.com — lets any receiver verify that signature. A valid signature proves the message body wasn't altered in transit.

DKIM, SPF, and DMARC together

SPF verifies the sending server's IP. DKIM verifies the message content. DMARC ties them together: it requires SPF and/or DKIM to pass with alignment to your domain, and specifies what to do with failures (none, quarantine, reject). All three are required for robust email authentication.

DKIM Record Checker – Utinzo

Learn more from an authoritative source:

MDN Web Docs
Related tools

JSON Formatter & Validator

Format, validate, and minify JSON — with clear error messages for invalid input.

Base64 Encoder / Decoder

Encode plain text to Base64 or decode Base64 strings back to readable text.

URL Encoder / Decoder

Encode special characters in URLs (percent-encoding) or decode percent-encoded URLs.

UUID Generator

Generate UUID v4 (random) identifiers — one or in bulk.

See all Developer Tools tools

Results are estimates for informational purposes only and do not constitute professional financial, medical, legal, or technical advice. Read full disclaimer →

DKIM Record Checker – Free Online Dev Tool | Utinzo