DKIM Record Checker
Verify DomainKeys Identified Mail (DKIM) public key records for a domain using selector prefixes to validate cryptographic email signatures.
This interactive client-side tool is part of the NervLink Cybersecurity Suite. All analysis is verified entirely inside the local browser sandbox for maximum safety and data privacy compliance.
How It Works
- Provide a selector prefix and the target domain hostname.
- The tool queries the TXT record at selector._domainkey.domain.
- The DKIM version, public key value, hash algorithm options, and key type flags are inspected.
Primary Use Cases
- Confirming that public DKIM keys are correctly published on DNS name servers.
- Validating public key formats for email service integrations (e.g. Google Workspace, SendGrid).
- Auditing active cryptographic selector configurations.
Common Security Pitfalls
- Entering the wrong selector name (DKIM records are selector-specific and cannot be checked without the correct one).
- Formatting the public key tag (p=) with line breaks or quotation marks inside DNS panels.
Frequently Asked Questions
- What is a DKIM selector?
- A selector is a unique string prefix assigned to specific email services or campaigns, allowing multiple different public keys to exist on the same domain.
- What key size should I use for DKIM?
- A 2048-bit RSA key is the modern standard. 1024-bit keys are discouraged as they are vulnerable to cryptographic cracking, and keys over 2048-bit might not fit in standard DNS TXT records.
References & Standards