DKIM Lookup

Look Up All Your DKIM Records Instantly

DKIM: Digitally Signing Your Emails for Security

DKIM (DomainKeys Identified Mail) stands shoulder-to-shoulder with SPF as another crucial email authentication protocol. While SPF focuses on verifying the sender's IP address, DKIM utilizes a different approach – cryptography. This ensures the email truly originated from the claimed domain and wasn't spoofed by malicious actors.


Here's how DKIM achieves this added layer of security: When a DKIM-enabled email server sends a message, it attaches a digital signature to the email header. This signature is created using a special cryptographic key pair. The sender holds a private key, while a corresponding public key is published. This public key finds its home within a specific format (TXT record) stored in the domain's DNS (Domain Name System) records. This makes the public key readily available for receiving email servers.


Upon receiving an email, the receiving server retrieves the sender's public key from the DNS record. It then uses this public key to verify the digital signature attached to the email. If the signature verification is successful, it confirms that the email originated from a legitimate source authorized by the domain owner. This significantly reduces the risk of email spoofing and phishing attacks, where attackers attempt to impersonate legitimate senders to deceive recipients.

DKIM Lookup

DKIM TAG Specification Explained

TAG MEANING
v This tag specifies the DKIM version being used. Currently, the most common value is "v=DKIM1".
a This tag identifies the cryptographic algorithm used to generate the digital signature. A common value is "rsa-sha256".
d This tag indicates the domain name used with the selector record (another tag) to locate the sender's public key in the DNS.
s This tag specifies the selector record name used to find the public key. It's essentially a subdomain created by the sender for DKIM purposes.
c This tag can specify additional canonicalization methods used when creating the signature.
h This tag can list the email header fields included in the signature calculation.
t This tag can specify the time the signature was created.

DKIM Questions and Answers

DKIM (DomainKeys Identified Mail) is an email authentication protocol that allows an organization to take responsibility for a message that is in transit. The responsibility is validated through cryptographic authentication. DKIM helps ensure that the content of the email has not been tampered with and verifies the sender's domain.
DKIM works by adding a digital signature to the headers of an email message. This signature is created using the sender's private key and can be verified by recipients using the sender's public key, published in the DNS. The signature ensures the integrity of the message and confirms the sender's domain.
The key components of a DKIM record include:
  • v: Version of the DKIM (typically DKIM1).
  • k: Key type (RSA is common).
  • p: The public key used by recipients to verify the signature.
  • s: Selector used to locate the public key in DNS.
  • h: Signed headers.
To create a DKIM record, you need to:
  • Generate a public/private key pair.
  • Publish the public key in your domain's DNS as a TXT record.
  • Configure your email server to sign outgoing emails with the private key.
  • Test the DKIM setup to ensure it is working correctly.
Implementing DKIM provides several benefits, including:
  • Improved email security by ensuring that the message content has not been tampered with.
  • Enhanced email deliverability by verifying the sender's domain.
  • Protection against email spoofing by validating the sender's identity.
Common DKIM issues and their resolutions include:
  • DKIM Signature Verification Failures: Ensure the public key is published correctly in DNS and the private key is used to sign outgoing emails.
  • Incorrect DKIM Setup: Verify that the email server is properly configured to use DKIM and that the DKIM record is correctly formatted.
  • Key Rotation: Regularly rotate DKIM keys to maintain security, and update DNS records accordingly.
To monitor and maintain DKIM records:
  • Regularly review and update your DKIM records to reflect any changes in your email infrastructure.
  • Use DKIM validation tools to check the correctness of your DKIM setup.
  • Monitor email delivery reports to identify any issues with DKIM authentication.

Are You Ready To Experience The Difference?

CC Logo

Become a part of the Campaign Cleaner community today, and join countless satisfied customers who have witnessed significant improvements in their email deliverability and campaign success. Don't let HTML issues hold you back; let Campaign Cleaner optimize your campaigns and boost your inbox rates

Let's Get Started