SSL Monitoring Ping Monitoring Port Monitoring Domain Monitoring TCP Monitoring Keyword Monitoring Cron Monitoring API Monitoring SLA Monitoring
Status Pages Status Badges Is Website Down? API MCP Server
For SaaS Teams For Agencies For E-commerce For DevOps For Startups For Hosting Providers For Developers
<- Back Home Pricing Status Pages Status Badges API MCP Server Is Website Down? Website Errors Free Tools

Free email tool

DKIM Checker

Look up a DKIM record by selector, confirm the signing key is published and not revoked, and read its key type and flags.

Common selectors:

Try ,

Checks run in your browser over Google public DNS-over-HTTPS (Cloudflare as fallback). Nothing you enter is sent to Pulsetic.

Email authentication only protects you while the records are right. Pulsetic monitors your domain and certificates around the clock.

What is DKIM?

DKIM (DomainKeys Identified Mail) adds a cryptographic signature to your outgoing email. The matching public key is published in DNS as a TXT record, and receivers use it to confirm a message really came from your domain and was not changed in transit.

The key lives at a selector subdomain: selector._domainkey.yourdomain. The selector is just a label your mail provider picks, which lets a domain rotate keys and run several providers at once.

Finding your selector

A DKIM lookup needs the selector, and there is no way to list them from DNS, so you have to know or guess it. Providers use predictable names: Google Workspace uses google, Microsoft 365 uses selector1 and selector2, and many others use k1, default, dkim or mail.

The fastest way to find yours is to open a message you sent and read the s= value in its DKIM-Signature header. Enter that selector above with your domain, and the checker confirms whether the key is published.

Check it from the terminal

Prefer the command line? This reads the same record the checker validates:

dig selector1._domainkey.example.com TXT +short # replace selector1 with your selector

Frequently asked questions

  • What is a DKIM record?

    A DKIM record is a TXT record at selector._domainkey.yourdomain that holds the public key receivers use to verify your email signature. It proves a message came from your domain and was not altered.

  • What is a DKIM selector?

    A selector is a label your mail provider chooses to name a specific signing key, used as the first part of the record name, for example google._domainkey.example.com. It lets a domain publish several keys and rotate them.

  • How do I find my DKIM selector?

    Read the s= tag in the DKIM-Signature header of a message you sent, or check your mail provider documentation. Common selectors are google, selector1, selector2, k1, default and dkim.

  • What does an empty p= mean?

    The p tag holds the public key. An empty p= means the key has been revoked, so signatures using that selector will no longer verify. A healthy record has a long base64 key in p=.

  • Do I need DKIM?

    Effectively yes. DKIM, alongside SPF, is what DMARC checks, and most major mailbox providers expect bulk senders to sign with DKIM. Without it, your mail is far more likely to be filtered.

  • How does this DKIM checker work?

    It looks up the TXT record at selector._domainkey.yourdomain over DNS-over-HTTPS, follows any CNAME to the key, and confirms a public key is published in the p tag and not revoked. If you do not know the selector, leave it blank and the checker probes the common ones automatically.

  • What does a DKIM record look like?

    A DKIM record looks like v=DKIM1; k=rsa; p=MIGfMA0GCSq... where p holds a long base64 public key. The k tag is the key type, an empty p means the key was revoked, and an optional t=y flag marks the key as testing.

Stay online, all the time, with Pulsetic's uptime prime.

By Designmodo

Designmodo Inc. 169 Madison Ave, #79627, New York, NY 10016, United States

Copyright © 2010-2026

Hey there 👋  Friends from designmodo are here to help!
More Products Start a Chat...