DKIM Checker
Look up a domain’s DKIMpublic key and validate it — key type, strength, and whether it’s in testing or revoked. Enter your selector (your provider chooses it), or leave it blank to probe the common ones.
Leave the selector blank to probe common provider selectors (google, selector1/2, default…).
Finding your selector
DKIM keys live at <selector>._domainkey.yourdomain.com. The selector is chosen by your email provider — e.g. Google Workspace uses google, Microsoft 365 uses selector1/selector2. You’ll also see it in the DKIM-Signature header (s=) of any signed message.
The full trio
DKIM is one of three: check the others with the SPF Checker, DMARC Checker, or all at once with the Email Deliverability Test.
Frequently asked questions
▸ ▾ What is a DKIM selector?
A label your email provider chooses so you can run several DKIM keys at once. The public key lives at <selector>._domainkey.yourdomain.com. You'll find your selector in the s= tag of a message's DKIM-Signature header.
▸ ▾ Why can't a tool find my DKIM automatically?
Because DKIM is selector-based, there's no fixed location to look up — the selector could be anything. This tool probes the common provider selectors; if yours is custom, enter it directly.
▸ ▾ What key size should DKIM use?
2048-bit RSA (or Ed25519). 1024-bit is the weak legacy default and is being deprecated by major receivers — rotate to 2048-bit via a new selector.