DKIM Checker: Check Your DKIM Record in Seconds
A DKIM checker shows whether your domain publishes a valid DKIM key, so receiving servers can confirm your emails are genuine and unaltered. Enter your domain above to run a DKIM check across the common provider selectors.
DKIM (DomainKeys Identified Mail) adds a cryptographic signature to every message you send. Receivers look up your public key in DNS to verify it. Without DKIM, your mail carries less proof that it really came from you, which makes impersonation easier.
What this DKIM checker looks for
DKIM keys are published under a selector, a label that points to the key in your DNS. This checker probes the selectors used by major providers such as Google and Microsoft 365 and reports any valid key it finds.
- Whether a DKIM key is published for common provider selectors
- Whether the key is a published TXT record or delegated by CNAME, as Microsoft 365, Fastmail, and others do
- Whether the record is a complete, valid public key rather than a placeholder
How to read your DKIM check results
Because DKIM is selector-specific, a checker can only test known selectors. If your provider uses a custom selector, an automated check may not find it even though DKIM is working. The surest confirmation is the DKIM result in a received email's headers.
A found, valid key means signing is set up for that provider. No key found across common selectors usually means DKIM was never enabled, or a different selector is in use.
Our guide to DKIM explains selectors and signatures in plain language.
What to do if DKIM is missing
Enable DKIM signing in each service that sends email for you. Most providers generate the key and give you a DNS record to publish, often a CNAME that delegates the key to them.
Set up DKIM for every sender, not just your main mailbox, so all of your mail is signed.
If you send through several tools and want signing handled across all of them, readyDMARC sets up and monitors DKIM for you.
Frequently Asked Questions
How do I check if DKIM is set up?
Enter your domain in the checker above. It probes the DKIM selectors used by major providers and reports any valid key it finds. You can also send a test email to a Gmail address and use Show original to see whether DKIM passed.
What is a DKIM selector?
A selector is a label that tells receiving servers where to find your DKIM public key in DNS, at a specific address (selector._domainkey.yourdomain.com). Providers each use their own selectors, which is why a domain can have several DKIM keys, one per sending service.
Why does the DKIM checker find no record when DKIM works?
Automated checks test common, known selectors. If your provider uses a custom or unusual selector, the check may not find the key even though signing works. Checking the DKIM result in a received email's headers confirms whether it is actually passing.
Do I need DKIM if I have SPF?
Yes. SPF and DKIM check different things: SPF authorises sending servers, while DKIM proves the message was not altered and genuinely came from your domain. DMARC needs at least one of them passing and aligned, and both together give the strongest result.
A DKIM checker shows whether your email is signed and verifiable or missing a key that proves it is genuine. Run the check above to see your DKIM status across common selectors, plus SPF and DMARC.
If no key is found, readyDMARC enables DKIM signing across every service that sends email for you and keeps it working.
More free tools
DMARC Checker
Free DMARC checker. Check your domain's DMARC record, see your policy in plain English, and find out if your domain is protected from email spoofing.
Run the check→SPF Checker
Free SPF checker. Check your domain's SPF record, see which servers can send your email, and find errors like too many lookups or an unsafe +all.
Run the check→MX Lookup
Free MX lookup. Find your domain's mail servers, identify your email provider, and check your MX records along with SPF, DKIM, and DMARC.
Run the lookup→A checker shows the gap. Fixing it safely is the hard part.
Email authentication is fiddly and easy to break. One wrong record can let spoofers through or stop your real email arriving. Our specialists configure SPF, DKIM, and DMARC and roll it out safely, so it's set up correctly from the start.