Free DKIM Check Tool

What is DKIM?

DKIM (DomainKeys Identified Mail) adds a cryptographic signature to every email you send. The signature is generated by your mail server using a private key, and recipients verify it against a public key published in your DNS. This proves two things: the email genuinely came from your domain, and the message hasn't been altered in transit.

Why does it matter for email deliverability?

DKIM is one of the strongest signals that an email is legitimate. Without it, emails are far more likely to be filtered as spam, and your domain cannot enforce a DMARC policy. Google and Yahoo now require DKIM for bulk senders, and most enterprise mail filters assign a significant trust penalty to emails without a valid signature.

Common DKIM Issues

• No DKIM record — your mail server is signing emails but the public key isn't in DNS
• Selector mismatch — the selector your server uses doesn't match the one in DNS
• Key rotated but old DNS record not updated — verification fails silently
• DKIM record too long for a single DNS TXT entry — needs to be split across multiple strings
• Private key lost or regenerated without updating the DNS public key

How to Fix DKIM Problems

Enable DKIM signing in your email provider's settings (Google Workspace, Microsoft 365, Mailchimp, Resend, etc.). The provider will give you a TXT record to publish at selector._domainkey.yourdomain.com. After publishing the DNS record, allow up to 48 hours for propagation, then send a test email to verify the signature. Use a unique selector per sending service so you can rotate keys independently.