Use this tool to lookup and verify a DKIM DNS TXT record and determine its public key length to detect the use of weak cryptographic DKIM keys (less than 1024 bits).
Great tool. Just entered a record DKIM record with more than 255 chars and lookup result looked rather funny. I was expecting BIND to concatenate the multiple parts into one! Checked here with success. Then find out that it is the application using this record which is suppose to concatenate the parts.
DKIM Key Checker – protodave Tava precisando de limpar uma lista de emails, e achei o site http://www.validadordeemails.com.br usei e limpei minhas listas de e-mail, realmente é muito bom, tem uns filtros avançados legais… Pra quem quiser retirar e-mails inválidos, uso e indico para meus amigos o site http://www.validadordeemails.com.br muito bom mesmo galera 🙂
Excellent beat ! I wish to apprentice at the same time as you amend your
web site, how can i subscribe for a blog web site? The account helped me a applicable deal.
I have been a little bit acquainted of this your broadcast offered vivid clear concept
Hi! There are many tools to verify DKIM TXT records.
But I did not find any tool to verify the DKIM Data of an Email already sent. I mean copy&paste the raw mail code to check mail text and metadata. Why is it so hard to find a tool for that? Cause this is what dkim is for.
Your tool missed an error in what a client published. They included escape characters (v=DKIM1\;) and your took gave them “success” as a result. Using MXTOOLBOX it pointed out their error.
May want to look into that – they used your site to erroneously believe they’d published correctly.
Just wondering if I copy the contents of the result “—-begin certificate — ” and save it as a .pem file, will the regular cert reading tools be able to decipher it as a certificate?
I get a fail on my test but a pass for other online checking pages – from reading I suspect it has to do with the FQDN appended to the selector eg my selector is:
phr1._domainkey
and it seems to fail on some sites inlcuding this one but pass on others – are you able to check if the un-appended FQDN is the problem?
Hi
I’ve setup a 2048 key for MailPlus on my synology NAS and split the key across 2 TXT records in the DNS but the checker only reports it as a 1024 key. Does it not handle split keys?
For some reason this tool is not able to find the dkim entry on any of my websites. All have dkim as selector in a TXT record:
3dworldz.com, sovariaestates.world, gospellearningcenter.com, localfood4u.com.
Resolved! Nice to finally find out how to put in the selector on the domain TXT record. Host entry is to be dkim._domainkey and the VAlue with the rest of the required data. Validation is now working and finding the entry on my domain. Thanks Dave!
Hello! Please, add support for .services domain.
Hi, thanks for the tool. Just found out that many similar tools out there are unable to handle long keys…yours works perfectly.
Great tool. If you could please add support for some of the newer TLDs, .properties in particular, that would be swell.
Very handy tool, thank you!
Thanks for the tool! Just a remark:
Base64 encoded data usually wrap lines after 64 chars. The public key your tool did reconstruct wrapped after 78.
Updated to wrap at 64 chars. Thanks for the feedback!
Thank you so much, this is making my life a lot easier.
Thank you VERY much for this tool and moreso for all your knowledge on this topic.
Cyrilick domain or punycode domains not support 🙁
@Evil_Wolf: Can you share a couple example domains and selectors to test so I can work on adding support? Thanks!
Great tool. Just entered a record DKIM record with more than 255 chars and lookup result looked rather funny. I was expecting BIND to concatenate the multiple parts into one! Checked here with success. Then find out that it is the application using this record which is suppose to concatenate the parts.
Hmmm, worked that time, after I updated my DNS to remove the domain. I just put it back, we’ll see how your tool does tomorrow.
Hi Sir,
I have a issue. How to check DKIM Cname record ?
Hi Dave
Thank you so much for providing this tool. I was able to check my Key Strength which was 1024 and upgraded it to 2018 at Google Apps.
This has helped me a lot to implement DMARC and see how Spammers are trying to use my domains for their hideous activities.
Regards
Varun
Thanks a lot., real bug killer..!!!
I downloaded a app & payed for it to but I can’t get it to work
This is extremely useful. Thanks for sharing it!
I didn’t want to install the bind-utils just to get the dig utility.
This is great, thanks again.
DKIM Key Checker – protodave Tava precisando de limpar uma lista de emails, e achei o site http://www.validadordeemails.com.br usei e limpei minhas listas de e-mail, realmente é muito bom, tem uns filtros avançados legais… Pra quem quiser retirar e-mails inválidos, uso e indico para meus amigos o site http://www.validadordeemails.com.br muito bom mesmo galera 🙂
Great,simple tool! thanks for this
i want c=relaxed/relaxed instead i’m getting c=relaxed/simple where should i specify this. please help
Thank you, very usefull Tool 😀
what is selector in DKIM ?
I am new to it
2048 key length not working?
It should be working, what selector/domain are you testing?
Mine has a 2048 bit key, for an example:
selector: google
domain: protodave.com
Ho do you get the key length ?
Thanks a lot! Very useful tool. 🙂
Thank you very much for sharing this tool.
Excellent beat ! I wish to apprentice at the same time as you amend your
web site, how can i subscribe for a blog web site? The account helped me a applicable deal.
I have been a little bit acquainted of this your broadcast offered vivid clear concept
If I’m checking my SPF, DKIM configuration, I’m using https://www.emailtooler.com/authentication-validator/. It is an easy 2-step process to get the result. I love this tool!
p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqWNYOa8qqbBAI \009nP9mhxNb8WHjEe+n9g+mS8xOcL66j73LwITKo7LOhzOhAltqo/2Q/VvJDlqxo2I5uIXaduWO1UK+CaWV \009VGPjN+dka9dP3vNjvS/ZMCIXNBv+Byu9d/zsPcMoMApFRVCOV9klFfJDLLyK3OmkcG8czlcZubdWZMLj \009INtWRg7T7″ “7JEQCCvUuetf/m9zL9CHhiaVyuJDZXgVeXU0lgOBJI5o4x9bevXf8v2NR55cQwg5bIllinG \009ycSzlY6wDfoCH6+dfEG48gtPHoVlU5GhJ0mJyypWd4EYwDr3xiZR9qzcCFGneP5//jMK5RpOu35k/nfx \009T3SgXeVwQIDAQAB”
This Key Is Diffetent Than The DKIM Key In My TXT Record. Pease Reply Me If You Found Any Solution.
Include the ( ..key info.. ) ; when creating the TXT record.
ey
Sorry, noob question here – how does the receiving server know what selector to use / ask the sending server for?
Is that in the header of the email? you talk about how different websites use different phrases : )
thanks!!
Hi! There are many tools to verify DKIM TXT records.
But I did not find any tool to verify the DKIM Data of an Email already sent. I mean copy&paste the raw mail code to check mail text and metadata. Why is it so hard to find a tool for that? Cause this is what dkim is for.
Your tool missed an error in what a client published. They included escape characters (v=DKIM1\;) and your took gave them “success” as a result. Using MXTOOLBOX it pointed out their error.
May want to look into that – they used your site to erroneously believe they’d published correctly.
Thanks!
This is an excellent tool – thanks so much. With a few tests, I finally managed to figure out what was wrong and to get this working ! 🙂
Thanks for the message… great to hear the tool was able to help you get things working!
Just wondering if I copy the contents of the result “—-begin certificate — ” and save it as a .pem file, will the regular cert reading tools be able to decipher it as a certificate?
Please support ed25519 keys (RFC 8463)
Just a quick note of thanks for the great tool!
thanks for the note, and glad it was helpful!
Is the code for this available anywhere? Just curious how you parse the record and feed it into openssl.
Hi Dan! I haven’t published the code but it’s just a quick little PHP script with a flow that looks like this…
digto grab the DKIM DNS record, since PHP’sdns_get_record()doesn’t properly handle returningTXTrecords for long DKIM entries.openssl_get_publickey -> openssl_pkey_get_detailsIf you want more specifics about any of that, drop me a note via the Contact page and I’ll email you further details.
I get a fail on my test but a pass for other online checking pages – from reading I suspect it has to do with the FQDN appended to the selector eg my selector is:
phr1._domainkey
and it seems to fail on some sites inlcuding this one but pass on others – are you able to check if the un-appended FQDN is the problem?
Thanks,
Phil.
Hi Phil! Yes, just use your DKIM selector,
phr1, in the “Selector” input box. Do not include the_domainkeysubdomain.Using that, along with your Domain
pricom.com.auworks for me. Let me know if that helps.Hi
I’ve setup a 2048 key for MailPlus on my synology NAS and split the key across 2 TXT records in the DNS but the checker only reports it as a 1024 key. Does it not handle split keys?
Hi Julian! It should handle split keys. What’s your DNS TXT record (selector/domain) and I can take a look.
Hey protodave,
Your code doesn’t seem to support ed25519 keys, is that correct?
many thanks for this tool!
ed25519 support would be awesome 🙂
For some reason this tool is not able to find the dkim entry on any of my websites. All have dkim as selector in a TXT record:
3dworldz.com, sovariaestates.world, gospellearningcenter.com, localfood4u.com.
Hi Bob!
I do see your DKIM TXT record on
dkim.3dworldz.com❯ dig -t TXT dkim.3dworldz.com;; ANSWER SECTION:
dkim.3dworldz.com. 60 IN TXT "v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCu85+PZRVgrTN2VMyINKIA8EbiFMBn0aDyUYzdfL7kl7hZJnOV0BvyR9I1xwRN/EmDEgd9DVkjYKgT1fNjHkjLDmPtirCc1QiAfceCqjGbWjuOFtFjW5RfaQP4rqnJ0CH2QL3hwfekTBfHPkKAO4mf37gtlkXMUSXzQiIUTd+ogwIDAQAB;"
However, the DKIM specification uses a namespace subdomain called “
_domainkey” to store DKIM records.So you’ll want to use the format:
[your selector]._domainkey.[your domain name]Example:
dkim._domainkey.3dworldz.comThe relevant RFC section:
https://datatracker.ietf.org/doc/html/rfc6376#section-3.6.2.1
And some more details about the naming of the DKIM DNS entry:
https://www.cloudflare.com/learning/dns/dns-records/dns-dkim-record/
Resolved! Nice to finally find out how to put in the selector on the domain TXT record. Host entry is to be dkim._domainkey and the VAlue with the rest of the required data. Validation is now working and finding the entry on my domain. Thanks Dave!