Use this tool to lookup and verify a DKIM DNS
TXT record and determine its public key length to detect the use of weak cryptographic DKIM keys (less than 1024 bits).
If you make a purchase using these affiliate links I may earn a small commission which helps support this blog and the free tools I provide. You do not pay a higher price.
Protect Your Email With DMARCLY
Block phishing, business email compromise, ransomware, spam, and improve email deliverability with a comprehensive SPF, DKIM and DMARC monitoring solution.
Grow your business with ActiveCampaign
Email marketing, marketing automation, and CRM tools to create incredible customer experiences. Supports SPF, DKIM, and DMARC authentication.
DigitalOcean provides cloud products for every stage of your journey. Get started with $200 in free credit!
About This Tool
This DKIM test tool has been used over 2 million times since it was launched, helping domain administrators improve their email authentication, and globally reduce sender address forgery (spoofing), which is often used in spam emails and phishing attacks.
If you are curious, you can read more about why I originally wrote this DKIM tester.
Please let me know if you find a valid DNS record that doesn’t parse properly for some reason and I’ll take a look and update my code as needed.
What Is It Doing?
At a high level, the code for this DKIM validator does the following:
- Using the Selector and Domain you provide, the DKIM record check first queries your DKIM DNS
- The DNS results are parsed to extract the DKIM tags of interest from the record, as defined by RFC 6376.
- Finally, it processes the extracted public key found in the
v=tag using OpenSSL to determine the key size. If the length is less than 1024 bits you’ll receive a warning of that fact in the UI response so you’ll know to regenerate and update your keys.
I maintain this free DKIM checker as a public service for sysadmins, security and ops folks to help us improve email security and reduce spam. I hope you find it useful!
Privacy Notice — I log only basic usage information: date, DNS query/response, and calculated public key length. I record these only for the purposes of detecting abuse of the tool or my systems, and to debug any issues with my code to improve it. I don’t, and won’t collect, correlate, retain, share or sell any Personally Identifiable Information (PII) from this tool.