DomainKeys Identified Mail Record Checker To Boost Deliverabilty

DKIM checker tool

Send an email to the address below to see if your records are validated

Send an email to the address below, then click 'See Your Score':
Mailgenius works with all email providers
gmail spam tester
email tester

DKIM checker tool

You can run an email test at MailGenius to validate your domain’s DKIM record before sending out your next email campaign.

What is DKIM?

DKIM (DomainKeys Identified Mail) is one of the most complicated fundamental components of email authentication that helps protect email senders and recipients from spam, spoofing, and phishing.

It allows a company to vouch for their email’s authenticity in a way that can be validated by the recipient’s mail servers. DKIM uses “public key cryptography” to verify that an email was sent from an authorized mail server on behalf of a domain.

How does DKIM work?

Simply put, DKIM works by adding an encrypted digital signature to the header of an email.

After the email is sent, the receiver’s mail filters decrypt the DKIM signature and determine if it matches the original TXT record in the sender’s DNS settings. They’re validating that parts of that email (i.e. message body and attachments) haven’t been compromised during transit.

Why is DKIM important?

If you are a business that sends commercial or transactional emails, it’s critical to use both SPF and DKIM. Not only will these protocols protect your business from phishing and spoofing attacks, but SPF and DKIM ultimately help protect your customer relationships and brand reputation. However, these are only just a few of the many steps you can take to ensure business-critical emails reach your customers’ inboxes on time and don’t end up in spam folders.

Note: The problem with DKIM is that because it’s more difficult to implement, fewer senders have adopted it. This inconsistent adoption means that the absence of a DKIM signature does not necessarily indicate the email is fraudulent.

How does DKIM affect email deliverability?

Adding a DKIM signature to your email’s header adds another layer of authenticity to your campaigns. DKIM, along with SPF and DMARC make up the dream team trio of email authentication and security. Together, they work in synergy to prevent email spoofing and make your emails more trustworthy.

How to set up DKIM

Setting up DKIM is also a fairly easy task and can be done in a few simple steps depending on your mail server. Be sure to ask your service provider prior.

  1. Take note of all the domains in your organization used to send emails

  2. Install the DKIM package that is specific for your mail server

  3. Create a public and private key pair

  4. Create a DKIM TXT record to publish the DKIM selector and your public key

  5. Save your private key accordingly to your DKIM package

  6. Configure your mail server to make sure that DKIM is up and running

  7. Run a free MailGenius test to check!

You can also learn how to create your own DKIM record here with ReturnPath.

How to validate your DKIM record

You can also test DKIM by sending an email to a Gmail account.

  1. Open the email in the Gmail web app

  2. Click on the down arrow next to the “reply” button (top right of email)

  3. Select “show original”. In the original, if you see “signed-by: [your domain name]” then your DKIM signature is good!

What does the MailGenius DKIM record checker tool do?

The MailGenius DKIM record lookup tool is a robust utility designed to analyze and validate your domain’s DKIM (DomainKeys Identified Mail) records. DKIM is a vital email authentication protocol that helps in preventing email spoofing and phishing by allowing the recipient’s mail server to check that an email claimed to have come from a specific domain was indeed authorized by the domain’s owner. Here’s a breakdown of what the DKIM lookup tool checks for and the insights it provides:

  • DKIM DNS Record Existence (no_dkim_record):

    • This check verifies the existence of a DKIM DNS record for your domain.

    • A missing DKIM record could mean that your domain isn’t configured for DKIM, which could lead to email deliverability issues.

    • If the DKIM DNS record is missing, it’s a red flag, and you should set up a DKIM record to ensure email authenticity and deliverability.

  • DKIM Verification (dkim_not_verified):

    • This check validates the syntax and structure of your DKIM record.

    • It ensures that your DKIM record is correctly formatted and adheres to the standards required for DKIM authentication.

    • If your DKIM record isn’t verified, it could lead to email verification failures, which in turn could affect your email deliverability negatively.

  • DKIM Signature from Author’s / From Envelope domain (generic_dkim):

    • This check verifies that the DKIM signature in the email header is from the author’s domain or the envelope from domain.

    • It’s crucial that the DKIM signature originates from the correct domain to ensure the authenticity of the email.

    • A mismatch could indicate a potential spoofing attempt or misconfiguration, which could lead to email deliverability issues or even security risks.

Our DKIM record check tool provides a user-friendly interface and detailed insights to help you understand and rectify any issues with your DKIM setup. it checks your DKIM record syntax and highlights errors associated with your DKIM TXT record.

By utilizing this tool, you can ensure that your DKIM records are correctly configured, thereby improving your email deliverability and protecting your domain against email spoofing and phishing attempts. The tool is designed to provide real-time results, making it a valuable resource for anyone looking to optimize their email authentication setup.

Caveats, things to watch out for:

The elements included in the DKIM signing process must remain unchanged in transit: If an email is forwarded from Yahoo to Gmail, Yahoo may add a line of text at the top of the email (e.g. “forwarded by Yahoo mail”). At that point, the body of the email has been changed and, if the body was included in the DKIM signing process, the DKIM authentication will fail for the forwarded email.

MailGenius Tips and Tricks

The security community recommends regularly changing the encrypted tokens of your DKIM records to enhance the security of your authentication configuration. The typical schedule for rotation is at least once every 12 months.

Maintaining a robust email authentication setup is crucial for safeguarding your email deliverability and overall email security. One of the recommended practices within the security community is the regular rotation of the encrypted tokens used in your DKIM (Domain Keys Identified Mail) records. This practice is aimed at enhancing the security of your authentication configuration, making it less likely to be compromised by malicious actors. Here’s a deeper dive into this practice and how you can implement it:

Regular Rotation of Encrypted Tokens:

The encrypted tokens within your DKIM records serve as a means of verifying the authenticity of your emails. However, like any cryptographic element, they can become vulnerable over time. Hence, it’s advisable to change these tokens regularly to stay ahead of potential security threats. The typical schedule recommended for this rotation is at least once every 12 months, although some organizations opt for more frequent rotations depending on their security policies and the nature of their email communications.

There are multiple ways to perform rotation, but the two most common are:

Methods of Rotation:

There are several methods to perform the rotation of encrypted tokens in your DKIM records, but the two most common are:

Sequential Rotation:

  • In this method, a new DKIM key pair is generated, and the new public key is added to the DNS as a new TXT record alongside the existing record.

  • Once the new key is propagated across the DNS, which might take up to 48 hours, the email system is reconfigured to sign emails with the new private key.

  • After ensuring that the new key is working as expected, the old DKIM TXT record can be removed from the DNS.

Simultaneous Rotation:

  • Similar to the sequential rotation, a new DKIM key pair is generated.

  • However, in this method, the email system is immediately reconfigured to sign emails with both the old and new private keys.

  • The new public key is added to the DNS as a new TXT record.

  • Once the DNS propagation is complete, and it’s confirmed that the new key is functioning correctly, the system is reconfigured to sign emails only with the new private key, and the old DKIM TXT record can be removed from the DNS.

Considerations for Rotation:

  • Propagation Time: DNS propagation can take some time, usually up to 48 hours. It’s crucial to account for this delay to ensure a smooth transition and avoid any email deliverability issues.

  • Testing: Before removing the old DKIM records, it’s advisable to thoroughly test the new setup to ensure that emails are being signed and verified correctly with the new keys.

  • Documentation: Keep accurate and up-to-date documentation of each rotation process, including the dates of rotation, the individuals involved, and any issues encountered. This documentation can be invaluable for troubleshooting, auditing, and planning future rotations.

  • Automation: Consider leveraging automation tools or scripts to streamline the rotation process, ensuring consistency and reducing the likelihood of errors

Additional Resources

  1. Understanding SPF and DKIM to Improve Email Deliverability- Spark Post

  2. What Is DKIM?- SparkPost

  3. How to Explain DKIM in Plain English- Return Path

  4. DKIM: Everything You Need to Know About Digital Signatures- EmailonAcid

  5. DKIM: What is it and should you configure it?- SecurityTrails

  6. Get Your Questions Answered by Real Email Experts –

A few of our Testimonials

"I'd recommend MailGenius to everyone. Amazingly knowledgeable about email deliverability. I got a sneak peak at their new tool, and it's absolutely fantastic."
Perrin Carrell
Perrin Carrell
Founder at
"We were really struggling with our email deliverability (Gmail & Outlook) and didn’t know where to turn. Luckily, we found MailGenius! They created a plan for us and provided us with the steps needed to ensure our emails were hitting inboxes. We still meet regularly and they are always incredibly knowledgeable and helpful. We would recommend MailGenius to anyone having difficulty with email deliverability."
"My experience with MailGenius was amazing - beyond 5 stars. The service is great and I have seen returns immediately. Within one consulting session, we went over so much that I made my money back tenfold."
Josh Michaels
Director Of Marketing at True Blue Life insurance
"MailGenius was fantastic in helping our company resolve many issues we encountered with email deliverability. They did a deep dive into our account running many tests and helped implement the most up to date best practices to ensure our emails could now be delivered to our customers. They work with a fantastic array of tools to help get the job done and assisted in setting up automation for our SPF records, highly recommended!"
"I'm glad I found MailGenius. They were super helpful and honest about exactly what I need to do and how to go about it, step-by-step. I was able to get clarification and feedback from him on my approach and took a bunch of notes. They also shared other resources and I experienced several "aha!" moments during the call with Jesse - a real genius when it comes to email. Thank you, MailGenius!"
Tim Parkin
President at Parkin Consulting
"Since working with MailGenius we've continued to see stable inboxing, which is great. Thank you again for all of your help and guidance - we would recommend MailGenius to any company experiencing email deliverability issues." EMAIL SPAM CHECKER