DKIM Explained: How Email Signing Works and How to Check It
DKIM adds a cryptographic signature to your email so receivers can confirm it is genuine. Here is how DKIM works, how to set it up, and how to check it.
DKIM (DomainKeys Identified Mail) adds a cryptographic signature to every email you send. Receiving servers use it to confirm the message was not altered in transit and really came from your domain, which is a core part of reaching the inbox.
Check your DKIM record
Look up your published DKIM key with the free DKIM checker.
How DKIM works
Your mail server signs each message with a private key. The matching public key is published in DNS as a TXT record at selector._domainkey.yourdomain.com. The receiver fetches the public key, checks the signature, and confirms the message is authentic and unmodified.
Finding your selector
The selector is set by your sending provider. Common ones are google for Google Workspace, selector1 and selector2 for Microsoft 365, and k1 for Mailchimp. You can also read it from the DKIM-Signature header of an email you have sent.
Setting up and checking DKIM
Enable DKIM in your email platform, publish the TXT record it gives you, then confirm it with the DKIM checker. DKIM works alongside SPF and DMARC, so set all three up together. For the complete walkthrough, read SPF, DKIM and DMARC explained.
Ready to verify your email list?
Start free with 1,000 verification credits. No credit card required.
