Confirm a domain publishes a DKIM key for a selector so receivers can verify its signatures.
Free and anonymous. No account required.
This queries the DKIM TXT record at <selector>._domainkey.<domain> and reports whether a key is configured and its type.
DKIM cryptographically signs outbound mail. Without it (or with the wrong selector), receivers cannot verify messages, weakening DMARC enforcement.
A live DNS-over-HTTPS query retrieves the selector record and a parser confirms a v=DKIM1 key is present.
Look at the DKIM-Signature header of a real message from the domain; the s= tag is the selector. Common ones include google, selector1, and k1.
Either the selector is wrong or the domain has not published a DKIM key for it.
Connect your inbox and InboxWatch watches for these threats automatically. Free for your first 15 scans.
Connect your inbox