DKIM Record Checker
DKIM signs outgoing emails. Receivers verify the signature using a public key in DNS.
DKIM lives on <selector>._domainkey.<domain>. If selector is empty, we try common ones.
Result for otto.de
Found
Selector: selector1
(TXT on selector1._domainkey.otto.de)
v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5fVRvAX0WvP95NGADxT3GLqRckY+BgtF30KLumfxSBgk+pv86YF/FpDoyZJfJymz9PTS/ukNhUXXxnZVaLa12q/NGjFh4tqp1XwX+a2PBmueI21QUFQCBXCZ7+DE3q6lidTQuDE0qBKgOfKFE9/NwUIOmqO+0K1B0vljg6C88Oc6WeAGhPhDBX0CE/lST5id4Ke81jJVjfwLYMbV0+JQbwtcuT4NmpXFlLb3o3bhya3kEDLqC1DtaTjSr7Cwbi9pKTzRyr6KP4ZelGBSqhuckidx2WUBTh80C3tYSf+EjFyVuvq6bvBuQXkN27NSWM4rha2NrRU7b4wQ8jUMY8S78QIDAQAB;
Selector: selector2
(TXT on selector2._domainkey.otto.de)
v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA76U3eWtGU5Do1oBOTTHTNeUSguRFuVhrR0cvj0ZhhYsz0W0N9k201ErxE/g0twFGFHtOaDNi7VPkAK1pt7IdOPnnir92CB2AAd/CB8SdzuX4VaWskT5Ma54EgJUihoUKtbHFlyt2GGlgNNJztjLzXNuw2Qf5XW6uu5ksYYZfp8uODGFr6WTGfLPZO/NtiHiyQX5nezVRobAe1wboV1+Oe4Gs0LsDyhVu0nauBfUcDyDmrxavLRWMhc+a0QUampYe1Knyp1INlrrjBwl0/TBPpWVHe9HQpIyBhmmoyC3/0VxSnm7D1phL7rQtoq36pbDI4xMDCfUlMRY4GMThhQanfQIDAQAB;
Selector: mail
(TXT on mail._domainkey.otto.de)
v=DKIM1; h=sha256; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhVKIOMRhCuVzYiOtAxRXGoq1fkM/8VE2WfpMnEDJ8AL/+ILjt+ccpYW/PjoWdjBavu8pNNWAWSmXNh8fDGrKy+cxlzaEe4p7RAmzELsWPHshwhJA3pobffORmgmuRIUFBiC3YiKMNGRbBkBwMk7YHbV3qosgACx9r4/0Sk887HGU3c1BT2GHyhL+Kd6FUKOuzoDNAXhOHnkXln1ODUX3JKeu+uzjygJ7jFXMU5LWVXSsFVk7wsIdmHvMnufEehg4W+Icj+NZnxdLmRWYw7ga5HVqjL5SJPt2CgIuVtO+9m5hfcsDhJ8ivnYeXqgbL81QbZjBZtvQSOj/VQfGe/3KAQIDAQAB
FAQ
Why does DKIM require a selector?
Selectors allow rotating keys and running multiple keys per domain.
Where is DKIM published?
TXT on <selector>._domainkey.<domain>.
DKIM record exists but emails still fail DKIM?
Signing may be disabled or the selector used in email differs from DNS.
Do I need DKIM if I have SPF?
Yes, many providers use both for best deliverability and DMARC alignment.
Can I have multiple DKIM selectors?
Yes, that is common for key rotation or multiple senders.
What is DKIM?
DKIM (DomainKeys Identified Mail) adds a cryptographic signature to outgoing emails. DNS stores a public key that allows receivers to verify authenticity.
Example
v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0B...
Common mistakes
- Wrong selector (the record exists but under a different selector).
- Key is split incorrectly across multiple TXT chunks (some DNS UIs break it).
- Publishing DKIM but not enabling signing on the mail provider.