Skip to content

Look up DKIM records in DNS

To validate the DKIM public key, you need to identify the DNS TXT record. A DKIM signed email will contain a DKIM-Signature header that provides the information to identify which DNS TXT is used for the DKIM public key.

Example:

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;d=company.com; [email protected]; q=dns/txt; s=dkim1;t=2270733901; x= 2170733901;h=from:to:subject:date:message-id:mime-version;bh=AAAAB3NzaC1yc2EAAAABJQAAAQEAp79w1a7WMO8NLDM98YteMpkvZprTo1KOPqpImkuVvJhoSvOuywzCFzJsE8+OUHHyBykAqQv60K/pGs/Mjd55jxJFMLYGzZtcNwXubIb7zIqJvGoVi0757WCPbOkvZefdr0lLEOuLHjguRKgPZEibc3eutDuhOQw3jag92uVgsFqUx9k+IsFPpp3rNwAWpvJI53pump5Q6/1JNKPbTpocuSGhiAVERorjaPnXKgEFK5RbVcIae6v+RE8Gy4JtMN/c1vcLIEokBKh+T7+N72P3MsL5boo5jvNsmDE+NguNNzKV6ahrcFbZPRRw7Mva+139DEIhWTAfWNnmrrJrNGEAuQ==;

The contents of the ‘d=’ and ‘s=’ parts of the DKIM-Signature header provide the domain and the selector used to generate the signature. To look up the key used to generate the signature, look up the TXT record for the following host name:

[selector]._domainkey.[domain]

[selector] is the ‘s=’ value

[domain] is the ‘d=’ value

Example: dkim1._domainkey.company.com