DKIM Record Checker
DKIM is the authentication layer that Gmail trusts most. A revoked key, weak 512-bit RSA key, or missing key causes Gmail to treat your emails as unsigned — and unsigned emails from commercial senders go directly to spam. Check yours now.
DKIM Record at
Get your DKIM validation report + key upgrade recommendations
No spam. Unsubscribe any time.
Report sent! Check your inbox in the next few minutes.
What Makes a DKIM Key Invalid — and Why It Matters
What is DKIM?
DomainKeys Identified Mail adds a cryptographic signature to your outgoing emails. Receiving servers verify this signature to confirm the email wasn't tampered with and truly came from your domain.
How do I find my DKIM selector?
Check your email headers for the s= tag in the DKIM-Signature header. Common selectors include 'google' (Google Workspace), 's1'/'s2' (Microsoft 365), 'k1' (Mailchimp), 'default', and 'selector1'/'selector2'.
What key size should I use?
Use at least 2048-bit RSA keys. 1024-bit keys are considered weak and some providers may flag them. Google Workspace uses 2048-bit by default.
What is test mode (t=y)?
When t=y is set, receiving servers should treat DKIM failures as if the message was unsigned rather than rejecting it. This is useful during initial setup but should be removed for production to ensure full DKIM enforcement.
Related Free Tools
Your DKIM Key Can Be Revoked Without Warning
InboxEagle monitors your DKIM key status daily. If your ESP rotates keys and your DNS record isn't updated, your emails start failing authentication immediately. We alert you within minutes — before a campaign goes out to your list.
Start Free 14-Day TrialNo credit card required · Cancel anytime