DKIM is an email authentication standard that uses digital signatures to verify that an email was sent by an authorized server and was not altered in transit.

What DKIM key size should I use?

Use a minimum of 2048-bit keys. 1024-bit keys are considered weak and should be rotated immediately.

What is a DKIM selector?

A selector is a DNS prefix that identifies which DKIM public key to use for verification, allowing multiple keys per domain.

Glossary

DKIM — DomainKeys Identified Mail Explained

DKIM (DomainKeys Identified Mail) is an email authentication method that adds a digital signature to outgoing emails. The signature is verified by the receiving server using a public key published in your DNS — proving the email was not altered in transit and was sent by an authorized sender.

How DKIM Works

Your mail server signs each outgoing email with a private key. The receiving server looks up your DKIM public key in DNS (at selector._domainkey.yourdomain.com) and uses it to verify the signature. If the signature is valid, the email passes DKIM authentication.

DKIM Key Strength

DKIM keys should be at least 2048 bits. Keys under 1024 bits are considered weak and can be broken by attackers. Many email providers now reject or penalize emails signed with weak keys.

DKIM Selectors

A DKIM selector is a prefix that identifies which public key to use. Common selectors include google, mail, default, dkim, and selector1. Each third-party sender uses their own selector.

How to Check Your DKIM

Use DomainPreflight's DNS Preflight tool to check 14 common DKIM selectors and verify key strength.

Run checks on your domain

Open DNS Preflight →