DKIM Record Checker Form
Example Data Table
| Domain | Selector | Sample DKIM Record | Expected Outcome |
|---|---|---|---|
| example.com | v=DKIM1; k=rsa; h=sha256; s=email; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQ... | Healthy structure, readable key, low warning count. | |
| sample.org | news | v=DKIM1; k=rsa; t=y; p= | Revoked key warning, critical score reduction, testing flag noted. |
| mailer.net | mx1 | v=DKIM1; k=ed25519; p=MCowBQYDK2VwAyEA7mA1Jb0cS8J8QJY3... | Modern key type, strong validation if decoding succeeds. |
Formula Used
This checker converts technical DKIM findings into a practical score. It is not a mail-delivery guarantee. It is a structured review model for syntax, key health, and policy completeness.
| Component | Maximum | How It Is Calculated |
|---|---|---|
| Structure Score | 45 | Syntax quality up to 10, valid version up to 15, public key presence up to 20. |
| Key Score | 35 | Recognized key type up to 5, readable public key up to 10, key strength ratio up to 20. |
| Policy Score | 25 | Hash tag up to 8, service tag up to 6, flags up to 4, notes or granularity up to 7. |
| Penalty Score | 30 | Critical issues reduce 8 points each. Warnings reduce 2 points each. The total penalty is capped at 30. |
How to Use This Calculator
- Enter a domain and selector if you want live DNS retrieval.
- Paste the DKIM TXT record directly if you want manual validation.
- Set the minimum acceptable key size for your review standard.
- Choose optional checks for h=, s=, and testing-flag warnings.
- Press Check DKIM Record to generate the score above the form.
- Review the summary, warnings, critical issues, parsed tags, and the Plotly chart.
- Use the CSV or PDF buttons to export the current review for documentation or audits.
Frequently Asked Questions
1. What does this checker validate?
It reviews DKIM syntax, expected tags, key presence, approximate or extracted key length, testing flags, optional policy tags, and scoring penalties for warnings or critical problems.
2. Can it fetch the record automatically?
Yes, when your server supports dns_get_record(). Enter the selector and domain, switch to live DNS mode, and the tool attempts to pull
the TXT record directly.
3. Does a high score guarantee email delivery?
No. A strong score means the record looks technically healthier. Delivery still depends on SPF, DMARC, sending reputation, alignment, and mailbox provider behavior.
4. Why is an empty p= value critical?
An empty public key usually means the selector is revoked. That can intentionally disable signing validation for that selector, so the checker marks it as critical.
5. Which key size should I require?
A 1024-bit key is often the minimum acceptable baseline. A 2048-bit RSA key is generally preferred when your provider and DNS environment support it.
6. Why does the testing flag matter?
The t=y flag signals testing mode. It can be useful during rollout, but it may also indicate the selector is not yet in a final production state.
7. Why are h= and s= useful?
They narrow how the key should be used. That improves clarity and policy control, even though some DKIM deployments operate without explicitly setting them.
8. Can I paste records split across quoted DNS strings?
Yes. The checker normalizes common line breaks and adjacent quoted segments before parsing. That helps when copied TXT data arrives in wrapped DNS format.