Validate the DomainKeys Identified Mail (DKIM) TXT record for any domain and selector.
d=domain; s=selectorDKIM (DomainKeys Identified Mail) is an email authentication method that uses a digital signature to verify that an email was sent from an authorized server and has not been tampered with in transit. The sending mail server signs outgoing email with a private key, and the public key is published as a DNS TXT record. Receiving servers use the public key to verify the signature.
The DKIM DNS record is stored at selector._domainkey.domain.com. The selector allows a domain to use multiple DKIM keys simultaneously (e.g., for different email services or key rotation).
| Tag | Description | Required |
|---|---|---|
v=DKIM1 | Version tag (must be DKIM1) | Yes |
k= | Key type: rsa (default) or ed25519 | No (default: rsa) |
p= | Base64-encoded public key | Yes (unless revoked) |
h= | Acceptable hash algorithms (sha256, sha1) | No |
s= | Service type restriction (email, *) | No |
t= | Flags: y (testing), s (strict) | No |
n= | Notes (human-readable) | No |