Skip to content
freeFree tools

DKIM Checker

Probe common selectors or check your own. Verify key strength, revocation, and test-mode flags across every signer.

  • No signup required — instant result
  • Plain-English issues, warnings, and fixes
  • Optional full report by email
Email (optional — get the full report)

Leave your email and we'll send the full breakdown plus a short series on locking down your email authentication. Unsubscribe anytime.

What this checks

DKIM signs your mail with a private key; receivers verify it against a public key you publish in DNS. There's no standard way to discover the selector, so this checker probes the selectors the major providers use (Google, Microsoft 365, SendGrid, Mailchimp, Amazon SES, Postmark, and more), or checks the exact selector you enter. It validates RSA key strength, catches revoked keys (empty p=), and flags test mode.

Why it matters

A weak (sub-1024-bit) or revoked DKIM key means signatures fail and your mail loses a key trust signal. DMARC alignment depends on DKIM passing — get this right and your reject policy stays safe.

More free checks

DMARC Checker

Analyze your DMARC record for policy, reporting, and alignment issues. Get a security grade and the fixes that move it.

SPF Checker

Validate your SPF record, count DNS lookups against the 10-lookup limit, and catch a permissive +all before spammers do.

Reputation Checker

See whether your domain or sending IP is on the blocklists that decide whether your mail lands or bounces.

Want this monitored automatically?

A one-time check is a snapshot. Email Watch ingests your DMARC reports daily, flags spoofing the day it appears, and tells you exactly what to fix — free for one domain.

Start free trial