DKIM signs your mail cryptographically so the recipient can prove it wasn't tampered with. We check your selectors, key length and that signing works.
Run a free domain scan All checks βWe find your DKIM selectors in DNS, verify that the public key exists and is at least 1024 bits (ideally 2048), and that it isn't a stale or revoked key but a valid signing key.
DKIM is the second pillar of DMARC. Without DKIM your entire spoofing protection rests on SPF, which breaks on forwarding. Weak or missing DKIM keys undermine trust in your email.
p= with no value)p= empty) but still referencedHow many selectors do I need?
One per sending provider is common (one for Google, one for your newsletter tool, etc.). We check that all your flows are actually signed.
Is 1024 bits insecure?
It's weaker than recommended. 2048 bits is today's standard. We flag 1024-bit keys that should be rotated up.
Do you read the email content?
No. The check is passive and only reads public DNS records.
Run a free scan or order a full Security Assessment β prioritised, not noise.
Run a free domain scan