Tired of reading emails?
Let AI extract your action items
Unboxd reads every email and gives you a daily briefing with only what matters.
Look up any domain's DKIM record, validate key strength, or get setup instructions for your email provider.
Enter a domain and selector to check a DKIM record, or pick a provider for setup instructions.
DKIM (DomainKeys Identified Mail) is an email authentication method that adds a digital signature to outgoing emails. The receiving server verifies this signature against a public key published in the sender's DNS records. If the signature matches, the email hasn't been tampered with in transit and genuinely came from the claimed domain.
A DKIM selector is a string used to locate the DKIM public key in DNS. The full lookup domain is selector._domainkey.yourdomain.com. Different email services use different selectors — for example, Google uses "google", Microsoft uses "selector1" and "selector2", and services like Mailchimp use "k1". You can often find your selector in the DKIM-Signature header of a sent email.
Open any email you've sent, view the raw headers (in Gmail: ⋮ → Show original), and look for the DKIM-Signature header. The s= tag contains your selector. Common selectors by provider: Google Workspace uses "google", Microsoft 365 uses "selector1" or "selector2", Amazon SES uses a random string, SendGrid uses "s1" or "s2".
Use RSA keys of 2048 bits or longer (1024-bit keys are considered weak). Rotate your keys periodically (every 6–12 months). Use separate selectors for different mail streams (transactional vs marketing). Ensure your DKIM record doesn't have the t=y (testing) flag in production. Pair DKIM with SPF and DMARC for complete email authentication.
Unboxd reads every email and gives you a daily briefing with only what matters.