Why it matters
This concept affects domain trust, mail delivery, troubleshooting and migration safety.
Tool
DKIM: domain email signing
A practical DKIM guide: selector, TXT record with a public key, message signatures and cooperation with DMARC.
DKIM signs messages with a domain key so recipients can verify that an authorized system signed the message and that it was not changed in transit.
Mail tester
Check MX, SPF and DMARC together.
DMARC tester
Review domain policy and reporting.
DNS delegation
Check NS, SOA and DNSSEC basics.
Mail servers
Return to the business mail hub.
DKIM: domain email signing
A DKIM public key is published as TXT under selector._domainkey.example.com. The selector allows key rotation and multiple signing systems.
DKIM record basics
Where it is configured
The value is published in DNS and should be managed together with the domain operator or DNS platform.
What to check
Check syntax, TTL, old records after migration and consistency with mail or domain services.
Example
Example: selector1._domainkey.example.com TXT v=DKIM1; k=rsa; p=PUBLICKEY
Practical check order
- Read current DNS. Check what the public DNS currently returns for the relevant name.
- Compare with the intended policy. Confirm that the record matches the mail platform or domain design.
- Remove stale entries. Old records after migration are a common source of failures.
- Retest dependent services. Run mail, DNS, SSL or RDAP checks depending on the record type.
Common mistakes
- Record added under the wrong DNS name.
- Old values left after migration or provider change.
- Long TTL during planned changes.
- Policy copied from another domain without adapting host names or report addresses.
- Record changed without checking the services that depend on it.
FAQ: DKIM: domain email signing
How should I use this DataHouse page?
Use it as a technical checklist and connect it with the relevant diagnostic tools before or after a production change.