What is a DKIM Selector and how does it work?

October 11, 2023  |  2 min read

We will cover a number of DKIM selector-related ideas in this article, including what they are, why we need them, and how they function in DKIM authentication.

What is DKIM?

DKIM is an email authentication method that allows the receiving server to check if an email was sent and authorized by the owner of the email’s domain. The email is given a digital signature which is a header that is added to the message and secured with encryption. Find more information about what is DKIM on our website.

What is a DKIM selector?

A DKIM selector is a string that is appended to the domain name in a DKIM signature. It is used to identify a particular public key that is used to sign the message.

Where do I find my DKIM Selector?

When DKIM is configured for the email domain (or email sender), a DKIM selection is supplied when the private/public key pair is formed. It can be any random string of text.

When the email is sent, the DKIM selector is added as a s=tag to the DKIM-Signature email header. Sending yourself an email is the simplest approach to finding the selector for your domain.

  • View the email’s “original message” (some email applications may refer to this view as “raw” or “full headers”) when you open it. Viewing the header data, which contains DKIM authentication results, is your objective.
  • To locate the DKIM signature used on the message, look in the headers for “DKIM-signature.” Find the DKIM-Signature header that includes your domain if there are numerous ones. The selection is indicated by the property “s=” in this DKIM signature. The DKIM selector in the example DKIM selection below is s2048gl, as can be seen.

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=skysnag.com; s=s2048g1;

How many DKIM selectors can you have?

A DKIM selector allows an organization to publish multiple DKIM keys in DNS. This can be useful, for example, when an organization changes its signing infrastructure. A new key can be generated, and the corresponding DNS record can be added well in advance of removing the old key.

Why do we need multiple DKIM selectors?

There must be multiple private/public key pairings for the following reasons:

  • Setting up DKIM with several email delivery services on a single domain;
  • Each service can have its own independent selectors so that signing/verifying with one service doesn’t conflict with that with another.

One key pair is utilized each time an email message is sent or validated. A DKIM selector is used in this situation; it is used by the signing server to locate (select) the public key in the key pair, and it is also used by the receiving server to locate the public key in the key pair.

How to check DKIM record

You can freely perform a DKIM record check to configure errors in your DKIM record and resolve issues.

Skysnag’s automated DKIM solution helps you to inspect and verify your DKIM records while examining email messages’ origin and content in an effort to lower the amount of spam, phishing, and other harmful emails. Get started with Skysnag and Sign up for a free trial today




Check your domain's DMARC security compliance

Enforce DMARC, SPF and DKIM in days - not months

Skysnag helps busy engineers enforce DMARC, responds to any misconfigurations for SPF or DKIM which increases email deliverability, and eliminates email spoofing and identity impersonation.