Checking your DKIM DNS record

January 6, 2011

Update Nov 2012:

Due to the recently released vulnerability related to the use of weak cryptographic DKIM keys, I wrote a tool to check DKIM records and determine their public key length: DKIM Key Checker

 

DKIM For The Masses

Google announced today they have added the ability for Google Apps customers to sign outbound email using the DKIM (DomainKeys Identified Mail) standard.

You can set it up for your own Google Apps domain (if you are the domain admin) using these instructions.

It’s a simple process but the trickiest part can be creating the DNS TXT record (which contains your DKIM public key), depending on how you manage your DNS. If you are serving DNS directly via your registrar, Google has some specific instructions for popular domain hosts.

Checking your work

Here’s a quick tip how you can check to make sure you created the record properly and it is being served…

From a shell/console (using your own domain name, of course):

dig google._domainkey.protodave.com TXT

This should return the DNS TXT record you created. In my case the response is:

;; QUESTION SECTION:
;google._domainkey.protodave.com. IN    TXT

;; ANSWER SECTION:
google._domainkey.protodave.com. 1800 IN TXT    ""v=DKIM1\; k=rsa\; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCGfiExKCF1qk/JMaESySByrwx2VjPYDZThQa8432pSTf9mj+AtFiY6wo9A4CMMDLfUBzbDhXFzw3s/qci/tTut+sqv+MSAHhCBJV72Kai64j6TjxUUnfW1RkEYvDhXL+9Wy9OODx2DBZeTpPd6N2Rm4ks3b5wvg73s7RCKjTA7XQIDAQAB"

Get a Shell

If you don’t have access to a shell and ‘dig’, there are some web based lookup tools available too.

DKIM Key Checker

Network-Tools.com

WhatsMyIP.us

DKIM Core Key Check
Use “google” as the “Selector” and your domain name for “Domain name”


7 comments

Thank you

by Antonio on June 14, 2012 at 12:27 pm #

[...] I have registered my TXT Record with my DNS provider, but I am unable to start authentication in my Google Apps Account. I am using Google Apps for Free. I have verfied my DNS entry using various tools such as dig and other online tools, http://www.protodave.com/security/checking-your-dkim-dns-record/ [...]

by Google Apps DKIM Start Authentication fails even though DKIM TXT Record is Available | appsgoogleplus.com on October 1, 2012 at 2:23 pm #

Thanks for this great resource. We use Google apps and I needed to check our TXT record name was correctly setup, this confirmed it was.

by Aidan Sheerin on January 15, 2013 at 2:13 pm #

[...] one is a little more difficult to set up, but I found a great guide and test for it here. The idea of this system, is that all emails that are sent out are signed using a key (it’s [...]

by Guide for setting up company emails | IT Blog of Steve Williams on July 11, 2013 at 9:37 am #

Dave,

Thank you very much for the great info and resources… these will now become part of my standard tools.

by James on February 2, 2014 at 10:19 am #

Dave, thank you.

by Chong Lee Khoo on February 22, 2014 at 12:01 pm #

Leave your comment

Required.

Required. Not published.

If you have one.