ZeqozeqoStart free trial

Free DKIM Checker

Check your domain's DKIM signing

Enter any domain to verify DKIM. We detect your email provider and look for the correct selector across your apex and sending subdomains, then show you how to fix a missing or revoked signing key.

14email providers we fingerprint to find your real DKIM selector — so you don’t get a false “missing.”

Why DKIM matters for you

DKIM (DomainKeys Identified Mail) adds a cryptographic signature to every email you send, so receiving servers can verify the message genuinely came from your domain and wasn’t altered in transit. It’s one of the two pillars — alongside SPF — that DMARC and inbox placement depend on.

Gmail and Yahoo now effectively require DKIM for bulk senders. Without a valid signature your mail is far more likely to land in spam, and you lose the ability to enforce DMARC, leaving your domain open to anyone who wants to impersonate it.

How DKIM quietly breaks

DKIM is published under a provider-specific selector (like google._domainkey or emailit._domainkey), often on a sending subdomain. That’s exactly why generic checkers report “missing” for domains that are signing perfectly well — they look in the wrong place and give you a false alarm.

Real failures are subtler: a key your provider rotated but you never re-published, an empty p= value that silently revokes signing, or DKIM that was simply never switched on when you connected a new sending tool.

Naive checkers look at the wrong selector and report “missing” for domains that are signing perfectly. Detecting your provider is the whole game.

How Zeqo works for you

This checker first detects your sending provider, then looks for the correct selector across your apex and sending subdomains — so you get an accurate answer instead of a false “missing.” If it’s broken, you get the exact step to fix it inside your provider’s settings.

Zeqo Mail monitors your DKIM continuously and alerts you if the key disappears or is revoked — the kind of change that happens during a provider migration and otherwise goes unnoticed until deliverability craters.

For agencies, that means you catch a client’s broken signing before their campaign does — and you have a timestamped record of exactly when it changed.

Start monitoring free →

More free tools

Email Deliverability Checker

Check SPF, DKIM, DMARC, blacklists and MX in one go.

SPF Checker

Validate SPF and catch the 10-lookup PermError trap.

DMARC Checker

Check DMARC policy strength and the duplicate-record trap.

Blacklist Check

See if your sending IP is on major email blacklists.

Email Deliverability Test

Run a full inbox-readiness test and get one clear verdict.

SPF Record Generator

Build a valid SPF record from your sending sources.

DMARC Record Generator

Build a DMARC record with the right policy and reports.

Frequently asked questions

Why does my DKIM show as missing when it’s set up?+

DKIM is published under a provider-specific selector, often on a subdomain. Generic checkers look in the wrong place. This tool detects your provider and checks the correct selector across your apex and sending subdomains.

What is a DKIM selector?+

A selector is a label (like google or emailit) that points to your public DKIM key at selector._domainkey.yourdomain.com. Your email provider assigns it.

Do I still need DKIM if I already have SPF?+

Yes. Gmail and Yahoo expect both, DMARC needs DKIM or SPF alignment to protect your domain, and DKIM survives email forwarding better than SPF does.

Keep reading

8 min read

SPF, DKIM & DMARC Explained: A Plain-English Guide for Founders

The three DNS records that decide whether your email lands in the inbox — explained without the jargon, plus how to check yours in 30 seconds.

7 min read

Google & Yahoo Sender Requirements: The Checklist Every Sender Needs

Since 2024, Gmail and Yahoo enforce real rules for senders — miss them and your mail gets rejected. The complete checklist, explained simply.