TXT record on the name server
In order for inbound mail servers to retrieve the sender's public key, it must be published as a TXT resource record in the domain's DNS zone.
The DKIM record contains the following elements:
The version often encoded with v=DKIM1
The encryption algorithm, which is always RSA (k=rsa).
The public key (p=); which is a long string.
The selector, which differs according to the provider. Example: default._domainkey or k1._domainkey
The DKIM record is a TXT resource record.
The DKIM record can usually only be retrieved using the email header. Both the domain name and the selector are required for the lookup. The selector is usually not known or is too time-consuming to find.
Creating a DKIM record
To create a DKIM record, you have to create an RSA key pair and place it in the correct location on the server. Most email providers will do this for you.
To better understand how DKIM works, you can create a record manually. Various tools are available free of charge on the Internet, such as the DKIM Record Generator by EasyDMARC. At the top of the screen, enter a selector of your choice (such as k1) on the left and a domain on the right. The generator displays a private and a public key. The private key must be stored on the mail server (this can only be done by your email provider), and the public key is entered in the DKIM record.
DKIM Record Generator by EasyDMARC. Enter the domain and a prefix of your choice at the top of the screen. The generated DKIM record appears in green at the bottom of the screen.
Checking the DKIM record
You can check whether the DKIM record is actually publicly available by using a DKIM checker such as DKIM Record Lookup by EasyDMARC.
But the easiest way to check is by sending yourself an email and then looking at the header, where you’ll see the entry “DKIM-Signature:”
You can see the DKIM signature in the header of the email.
You can copy the header to a header analyzer tool to view clearer, more detailed information about the email header.