Testing DKIM records with NSLOOKUP

Hi everyone

Today I wanted to share a small and handy tip to test any DKIM setup.

I used to generate my DKIM key(s) and my problem were that I do not control the DNS’s server which hold my public DKIM’s key pair.

As such at first when I was sending a email to a source like hotmail.com, the header was showing me that;

dkim=fail (invalid public key)

As such, now I had to dig the why, and many website offer to check the DKIM, but I was stumbled on how to do it by hand myself.

I found that nslookup was the saviour.. again.. 🙂

So the tip is to issue;


set q=TXT

# There you type your DKIM selector for your domain;


So if your selector is DKIM_test and your domain is contoso.com;

The string will look like that;


The result would be the current key stored for the domain for that selector;


In my case the encryption key was cuted, as some DNS server limit the TXT field to 255 characters, so the field must be split to work good.

Thanks everyone






Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s