Verify DKIM for All Third-Party Senders
You can verify that a DKIM record is published correctly in DNS by using Agari DMARC Protection (or even a publicly available tool, such as MX toolbox: https://mxtoolbox.com/dkim.aspx).
- Go to Tools > DKIM.
- Enter a domain name and selector. For example:
You can verify that a 3rd party is signing correctly by examining the headers of a received message. For example, in the Gmail client, choosing “Show Original” on a message will show the authentication results for SPF, DKIM, and DMARC.
This example message was sent from Salesforce.com from their sending infrastructure. Note that the Gmail client shows the authentication results of DKIM PASS:
Examining the headers for the message, you can see that Salesforce inserted the proper DKIM headers:
d= example.com - The domain is example.com
s=
h=... - The headers used to determine the hash.
bh=... The body hash of the message.
b=... - The actual digital signature of the contents of the message.
For more details on the contents and construction of the DKIM header stamped by the sending agent, refer to https://en.wikipedia.org/wiki/DomainKeys_Identified_Mail#Technical_details.