DKIM is simply a TXT record in DNS. A simple host command can fetch this record. I’ll show you how!
The command is:
$ host -t TXT dkimrecord
So how do you find that dkim value?
DKIM records are in the following format:
[selector]._domainkey.[domain]
The selector and domain are provided in the email headers of an email. For example, here is a portion of an email header from a gmail to gmail email.
The d= is the domain, the s= is the selector.
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=gmail.com; s=20120113;
h=mime-version:in-reply-to:references:date:message-id:subject:from:to
:content-type;
bh=r8R+NS5CU0Cgx5OUcPnHGiw5R1AzjGtdFQoju9HIxCo=;
b=zXKVrJAN2Md8bLPFOzF9Tte87J3wBULQvv+7wRlPja7n/1pPGYZiaGyHOn/t61yfbQ
x21E+17D0is7XhGzmz2cu1Xunpst2+wcC20wZoXO+VvX1AwqXo01wC+CsFENqW74kjbc
+QdYg86dFV3w/qDBBjqWiuW5xGTIsdH0RuRexlnd4RGVQjoGQGpyyMG+LZozUiQEjhkd
lRpF4y19/sBMDshqXuCBzGtnf6DVUNa0Q2KvJVDGGxmGaSGtgVGtk2PZoarJLBNfYm0i
cTe2kFDdB4APmQbqg5dOUFPDz4b0wVac+9wBW+YZuhxyNvcwlKLyEMGMKZj6/q8djdIP
F7Fw==
Here is an example DNS query. Here I am looking up gmail’s DKIM record:
$ host -t txt 20120113._domainkey.gmail.com 20120113._domainkey.gmail.com descriptive text "k=rsa\; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1Kd87/UeJjenpabgbFwh+eBCsSTrqmwIYYvywlbhbqoo2DymndFkbjOVIPIldNs/m40KF+yzMn1skyoxcTUGCQs8g3FgD2Ap3ZB5DekAo5wMmk4wimDO+U8QzI3SD0" "7y2+07wlNWwIt8svnxgdxGkVbbhzY8i+RQ9DpSVpPbF7ykQxtKXkv/ahW3KjViiAH+ghvvIhkx4xYSIc9oSwVmAl5OctMEeWUwg8Istjqz8BZeTWbf41fbNhte7Y+YqZOwq1Sd0DbvYAD9NOZK9vlfuac0598HY+vtSBczUiKERHv1yRbcaQtZFh5wtiRrN04BLUTD21MycBX5jYchHjPY/wIDAQAB"
A useful website for checking and analyzing DKIM records is:
http://dkimcore.org/tools/keycheck.html
