Privacy controls
CyberFurl can load analytics only after you opt in. Core product features work without analytics consent.
Discover DKIM selectors and retrieve public keys for any domain. Verify email authentication setup and identify missing or weak keys.
DomainKeys Identified Mail (DKIM) is an email authentication method that uses public-key cryptography to verify that an email was sent by an authorized server and was not modified in transit. Receiving servers validate the signature using a public key published in DNS.
DKIM proves email authenticity and integrity. Without it, forged emails from your domain are trivial. DMARC requires DKIM or SPF alignment to reject spoofed messages.
Weak 512-bit or 768-bit keys, missing DKIM entirely, using a single selector without rotation plan, and misconfigured key format in DNS are the most common DKIM failures.
Type your domain into the DKIM lookup tool. Optionally specify a selector.
We search DNS for TXT records under selector._domainkey.yourdomain.
Retrieve public keys, check key length, and validate record format.
Replace weak or old keys. Use multiple selectors for smooth rotation.
Automatically discovers all DKIM selectors published for a domain. No need to guess common names like google, default, or mail.
Retrieves and displays the full public key for each selector. Validates RSA key length and flags weak keys below 1024 bits.
Parses DKIM TXT records for correct v=DKIM1 format, valid k=rsa tag, and properly base64-encoded public key data.
Analyzes key bit length and algorithm. Flags deprecated or weak keys that should be rotated to maintain security posture.
Handles domains with multiple active selectors. Useful during key rotation and when different services use different selectors.
Displays selector names and public keys in a clean, copyable format. Use for documentation, audits, or DNS configuration.
Automate DKIM key discovery, track selector changes, and get alerted when keys are missing, weak, or unexpectedly rotated across all your domains.