DKIM Record Formatter
Format a DKIM (DomainKeys Identified Mail) DNS TXT record from a public key and policy parameters.
Input
Result
DKIM Record Formatter
The DKIM Record Formatter is an email security and DNS administration utility designed to format DomainKeys Identified Mail public keys into valid DNS TXT records. Mail servers use DKIM signatures to verify that incoming messages actually originate from the claimed domain and remain unmodified during transit. This tool automates the record creation process, wrapping the base64 public key in the standard DKIM structure and segmenting it into BIND zone file syntax. Email administrators, server engineers, and IT specialists use the formatter to publish records correctly.
DKIM Structure and DNS Limits
Setting up a DKIM record requires combining configuration parameters (like version, key type, and public key data) into a single string. However, standard DNS TXT records enforce a 255-character limit per string segment, requiring longer keys to use split quoted strings.
According to mail authentication guidelines, there are 4 distinct structural properties that govern DKIM records. First, the record prefix utilizes the format 'v=DKIM1; k=rsa; p='. Second, the public key must be stripped of PEM headers (such as 'BEGIN PUBLIC KEY') and newlines. Third, the DNS lookup uses a designated selector subdomain (e.g., selector._domainkey.domain.com). Fourth, BIND servers require long records to wrap in parentheses with separate quoted segments. Formatting engines apply these specs to prevent zone errors.
The History of Email Domain Signatures
Email was originally designed without built-in sender verification, enabling attackers to spoof sender addresses. In the mid-2000s, Yahoo's DomainKeys and Cisco's Identified Internet Mail merged to form the DKIM standard (RFC 4871). By signing messages with a private key and publishing the public key in DNS, domain owners proved their email identity. Today, major email providers (such as Google and Microsoft) enforce strict DKIM validation, making correct DNS record formatting a necessity for email delivery.
How the DKIM Record Formatter Works
To format a DKIM record, paste your public key, define the domain and selector parameters, and run the formatter. The generation engine constructs the outputs through a 3-step sequence.
- Key Cleansing: The engine strips PEM headers, footer lines, space offsets, and newline characters from the public key input, leaving a clean base64 string.
- Raw Record Compilation:
- The engine unites the parameters into the raw TXT value: v=DKIM1; k=rsa; p=YOUR_KEY.
- It verifies key lengths to determine if segmentation is required.
- BIND Format Segmentation: The engine splits the raw string into 255-character blocks, wraps each in double quotes, and places them within a parenthesized zone record structure.
For example, inputting an RSA public key with the default selector and 'example.com' generates both the raw TXT value and the parenthesized BIND zone configuration. The tool displays this result instantly.
DKIM Format Reference Table
The table below displays sample parameters and their resulting DKIM DNS configurations.
| Selector | Domain Target | Key Length (Bits) | TXT Subdomain Name | Output Format Style |
|---|---|---|---|---|
sig1 |
example.com | 1024-bit | sig1._domainkey.example.com | Single string (under 255 chars) |
default |
mycompany.org | 2048-bit | default._domainkey.mycompany.org | Multi-line BIND split format |
mail |
shop.net | 2048-bit | mail._domainkey.shop.net | Multi-line BIND split format |
k1 |
test.edu | 1024-bit | k1._domainkey.test.edu | Single string (under 255 chars) |
Frequently Asked Questions
Why does my DKIM record need to be split into quotes?
DNS specifications limit individual text strings to 255 characters. Splitting the record into multiple quoted strings allows you to publish large 2048-bit keys without breaking DNS servers.
Can this tool validate if my public key is mathematically correct?
This tool formats the record text structure. It does not perform cryptographic checks on the public key's prime numbers.
What happens if I include the PEM headers in the DNS record?
Including PEM headers causes validation failures on mail servers. Mail systems expect only the raw base64 data inside the p= tag.
Construct Your Mail Security Records Instantly
Manual wrapping and splitting of base64 strings is slow and prone to typos. The DKIM Record Formatter delivers error-free zone records. Use this tool to build TXT fields, configure zone files, and ensure mail authentication compliance easily.