Find DKIM and DMARC Records?

domain-name-system dkim dmarc

To query the TXT record for DMARC, you can use:

dig TXT _dmarc.example.org

To query for a particular record for DKIM, you would need to know the selector prefix. You will find it in the s value in an email's DKIM-Signature.

For example:

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=example.org;
s=google; t=1615461277;
[…]

You would then query it as TXT:

dig TXT google._domainkey.example.org

For DKIM records, if you have received a DKIM-signed email from that domain, look at the DKIM-Signature header line(s).

From the spec:

All DKIM keys are stored in a subdomain named _domainkey. Given a DKIM-Signature field with a "d=" tag of example.com and an "s=" tag of foo.bar, the DNS query will be for foo.bar._domainkey.example.com.

So in this example, you can then run:

dig TXT foo.bar._domainkey.example.com

Credit to andol, whose comment led me to this solution.


You should use +short with dig to get the DMARC record only.

dig +short TXT _dmarc.domain.com

Related

Why can I update a file owned by root using sudo vi, but not append a line to it with sudo echo "Thing" >> file?
Faking the date for a specific shell session
What does “%U” mean when calling a command?
How to identify which Chrome/Chromium tab is using up CPU?
How to force Wine into acting like 32-bit Windows on 64-bit Ubuntu?
Dropbox error - 'echo 100000 | sudo tee / proc/sys/fs/inotify/max_user_watches'
Is it possible to undo an apt-get install command?
How to make a permanent alias in oh-my-zsh?
How to execute a script in a different directory than the current one?
Slack shows opened links to browser as another slack instance in task bar
How to play mp3 files from the command line?
Why does installing node 6.x on Ubuntu 16.04 actually install node 4.2.6?