Domains can have multiple keys published in their DNS records. DKIM selectors allow email servers to locate and differentiate between these keys. This is useful for domains that send emails from multiple providers since it allows each one to have its own DKIM record and DKIM signature.
DKIM record names use the following format:
[selector]._domainkey.[domain]
Let’s say your domain is example.com, and you send emails from two different providers. You can generate two DKIM records.
If your selectors are “s1” and “s2”, your DKIM record names would look something like this:
s1._domainkey.example.com
s2._domainkey.example.com
Where “s1” and “s2” are the selectors and “example.com” is the domain name.
Let's look at two ways to find your DKIM selector.
First, let's find the DKIM selector by inspecting the headers of an emails sent from your domain. In your header find the "DKIM-Signature" section.
Here is an example of a DKIM signature header:
DKIM-Signature: v=1; a=rsa-sha256; d=example.com; s=s1;
c=relaxed/relaxed; q=dns/txt; t=1117574938; x=1118006938;
h=from:to:subject:date:keywords:keywords;
bh=NzR1Njc5OTAyMjM0MUY3ODlqNDA5MzEyNjU2NzU3ODMwMTMzNjU3Mw==;
b=yE2pJ1wG4qK8sL3vF6tM7pH0kI5eR9gU3sF4hG8dC2qW7oL9kN1iO3uS6dJ0lA5h
Once you find the signature header, simply locate the “s=” tag. The value associated with that tag is your selector, and in the example above, this would be “s1”.
Another way to find your DKIM selectors is through your third-party email service provider. Simply navigate to the domain's DNS settings and look for the DKIM record.
Here is an example of a TXT record for DKIM:
“v=DKIM1; k=rsa; p=ABQ5ALSJ4KSXU8SSAWLC90WWOM…"
In this case, s1 is the DKIM selector.
