Home

selectordomainkeydomain

Selectordomainkeydomain is a shorthand used in some technical texts to refer to the DKIM-related identifiers that enable publishers and recipients to locate and verify a DKIM public key in DNS. The term is not an official standard, but it helps describe the interplay between the selector, the signing domain, and the DNS location of the public key.

In DKIM, an email is signed with a private key associated with a specific signing domain (the

DNS record format for the public key is a TXT record at the constructed name, containing values

Usage and verification flow involve the signer attaching a DKIM signature to outgoing mail, and the verifier

d=
domain).
The
recipient
uses
a
DNS
lookup
to
retrieve
the
corresponding
public
key,
by
querying
a
TXT
record
named
using
the
selector
and
the
domain:
selector._domainkey.domain.
The
selector
is
an
arbitrary
label
chosen
by
the
domain
owner
to
identify
a
particular
key
or
signing
policy;
the
domain
is
the
signing
domain
that
appears
in
the
DKIM
signature
as
d=;
the
key
domain
refers
to
the
DNS
zone
where
the
public
key
is
published.
such
as
v=DKIM1;
k=rsa;
p=BASE64VALUE.
The
value
specifies
the
DKIM
version,
key
type,
and
the
base64-encoded
public
key.
A
successful
lookup
allows
the
recipient
to
verify
the
DKIM
signature
attached
to
the
message
header.
retrieving
the
public
key
from
selector._domainkey.domain
to
validate
integrity
and
authenticity.
Best
practices
include
rotating
keys
periodically,
publishing
accurate
keys
in
DNS,
and
testing
configurations
with
diagnostic
tools.
See
also
DKIM,
DNS
TXT
records,
and
DMARC.