What is a DKIM selector?

DKIM stands for DomainKeys Identified Mail and is used for the authentication of an email that’s being sent. It is an email security standard designed to make sure messages aren’t altered in transit between the sending and recipient servers.

It uses public-key cryptography to sign email with a private key as it leaves a sending server. Recipient servers then use a public key published to a domain’s DNS to verify the source of the message, and that the body of the message hasn’t changed during transit. Once the signature is verified with the public key by the recipient server, the message passes DKIM and is considered authentic.

A DKIM selector is a string used to point to a specific DKIM public key record in your DNS. It is specified as s tag in the DKIM-Signature header field and can be found in the headers of an email. Validation on the receiver side uses the selector in combination with the signing domain in order to carry out a DNS query and find the public key in your DNS.

A DKIM selector described when the user creates a public / private key pair with the email delievery service. It can be any arbitary string.

For example: selector._domainkey.yourdomain