Why does it say 'DKIM Record Published' and 'No DKIM Record found' at the same time?

It means that the system performing the check expects to find a DKIM record because your domain is sending email that includes a DKIM signature header. However, when it performs the DNS lookup for the specific hostname (a combination of the selector and your domain), it cannot find the corresponding TXT record. It is an issue of discovery, not validation.

How long should I wait for my DKIM record to propagate?

DNS propagation can take anywhere from a few minutes to 48 hours. The exact time depends on the Time To Live (TTL) value set for your DNS records. A lower TTL means faster updates. It is always best to wait at least an hour before you start troubleshooting.

Can I have more than one DKIM record on my domain?

Yes, and it is very common. You should have a separate DKIM record for each service that sends email on your behalf. Each service will provide its own unique selector, so you will have multiple TXT records like google._domainkey.yourdomain.com and k1._domainkey.yourdomain.com .

What happens if my DKIM record is wrong?

If your DKIM record is wrong or cannot be found, emails sent from your domain will fail DKIM authentication. This can negatively impact your email deliverability, increasing the chances that your messages are marked as spam or rejected entirely, especially if you have a DMARC policy in place.

How to fix “DKIM record published no DKIM record found” errors - DKIM - Learn

A key labeled DKIM fitting into a server, showing email authentication.

It's a frustrating scenario many of us have faced. You've gone through all the steps to set up DKIM (DomainKeys Identified Mail) for your domain to improve your email deliverability and security. You carefully copy and paste the TXT record into your DNS settings, wait a bit for it to go live, and then run a check. The result is a confusing and seemingly contradictory message: "DKIM record published no DKIM record found".

This error can feel like a dead end. How can the record be both published and not found? The message itself hints that the lookup process has started but failed to retrieve the actual key. It suggests that a DKIM record is expected for your domain, but when mailbox providers perform the specific lookup using the selector from your email header, they come up empty-handed. This is a common hiccup, especially when setting up DKIM for the first time.

Fortunately, this problem is almost always solvable. The root cause usually isn't a catastrophic failure but a small, overlooked detail. It often boils down to a DNS propagation delay, a simple typo in the record's name, or an incorrect value. Understanding the common causes of this error and following a step-by-step diagnostic process gets email authentication back on track.

What does this DKIM error mean?

First, let's break down the error message. When a receiving mail server gets an email from you, it looks at the DKIM-Signature header. This header contains several pieces of information, including the domain (d=) and the selector (s=). The server then combines these to perform a DNS lookup for a TXT record at a specific address, which looks like selector._domainkey.domain.com.

The error "DKIM record published no DKIM record found" means the system knows it *should* look for a record, but when it queries that specific address, it gets no response. This is different from finding a record that is syntactically incorrect. It is an issue of discovery. The two most common culprits behind this lookup failure are DNS propagation delays and errors in the DNS record's name (its hostname).

A magnifying glass examining a DNS record on a computer screen.

DNS propagation is the process by which changes to your DNS records spread across the internet's network of servers. This isn't instantaneous and can take anywhere from a few minutes to 48 hours. If you check your record moments after publishing it, servers around the world may not have received the update yet, which causes them to report that no record can be found at that specific hostname.

A note on DNS propagation

Patience is key when working with DNS. After publishing or updating a DKIM record, it is best to wait at least an hour before checking it. If it still doesn't appear, wait longer, because full propagation can sometimes take up to 48 hours, depending on the Time To Live (TTL) settings of your domain's records.

Common causes for the lookup failure

If you've waited a sufficient amount of time and the error persists, the next step is to scrutinize the DKIM record itself. The problem is often a simple mistake in how the record was created in your DNS provider's control panel. These are the most frequent issues:

Incorrect Hostname/Name: The most common error. The host (or name) of the TXT record must be precise: selector._domainkey. Some DNS providers automatically append your domain name (e.g., yourdomain.com), so you only need to enter selector._domainkey. Others require the full name: selector._domainkey.yourdomain.com. If you enter the full name into a provider that auto-appends, you end up with an incorrect hostname like selector._domainkey.yourdomain.com.yourdomain.com, which will not be found.
Wrong Selector: Your email sending service gives you a specific selector. If you enter the wrong selector in your DNS (e.g., selector2 instead of selector1), the lookup will fail. People discussing this online often mention checking their selectors, as seen in this Microsoft Q&A thread.
Syntax Errors in the Value: While less likely to cause a "not found" error (this usually causes a validation error), extraneous characters, line breaks, improper quoting, or other formatting issues in the TXT record's value can sometimes cause parsing issues for certain DNS servers. This causes a failed lookup.

You can manually check if the record exists from your own computer using a command-line tool. This helps bypass web-based checkers and see what the DNS system is reporting directly. Using a command like dig or nslookup is a great way to debug. If the command returns no record, it confirms the problem lies with the record's publication or its hostname.

Check your DKIM record with digbash

dig TXT selector1._domainkey.yourdomain.com

Replace 'selector1' with your actual selector and 'yourdomain.com' with your domain. If the record is published correctly, this command will return the DKIM TXT record in the 'ANSWER SECTION'. If it returns nothing, the record cannot be found at that address.

A step-by-step guide to fixing the error

Let's get this fixed. Follow these steps methodically. The issue is almost certainly hiding in one of these details. The feeling of seeing that "DKIM INVALID" message switch to a pass is well worth the effort, a sentiment shared in many technical forums.

First, confirm your selector. Go back to the dashboard or documentation of your email sending provider (like Google Workspace, Postmark, or SendGrid). Find the DKIM setup page and verify the exact selector they provided. It is usually something like google or a unique key. This selector is the critical link between the email you send and the DNS record.

Next, log into your DNS provider (like Cloudflare, GoDaddy, or Namecheap) and carefully examine the TXT record you created. Pay close attention to the 'Name' or 'Host' field. This is where most errors occur. Compare how your provider handles domain names with the example below to ensure you haven't accidentally duplicated your domain in the hostname.

Incorrect Setup

Hostname: The Name/Host field contains a duplicated domain: selector._domainkey.yourdomain.com.yourdomain.com

Result: The lookup fails because the address being queried does not exist.

Correct Setup

Hostname: The Name/Host field is set to selector._domainkey (and your provider appends the domain automatically).

Result: The lookup for selector._domainkey.yourdomain.com successfully finds the TXT record.

Fixing this error is a process of elimination. Start with the most likely cause, the record's hostname, and work your way down the list. Be patient with DNS propagation after each change you make. While frustrating, solving the "DKIM record published no DKIM record found" error is a right of passage for many who manage email systems, and it sharpens your DNS troubleshooting skills.

Once corrected, your DKIM setup will work as intended. It cryptographically signs your emails and proves to receivers that the messages are legitimate and have not been tampered with. This is a fundamental pillar of modern email deliverability. It works alongside SPF and DMARC to build your sender reputation and ensure your emails land in the inbox, not the spam folder.

0.0

What's your domain score?

Deep-scan SPF, DKIM & DMARC records for email deliverability and security issues.

Suped

How to fix “DKIM record published no DKIM record found” errors