DKIM key lookup

Fetch and parse a DKIM public-key record at <selector>._domainkey.<domain> (RFC 6376). Returns the parsed key params (algorithm, length, flags) so you can verify rotation status or key strength. Caller must know the selector — use email-deliverability if you don't.

Input

Field	Type	Description
domain *	string	Domain name (also accepts email/url/host)
selector *	string	DKIM selector, e.g. "default", "google", "selector1"

Example output

{
  "domain": "google.com",
  "selector": "20221208",
  "fullName": "20221208._domainkey.google.com",
  "hasRecord": true,
  "raw": "v=DKIM1; k=rsa; p=MIIBIj...",
  "version": "DKIM1",
  "keyType": "rsa",
  "hashAlgorithms": [],
  "serviceType": "*",
  "flags": [],
  "publicKey": {
    "base64": "MIIBIj...",
    "bits": 2048,
    "revoked": false
  },
  "warnings": []
}

Try it — see the 402 challenge (free)

curl -i -X POST https://agent402.tools/api/dkim-lookup \
  -H "Content-Type: application/json" \
  -d '{"domain":"google.com","selector":"20221208"}'

The response is HTTP 402 Payment Required with exact payment requirements. Any x402 v2 client pays automatically and retries:

Paid call (JavaScript agent)

import { wrapFetchWithPayment } from "@x402/fetch";
import { x402Client } from "@x402/core/client";
import { registerExactEvmScheme } from "@x402/evm/exact/client";
import { privateKeyToAccount } from "viem/accounts";

const client = new x402Client();
registerExactEvmScheme(client, { signer: privateKeyToAccount(KEY) });
const payFetch = wrapFetchWithPayment(fetch, client);

const res = await payFetch("https://agent402.tools/api/dkim-lookup", {
  method: "POST",
  headers: { "Content-Type": "application/json" },
  body: JSON.stringify({
    "domain": "google.com",
    "selector": "20221208"
  }),
});

Wallet-only. This tool reaches the network/browser/storage, so it is paid in USDC via x402 (no proof-of-work tier).

Related tools