Is there any way to find out what selectors are used by a domain in their DKIM record without access to an e-mail send from that domain?
So to clarify, let's say I know example.com has DKIM implemented. I cannot receive an e-mail from example.com as I know no one that works there. Can I still check the existence and validity of the DKIM record even though I do not know the name of the used selector? (or find the selector somehow without e-mail).
There is no way to detect if DKIM is implemented by the sender without getting a mail from the sender, extracting the selector from the DKIM-Signature header and getting the DKIM policy from DNS based on this selector.
One can check if some commonly used selectors can be found in DNS. But a successful check does not mean that any of these selector actually gets used for signing nor does it mean that the messages gets signed at all. And, no typical selector found does not mean that DKIM is not implemented.
This not entirely accure, the answer by Steffen. There are some commonly used selectors that you can try, and in fact could build your own table of possibliites to pass into a program or script to check against.
I recommend trying:
google
dkim
mail
default
For example:
dig -t TXT +short google._domainkey.domain.com
Hope that helps someone.
Wanted to add this: should go without saying that if you have the DKIM and no email to compare it against, obviously it's not really of any use. But if all you're interested in is identifying if it's configured, and what the public key might be, go with trying common selectors.
