Description:

"DomainKeys Identified Mail (DKIM) permits a person, role, or organization that owns the signing domain to claim some responsibility for a message by associating the domain with the message." RFC 6376

A DKIM-Signature contains the domain tag (d=) on which to lookup the DKIM key and a selector (s=). This allows for multiple DKIM keys being used for a single domain. e.g. "d=example.com; s=mail;" refers to the selector "mail" on the domain "example.com". The DKIM key is found on the "_domainkey" subdomain. The full DKIM lookup would look as following: "mail._domainkey.example.com. TXT".

DKIM lookups are only done when a message has a DKIM-Signature. The impala query provides insight into domain names using DKIM on their domain.