Retrieving the current DKIM key

If you follow our DNS recommendations, email receivers can see in your DNS records that all your emails must have valid DKIM signatures, and that messages without valid signatures should be blocked. The easiest way to achieve this is by ensuring that you send all your messages right through

However, if you are unable to route all your mail through, you must make sure yourself that your other messages get signed as well. You can do this by publishing an additional DKIM key in your own DNS, and use that keys for signing your email.

Note that for security reasons you can retrieve the selector, algorithm and the public key, but the private key - that is generated by us - is never exposed.

The first method returns a JSON object holding the current key that is in use:

    "selector":     "zero",
    "algorithm":    "sha256",
    "public":       "-----BEGIN PUBLIC KEY-----\n...\n-----END PUBLIC KEY-----"

The other three methods return the same information, but using content-type text/plain instead of JSON.