Finding DKIM selectors without mailing

There is no way to detect if DKIM is implemented by the sender without getting a mail from the sender, extracting the selector from the DKIM-Signature header and getting the DKIM policy from DNS based on this selector.

One can check if some commonly used selectors can be found in DNS. But a successful check does not mean that any of these selector actually gets used for signing nor does it mean that the messages gets signed at all. And, no typical selector found does not mean that DKIM is not implemented.

This not entirely accure, the answer by Steffen. There are some commonly used selectors that you can try, and in fact could build your own table of possibliites to pass into a program or script to check against.

I recommend trying:

google
dkim
mail
default

For example: dig -t TXT +short google._domainkey.domain.com

Hope that helps someone.

Wanted to add this: should go without saying that if you have the DKIM and no email to compare it against, obviously it's not really of any use. But if all you're interested in is identifying if it's configured, and what the public key might be, go with trying common selectors.