This document describes how to verify that DKIM works.
On the Cisco Email Security Appliance (ESA), the easiest way to verify that DKIM is working is to send an email to an outside account and check the headers. In the example below, a message was sent to a @gmail.com account:
Delivered-To: email@example.com Return-Path: <firstname.lastname@example.org> Received-SPF: pass (google.com: domain of email@example.com designates <IP Address> as permitted sender) client-ip=<IP Address>; Authentication-Results: mx.google.com; spf=pass (google.com: domain of firstname.lastname@example.org designates <IP Address> as permitted sender) email@example.com; dkim=pass (test mode) firstname.lastname@example.org
You should see the dkim=pass in the Authentication-Results line.
Note: Please be aware that some clients such as Yahoo tend to strip many headers. Please check this on multiple clients to be sure it is working.
You may also refer to some of these external sources for verifying your configuration: