The DKIM Records risk vector is assessed based on if a company has a DomainKeys Identified Mail (DKIM) record for each of their domains and the key length of the public key found in their DNS record. Test records are assessed as if the domain does not have a record.
Issues generally stem from a public key that is too short or is malformed.
Use the dig command to display information about the listed DKIM record, assuming one has been implemented. Commands requiring specific asset data from your finding to be inserted (variables) are indicated by the bold text.
dig selector._domainkey.domain.com txt
+short to filter just the TXT records for the domain.