Our security team created a new DKIM record for us to use with Marketo. But it was setup completely outside of Marketo (not using DKIM in the admin section - meaning I didn't provide the team with the Host record or TXT value). Even though everything appears to be working, is it OK to set this up outside of Marketo? Here's our test that shows it's a valid record:
If Marketo is signing using that selector ("selector1") and they have your keypair, you're fine.
But you can't set up a DKIM record that doesn't correspond to the way Marketo will actually be signing messages -- either the record will be ignored (since different selector) or messages will fail DKIM (since same selector, different key).