diff --git a/query.go b/query.go
index c4d36aa..2a0cbd8 100644
--- a/query.go
+++ b/query.go
@@ -36,10 +36,18 @@ type queryResult struct {
 	Flags     []string
 }
 
+// QueryMethod is a DKIM query method.
+type QueryMethod string
+
+const (
+	// DNS TXT resource record (RR) lookup algorithm
+	QueryMethodDNSTXT QueryMethod = "dns/txt"
+)
+
 type queryFunc func(domain, selector string) (*queryResult, error)
 
-var queryMethods = map[string]queryFunc{
-	"dns/txt": queryDNSTXT,
+var queryMethods = map[QueryMethod]queryFunc{
+	QueryMethodDNSTXT: queryDNSTXT,
 }
 
 func queryDNSTXT(domain, selector string) (*queryResult, error) {
diff --git a/sign.go b/sign.go
index c4bb028..90902cc 100644
--- a/sign.go
+++ b/sign.go
@@ -49,7 +49,7 @@ type SignOptions struct {
 	Expiration time.Time
 
 	// A list of query methods used to retrieve the public key.
-	QueryMethods []string
+	QueryMethods []QueryMethod
 }
 
 // Sign signs a message. It reads it from r and writes the signed version to w.
@@ -167,7 +167,11 @@ func Sign(w io.Writer, r io.Reader, options *SignOptions) error {
 	}
 
 	if options.QueryMethods != nil {
-		params["q"] = formatTagList(options.QueryMethods)
+		methods := make([]string, len(options.QueryMethods))
+		for i, method := range options.QueryMethods {
+			methods[i] = string(method)
+		}
+		params["q"] = formatTagList(methods)
 	}
 
 	if !options.Expiration.IsZero() {
diff --git a/verify.go b/verify.go
index 741f48a..181b716 100644
--- a/verify.go
+++ b/verify.go
@@ -203,13 +203,13 @@ func verify(h header, r io.Reader, sigField, sigValue string) (*Verification, er
 
 	// Query public key
 	// TODO: compute hash in parallel
-	methods := []string{"dns/txt"}
+	methods := []string{string(QueryMethodDNSTXT)}
 	if methodsStr, ok := params["q"]; ok {
 		methods = parseTagList(methodsStr)
 	}
 	var res *queryResult
 	for _, method := range methods {
-		if query, ok := queryMethods[method]; ok {
+		if query, ok := queryMethods[QueryMethod(method)]; ok {
 			res, err = query(params["d"], params["s"])
 			break
 		}