DomainKeys is a deprecated protocol now succeeded by DomainKeys Identified Mail (DKIM). 

DomainKeys used two sets of records where the first would contain the public key used for DomainKeys signing and the second would contain the policy which specified the preferred disposition of the message when it failed authentication. 

An example of the policy record used is shown below.

“_domainkey   IN TXT t=y; o=-; n=notes; r=email address"

 All of the tags are optional and explained below.

n= Notes

o= Outbound signing policy (o=- means all emails are signed, o=~ (default) means some emails are signed)

r= email address to which invalid verification should be reported to

t= a set of flash defining boolean attributes

Policy records are no longer needed as another protocol called DMARC was developed to specify the policy of the sender for the preferred disposition of the message if it failed SPF or DKIM authentication.

To learn more about SPF, click on the button below.

To learn more about DKIM, click on the button below.

To learn more about DMARC, click on the button below.

Did this answer your question?