1
DomainKeys vs. DKIM
Question asked by Marc Funaro - February 24, 2016 at 10:18 AM
Unanswered
Following Bruce's prior instructions, ages ago i configured both DomainKeys and DKIM in smartermail and in DNS, for every site we host.
 
We're adding some sites to CloudFlare, which requires that we move the DNS zone there.  My understanding is that DomainKeys is actually DEPRECATED at this point, superceded by DKIM, and therefore I don't need DNS records for it.  The question is, which records do I keep and which do I remove?  And should i turn off DomainKeys signing in SmarterMail?

1 Reply

Reply to Thread
0
Bruce Barnes Replied
February 24, 2016 at 11:09 AM
Just turn off the DomainKey signing in SmarterMail.
 
In SmarterMail 2015.X BETA, this is removed completely, and also removed from all domains.
 
You will still need all of the DomainKey DNS records - still named as DomainKey, and not as DKIM.
 
Here's an example of the DomainKey records, in Microsoft DNS:
DKIM records as DomainKey entries in DNS
DKIM entries as DomainKey entries in Microsoft's DNS
 
Note the PREPEND of k=rsa; to the 2048 bit public key for the domain shown.
 
 
So, the three records are actually:
 
secure._domainkey.chicagonettech.com
secure being the name of my key, as generated in SmarterMail
 
secure._domainkey.chicagonettech.com
secure._domainkey.chicagonettech.com
note the LEADING UNDERSCORE at the beginning of  _domainkey
 
_adsp._domainkey.chicagonettech.com - declaring the encryption of the key
 
_adsp._domainkey.chicagonettech.com
_adsp._domainkey.chicagonettech.com
 
note the LEADING UNDERSCORES at the beginning of _adsp and _domainkey
 
and _domainkey.chicagonettech.com, with the o=~ declaring that ALL outgoing messages must be signed.
 
_domainkey.chicagonettech.com
_domainkey.chicagonettech.com
note the LEADING UNDERSCORE at the beginning of  _domainkey
 
 
Bruce Barnes
ChicagoNetTech Inc

Phone: (224) 444-0169

E-Mail and DNS Security Specialist
Network Security Specialist

Customer Service Portal: https://portal.chicagonettech.com
Website: https://www.ChicagoNetTech.com
Security Blog: http://networkbastion.blogspot.com/

Web and E-Mail Hosting, E-Mail Security and Consulting

Reply to Thread