DomainKeys vs. DKIM
Question asked by Marc Funaro - February 24, 2016 at 10:18 AM
Following Bruce's prior instructions, ages ago i configured both DomainKeys and DKIM in smartermail and in DNS, for every site we host.
We're adding some sites to CloudFlare, which requires that we move the DNS zone there.  My understanding is that DomainKeys is actually DEPRECATED at this point, superceded by DKIM, and therefore I don't need DNS records for it.  The question is, which records do I keep and which do I remove?  And should i turn off DomainKeys signing in SmarterMail?

1 Reply

Reply to Thread
Just turn off the DomainKey signing in SmarterMail.
In SmarterMail 2015.X BETA, this is removed completely, and also removed from all domains.
You will still need all of the DomainKey DNS records - still named as DomainKey, and not as DKIM.
Here's an example of the DomainKey records, in Microsoft DNS:
DKIM records as DomainKey entries in DNS
DKIM entries as DomainKey entries in Microsoft's DNS
Note the PREPEND of k=rsa; to the 2048 bit public key for the domain shown.
So, the three records are actually:
secure being the name of my key, as generated in SmarterMail
note the LEADING UNDERSCORE at the beginning of  _domainkey - declaring the encryption of the key
note the LEADING UNDERSCORES at the beginning of _adsp and _domainkey
and, with the o=~ declaring that ALL outgoing messages must be signed.
note the LEADING UNDERSCORE at the beginning of  _domainkey
Bruce Barnes
ChicagoNetTech Inc

Phonr: (773) 491-9019
Phone: (224) 444-0169

E-Mail and DNS Security Specialist
Network Security Specialist

Customer Service Portal:
Security Blog:

Web and E-Mail Hosting, E-Mail Security and Consulting

Reply to Thread