Setting up DomainKeys
The correct answer to "what should I do to fix this" is to delete the DomainKeys record. The confusion stems from thinking that DomainKeys and DomainKeys Identified Mail (DKIM) are the same. They aren't. DomainKeys was a Yahoo specific technology that has been officially dead since 2007. As Chris S. stated, DKIM (DomainKeys Identified Mail) is the successor to DomainKeys. As of 2007.
A few years ago I ran both a DomainKeys and a DKIM validator on incoming mail. I did see a few emails bearing DomainKeys signatures but I'd be surprised if that were still the case. There is no longer any reason to deploy DomainKeys as none of the DomainKeys signing software is still supported.
This is all you need to worry about:
DKIM check: pass
And you're good.
Also, Chris S. is mistaken about Sender ID. It is not, nor has it ever been, proposed as a successor to SPF. Sender ID is a defunct Microsoft proposed standard that built atop SPF. SPF and Sender ID don't do the same things. Sender ID was Microsoft's attempt to add header validation checks atop SPF (which validates the Envelope Sender). The rest of the email community rejected it in part because Microsoft asserted patents rights and didn't relinquish them until after Sender ID was still born. Outside of hotmail.com and on-premise Exchange servers, Sender ID's adoption could be accurately described as a rounding error.
Microsoft has ceased validating Sender ID on hotmail leaving only on premise Exchange servers as the last vestiges of Sender ID on the internet. They have announced upcoming changes to Exchange that will stop breaking DKIM signatures as messages pass through Exchange servers. Although DMARC merely prevents phishing, Microsoft has officially hopped on the DMARC bandwagon embracing both DKIM and SPF.
Related videos on Youtube
09 : 19
04 : 01
03 : 19
06 : 39
01 : 16
Nektarios
Updated on September 18, 2022Comments
-
Nektarios almost 2 years
I've tried improving the security of my emails (and preventing them from being marked as spam) by adding the SPF and DKIM records. So I've created both of them and I tested the results with [email protected]. This is the result:
========================================================== Summary of Results ========================================================== SPF check: pass DomainKeys check: neutral DKIM check: pass Sender-ID check: pass SpamAssassin check: hamSo, everything passed except for DomainKeys. The detailed report is:
---------------------------------------------------------- DomainKeys check details: ---------------------------------------------------------- Result: neutral (message not signed) ID(s) verified: [email protected] DNS record(s):I then tried to add the TXT record
_domainkey.mydomain.comwith contentt=y; o=~and checked again but the result was the same (the DNS have propagated, since I checked the DNS record from mxtoolbox and I got it).What should I do to fix this?
-
Philip over 10 yearsDKIM is the successor to DomainKeys. If you have DKIM working then do no worry about DomainKeys. Sender-ID is similarly the successor to SPF, though not as widely adopted at this time.
-