What’s DomainKeys?

Print anything with Printful



DomainKeys is an email authentication technology that verifies the origin of messages using public key cryptography. It has been superseded by DKIM, but can still be used on older systems. It helps prevent spoofing and is supported by some webmail services.

DomainKeys is an email authentication technology used by some mail servers to verify the origin of messages. Help thwart spammers and scam artists by determining whether or not the message has been spoofed so that it appears to come from a domain it’s not actually from. A popular encryption technique known as public key cryptography is used to perform the verification. It is largely an obsolete standard and has been superseded by the similar but incompatible DomainKeys Identified Mail (DKIM).

Email services weren’t originally designed with great security in mind, and as a result, it’s relatively easy for an attacker to manipulate various aspects of an email to their advantage. Often headers, parts of messages containing addresses to and from addresses and other information, are forged. Spammers use this type of manipulation to make their email appear to come from a legitimate source, such as a bank or auction site. DomainKeys is one of many methods that have been devised to verify the authenticity of email messages.

DomainKeys checks if an email message originated from the domain it claims to be from. While the system cannot verify the identity of the individual sender, it can be used to verify that messages from organizations such as banks are legitimate and not from an imposter. Some of the more popular webmail services used this system to display a key icon or other logo next to the sender’s address in a mailbox. From the sender’s perspective, using this technique can reduce the chances of legitimate mail succumbing to some spam filtering technologies.

For DomainKeys to be effective, the sender’s and recipient’s email servers must support it. The system is based on public key cryptography, an encryption scheme in which mathematically related public and private keys are generated. The public key is stored in a text file available through the Domain Name System (DNS) entry for a given domain. On a mail server that supports the technology, a private key is included in the headers of outgoing email messages. Since the keys are mathematically related, the private key can be compared with the public key to verify the authenticity of the sender.

Parts of the DomainKeys system have been merged with the similar Identified Internet Mail to form DKIM. The combined specification has been widely adopted and essentially serves as a replacement for DomainKeys. However, older systems are still available for historical purposes and can still be used on mail servers. Many email services support both DKIM and its predecessors to enable support for older systems that haven’t been updated yet. The term DomainKeys is also used incorrectly by some when referring to the DKIM standard.




Protect your devices with Threat Protection by NordVPN


Skip to content