Summary
The comprehensive feedback from experts, marketers, and documentation sources strongly advises against implementing DomainKeys. DomainKeys is considered obsolete, superseded by DKIM (DomainKeys Identified Mail), and not a relevant email authentication method for modern email systems. While technical resources for DomainKeys implementation exist, the consensus is to focus on DKIM, SPF, and DMARC to improve deliverability, prevent spoofing, and protect brand reputation. Major email providers do not check for DomainKeys, and it's not integrated with DMARC. Therefore, implementing DomainKeys is not worth the effort.
Key findings
- DomainKeys Obsolete: DomainKeys is an outdated and obsolete email authentication method.
- DKIM Supersedes: DKIM (DomainKeys Identified Mail) has superseded DomainKeys.
- Not Generally Checked: Major email providers like Yahoo and Google do not typically check for DomainKeys.
- Modern Alternatives: Modern email authentication methods include DKIM, SPF, and DMARC.
- Prevents Spoofing: DKIM helps prevent email spoofing and phishing attacks.
Key considerations
- Do Not Implement: Do not implement DomainKeys for email authentication.
- Focus on DKIM: Focus on implementing DKIM for better email deliverability and security.
- Implement SPF and DMARC: Implement SPF (Sender Policy Framework) and DMARC (Domain-based Message Authentication, Reporting & Conformance) for enhanced email authentication.
- Update Authentication: Update your email authentication methods to ensure compatibility with modern email systems.
What email marketers say
8 marketer opinions
The consensus from various email marketers and technical communities is that DomainKeys is an outdated email authentication method superseded by DKIM (DomainKeys Identified Mail). Implementing DomainKeys is generally not recommended, as major email providers like Yahoo and Google primarily focus on DKIM, SPF, and DMARC for email authentication. Modern email systems provide better security and compatibility when leveraging DKIM instead. DKIM works by adding a digital signature verified using DNS records, protecting against spoofing and enhancing deliverability.
Key opinions
- DomainKeys Obsolete: DomainKeys has been largely replaced by DKIM and is considered outdated.
- DKIM is Standard: DKIM is the current standard for email authentication, offering better security and compatibility.
- Yahoo and Google Focus: Major email providers primarily check for DKIM, SPF, and DMARC.
- Prevents Spoofing: DKIM helps prevent email spoofing and phishing attacks.
- Improves Deliverability: Implementing DKIM improves email deliverability and protects domain reputation.
Key considerations
- Implement DKIM: Focus on implementing DKIM instead of DomainKeys for modern email authentication.
- Check DNS Records: Ensure that DKIM signatures are correctly verified using public keys in your domain's DNS records.
- Use Modern Methods: Prioritize SPF, DKIM, and DMARC for a comprehensive email authentication strategy.
- DMARC consideration: Implement DMARC to define how email receivers should handle messages that fail authentication checks.
Marketer view
Email marketer from Reddit comments that implementing DomainKeys isn't worth the effort because it's outdated. Instead, focus on SPF, DKIM, and DMARC for modern email authentication.
24 Jan 2022 - Reddit
Marketer view
Email marketer from ServerFault advises that DomainKeys is old and you should use DKIM instead. It provides better security and compatibility with modern email systems.
8 Jun 2023 - ServerFault
What the experts say
5 expert opinions
Experts in email deliverability and authentication overwhelmingly advise against implementing DomainKeys. The consensus is that DomainKeys is obsolete, largely merged into DKIM, and formally superseded by DKIM standards (RFC 4871). While technical documentation (RFC 4870) exists for DomainKeys implementation, it requires software development and cryptography knowledge, which is not recommended. Instead, experts strongly suggest focusing on modern authentication methods like DKIM, SPF, and DMARC to ensure deliverability and protect brand reputation, as SPF alone is insufficient.
Key opinions
- DomainKeys Obsolete: DomainKeys is considered obsolete and not a current best practice.
- Merged into DKIM: DomainKeys functionality has largely been merged into DKIM.
- RFC 4871 Supersedes: RFC 4871 (DKIM) formally obsoletes RFC 4870 (DomainKeys).
- Focus on DKIM/DMARC: Experts recommend implementing DKIM and DMARC for optimal deliverability.
- SPF Insufficient: SPF alone is not sufficient for robust email authentication.
Key considerations
- Avoid DomainKeys: Do not invest time or resources in implementing DomainKeys.
- Implement DKIM/DMARC: Prioritize implementing DKIM and DMARC for modern authentication.
- Update Authentication: Ensure your email authentication methods are up-to-date to protect deliverability and brand reputation.
Expert view
Expert from Email Geeks shares that RFC4870 provides the information needed to implement DomainKeys, requiring software development and cryptography libraries.
24 Aug 2024 - Email Geeks
Expert view
Expert from Email Geeks explains that the current best practice for DomainKeys is to not use it, as it is obsolete and largely merged into DKIM.
23 Sep 2023 - Email Geeks
What the documentation says
4 technical articles
Email authentication documentation from IETF, SourceForge, and Valimail indicate that DomainKeys is obsolete and has been superseded by DKIM (DomainKeys Identified Mail). While resources exist for implementing DomainKeys, the documentation emphasizes the importance of DKIM and modern authentication methods like SPF and DMARC, with no mention of DomainKeys in relation to DMARC configuration. DKIM and DMARC are the recommended methods for ensuring message authenticity and integrity.
Key findings
- DomainKeys Obsolete: DomainKeys is an obsolete email authentication method.
- DKIM Supersedes: DKIM (RFC 4871) obsoletes the original DomainKeys specification.
- Focus on DKIM/SPF/DMARC: Modern email authentication strategies should prioritize DKIM, SPF, and DMARC.
- DMARC Integration: DomainKeys is not relevant to DMARC configuration.
Key considerations
- Avoid DomainKeys: Avoid implementing DomainKeys.
- Implement DKIM: Implement DKIM for email authentication.
- Configure SPF/DMARC: Configure SPF and DMARC for enhanced email security and deliverability.
Technical article
Documentation from Valimail recommends publishing a DMARC record, setting up SPF and DKIM to ensure better authentication. DomainKeys are not even mentioned in relation to DMARC.
12 Sep 2021 - Valimail
Technical article
Documentation from IETF explains that DomainKeys Identified Mail (DKIM) defines a mechanism by which email message senders can digitally sign their messages, providing a means for recipient systems to verify the authenticity and integrity of the message. Although this document specifies DomainKeys, it has been obsoleted by RFC 4871 which specify DKIM.
18 Oct 2024 - IETF (RFC 4870)
What are best practices and costs for implementing DKIM, SPF, and DMARC?
How do SPF, DKIM, and DMARC email authentication standards work?
Do .gov domains receive lighter spam filtering treatment from mailbox providers?
What is DKIM oversigning, how does it work, and why is it important for email authentication?
Can DKIM be set up on a subdomain, and which domain should be used for signing?
How to configure DomainKeys DKIM for email authentication and is it still relevant?
What is DKIM v2 and what are its benefits?
What are SPF, DKIM, and DMARC, and when are they needed?
Do DKIM selectors affect email reputation?
