My DNS records are hosted by a third party Domain Name Registrar, so it’s on me to set them correctly.
Remove references to DomainKey policy records in DNS documentation, (unless they are required to use DreamHost mail servers). DomainKey has been superseded by DKIM.
When viewing the list of “Non-editable DNS records” in the ‘Manage Domains’ page of my control panel, I find the following DomainKey ‘Outbound Signing Policy’ record:
_domainkey.example.com TXT o=~; firstname.lastname@example.org
I noticed that DreamHost doesn’t use DomainKey for email that is sent to customers. In particular, an nslookup for policy records at
returns ‘unknown domain’ as would be expected for an RFC 6376 compliant mail server that uses DKIM.
I would hope that the mail servers for customer domains do not require outdated policy records.
If so, please update your mail server strategy.
If not, please update the control panel output and the many places in the Knowledge Base where the old DomainKeys standard is still lurking.
Please add a version tag (v=DKIM1;) to DKIM selector records.
In fairness, my domain’s “Non-editable DNS records” also include a DKIM ‘selector’ record. The selector that DreamHost chooses is simply the underlying domain name - very slick.
example.com._domainkey.example.com TXT k=rsa; p=MIGf . . .
However, please notice that the version tag (v=DKIM1;) is missing. RFC 6376 strongly recommends including the version tag. For the record, an nslookup for DKIM info on
` correctly includes the ‘v=DKIM1;’
correctly includes the ‘v=DKIM1;’ attribute, so we know DreamHost uses version tags. (At least on their outbound mail servers.)
Please update the control panel output and knowledge base articles to document the DKIM version tag.
It’s important to have accurate DNS information for customers who configure/use third party DNS servers.