Documentation of DNS for hosted email is outdated (or maybe the servers are). Please upgrade


My DNS records are hosted by a third party Domain Name Registrar, so it’s on me to set them correctly.

Suggestion 1:
Remove references to DomainKey policy records in DNS documentation, (unless they are required to use DreamHost mail servers). DomainKey has been superseded by DKIM.

Discussion 1:
When viewing the list of “Non-editable DNS records” in the ‘Manage Domains’ page of my control panel, I find the following DomainKey ‘Outbound Signing Policy’ record: TXT o=~;

I noticed that DreamHost doesn’t use DomainKey for email that is sent to customers. In particular, an nslookup for policy records at

returns ‘unknown domain’ as would be expected for an RFC 6376 compliant mail server that uses DKIM.

I would hope that the mail servers for customer domains do not require outdated policy records.

If so, please update your mail server strategy.

If not, please update the control panel output and the many places in the Knowledge Base where the old DomainKeys standard is still lurking.

Suggestion 2:
Please add a version tag (v=DKIM1;) to DKIM selector records.

Discussion 2:
In fairness, my domain’s “Non-editable DNS records” also include a DKIM ‘selector’ record. The selector that DreamHost chooses is simply the underlying domain name - very slick. TXT k=rsa; p=MIGf . . .

However, please notice that the version tag (v=DKIM1;) is missing. RFC 6376 strongly recommends including the version tag. For the record, an nslookup for DKIM info on

` correctly includes the ‘v=DKIM1;’

correctly includes the ‘v=DKIM1;’ attribute, so we know DreamHost uses version tags. (At least on their outbound mail servers.)

Please update the control panel output and knowledge base articles to document the DKIM version tag.

It’s important to have accurate DNS information for customers who configure/use third party DNS servers.



This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.