DomainKeys and DKIM Are Slightly Different

DMARC Report
DomainKeys and DKIM Are Slightly Different

DomainKeys is an older technology that was combined with Cisco’s Identified Internet Mail (IIM) to develop DKIM—an email authentication protocol that prevents phishing emails sent from your domain from reaching recipients’ primary inboxes. Moreover, DKIM also ensures that nobody tampers with the message in transit. 

People often use these terms interchangeably, but let’s figure out how they differ. 

What is DomainKeys?

DomainKeys is an obsolete email security technology developed by Yahoo. It is based on cryptography, in which a digital signature is attached to the header of an outgoing email. The signature uses the public key, allowing the recipient’s mail server to verify the authenticity of the sender by checking the signature against a public key published in the DNS records of the sender’s domain.

email authentication

What is DKIM?

DKIM stands for DomainKeys Identified Mail, an email authentication protocol that combines and builds upon the concepts of DomainKeys and Identified Internet Mail (IIM). It verifies the authenticity and integrity of email messages by enabling the sending server to sign outgoing emails using a private key. Upon reception, the receiving server verifies the signature by matching it with the corresponding public key stored in the domain’s DNS records.

The entire process helps ensure that the emails’ contents weren’t changed in transit while also protecting against email spoofing and phishing.

Differences Between DomainKeys and DKIM

DKIM is an evolved and more relevant technology that is slightly different from Domainkeys. 

History and Development

Yahoo created DomainKeys in 2004 to empower domain owners to prevent themselves from getting caught in phishing emails sent in their names. DKIM, on the other hand, was put together by a consortium of 15 prominent IT companies like Yahoo, Cisco, and Microsoft. The technology was under the development phase for a while and was finally made public in 2007. Since then, it has proved to be an efficient and evolved version of DomainKeys for preventing spoofing and phishing.

private keys

Image sourced from

Keys Operating Mechanism

DomainKeys is based on the principle of using a single private key to sign outgoing emails, while the reciprocal public key is published in the sending domain’s DNS records. This arrangement lets recipients’ servers verify the genuineness of incoming messages. 

DKIM also employs a pair of public and private keys. The only difference lies in DKIM’s more extensive support and flexibility for key management.

Signature Placement

In DomainKeys, the signature is placed in the entire body and selected headers, standing as a measure of authenticity and integrity for the email. 

If we talk about DKIM, then, senders have better flexibility as it allows them to choose which specific part of an email to sign.



DomainKeys has limited adoption and is now largely deprecated in favor of DKIM, which is widely adopted and supported by major email providers and servers. Due to its improved features and flexibility, DKIM has become the de facto standard for email authentication.

Security Features

As a successor, DKIM is more efficient in securing emails, which is why DomainKeys has been deprecated. DKIM includes a hash of the email’s content in its signature so that the recipient’s server can verify the integrity of the message and know that the email content was not modified in transit.

We hope you don’t use these terms interchangeably now. To get started with DKIM, read about SPF and DMARC, and then contact us. 

Similar Posts