An E-Mail Marketer’s Guide to Deliverability, Part 3: DomainKeys

This series has addressed SenderID and other important new technologies aiding email deliverability, including the particulars of SPF. Today we’ll cover DomainKeys, another emerging technology. As he did with SPF and Sender ID, Rick Buck, director of privacy/ISP relations at e-dialog, helped me understand DomainKeys and more importantly, how it differs from SPF and Sender ID.


DomainKeys takes email authentication a step further than SPF and Sender ID. Like these technologies, DomainKeys uses information published in a sender’s DNS (define) record. The twist comes at the send. Here, DomainKeys requires an extra step: a digital “signature” must be attached to each outgoing message.

When the recipient gets the message, they’ll be able to:

  • verify the domain name of the sender.
  • confirm the message content hasn’t been altered.
  • match the “from” address to the sender’s domain name to prevent forgeries.
  • trace the message back to the sender’s domain name.

The ability to trace email back to the sender (at least, to the sender’s domain name) has long been cited as part of the technical solution to spam. It adds accountability. It’s like that old saying about making sure you wouldn’t mind everything you say or do printed on the front page of the New York Times, except in this case, it’s everything you send via email. Conventional wisdom says most spammers don’t want to be tracked down and held accountable, so this may be a deterrent.

There’s also talk about building a “reputation” for each sender. So if (heaven forbid) you’re a serial spammer, that information can be built into your DomainKeys profile and your email blocked, even if without that element it would pass. DomainKeys allow the recipient to set their own delivery policies; DomainKeys may be one element, weighted according to other anti-spam policies that may be in place.

Unlike SPF and Sender ID, DomainKeys can be set with an expiration date, replaced if necessary or simply revoked. An email service provider (ESP) can assign unique DomainKey pairs to each person who uses their system, and modify anyone’s status at will.

Another difference: while DomainKeys in its current form is geared toward ISPs and enterprise-level email servers, it could be modified for use with individual email clients. Even if your ISP doesn’t use DomainKeys technology, you could add it to your Eudora, Outlook, Thunderbird or other desktop email software to filter your incoming messages.

As with all these technologies, it’s not perfect. Most industry experts agree DomainKeys is a more comprehensive solution than SPF or Sender ID. But they’ll also say while due diligence has been conducted on the technology, there’s currently not enough industry support to make it a viable solution.

Yahoo developed the DomainKeys technology (Sendmail is a partner). They implemented it on their servers in November, 2004. Earthlink began using the technology the same day. DomainKey signatures were spotted in outgoing Gmail messages a month earlier, sparking reports Google supports the DomainKeys standard. As far as I’ve seen, Google has made no comment. I haven’t heard of any other ISPs, or ESPs for that matter, implementing DomainKeys yet. Most are taking a wait-and-see approach.

Experts agree some real world testing will help determine whether DomainKeys is a viable long term solution. Many sources will tell you SPF, Sender ID and DomainKeys are progressive technologies that will likely be implemented in quick succession as anti-spam and anti-fraud technologies are fine-tuned.

A potential rub: While there isn’t as much hullabaloo surrounding DomainKeys as around Sender ID, it does appear Yahoo is patenting some of the technology. This is one of the big concerns with Microsoft-developed Sender ID, as the Internet is built on open source software. It remains to be seen if the same protests will erupt regarding DomainKeys. In general, media coverage and conversations I’ve had regarding DomainKeys have been positive.

That said, nothing’s perfect. Some have identified issues with various email clients, problems with headers altered by email programs, and other things that “break” DomainKeys. That’s why the technology is being tested: to identify kinks and work them out.

To learn more, visit:

The technology side of the anti-spam fight is really heating up. We’ll see where this takes us. Addressing the problem will go a long way in helping legitimate marketers use the email channel even more successfully.

Related reading

Flat business devices communication with cloud services isolated on the light blue background.