DomainKeys is an e-mail authentication technology used by some mail servers to verify the origin of messages. It helps thwart spammers and scam artists by determining whether or not the message has been forged to look like it came from a domain it didn't actually come from. A popular encryption technique known as public-key cryptography is used to perform the verification. It is largely an obsolete standard, and has been replaced by the similar but incompatible DomainKeys Identified Mail (DKIM).
E-mail services were not originally designed with a great deal of security in mind, and as a result it is relatively easy for an ill-intentioned individual to manipulate various aspects of an e-mail to his or her advantage. Often, the headers, parts of messages containing to and from addresses and other information, are falsified. Spammers use this type of manipulation to make their e-mails look like they come from a legitimate source, such as a bank or auction site. DomainKeys is one of several methods that have been devised to check the authenticity of e-mail messages.
DomainKeys checks to see if an e-mail message originated from the domain it claims to be from. While the system cannot verify the identity of the individual sender, it can be used to verify that messages from organizations like banks are legitimate and not from an impostor. Some of the most popular webmail services used this system to display an icon of a key or other logo next to the from address in an inbox. From a sender's perspective, using this technique can decrease the chances of legitimate mail succumbing to some spam filtering technologies.
For DomainKeys to be effective, the e-mail servers of both the sender and recipient must support it. The system relies on public key cryptography, an encryption scheme in which mathematically related public and private keys are generated. The public key is stored in a text file that is available through the Domain Name System (DNS) entry for a given domain. On a mail server supporting the technology, a private key is included in the e-mail headers of outgoing emails. Since the keys are mathematically related, the private key can be compared against the public key to verify the sender's authenticity.
Some portions of the DomainKeys system were merged with the similar Identified Internet Mail to form DKIM. The combined specification has been widely adopted, and essentially serves as a replacement for DomainKeys. The older systems are still available for historical purposes, however, and can still be used on mail servers. Many e-mail services support both DKIM and its predecessors to enable support for older systems that have not yet upgraded. The term DomainKeys is also incorrectly used by some when referring to the DKIM standard.