DNS: Why so many *._domainkey.example.com prefixes?

Lonnie Olson lists at kittypee.com
Mon Nov 23 14:40:19 MST 2015

On Mon, Nov 23, 2015 at 2:28 PM, AJ ONeal (Home) <coolaj86 at gmail.com> wrote:
> I've tried googling a little, but I don't know enough to figure out what my
> query should be.
> I notice that every time I set up mailgun or mandrill or whatever I always
> have to set up domainkeys. That part makes sense - RSA, public/private, etc
> - I get that.
> Intuitively I would think there is a single standard for where to find SMTP
> domain keys, say
> smtp._domainkey.example.com
> But instead it seems like one of these prefixes get picked at random:
> k1._domainkey.example.com
> mx._domainkey.example.com
> pic._domainkey.example.com (this one baffles me)
> mailo._domainkey.example.com
> So I'm looking at my long list of domains and it appears that only those 5
> variations occur, but I'm not seeing a pattern.
> Why isn't there just one standard prefix?
> How does that querying server know which to query?
> Isn't _ an illegal character?
> I'd love to be pointed to some reading material as well as some short and
> sweet explanations if you have one on hand.

The purpose of the multiple selectors, is to be able to use several
different keys to sign your mail.  It is an arbitrary identifier of
the public key stored in the DNS record.  The signer of the mail
specifies the selector for the key they are using to sign, in the


More information about the PLUG mailing list