Setting up DomainKeys

The correct answer to "what should I do to fix this" is to delete the DomainKeys record. The confusion stems from thinking that DomainKeys and DomainKeys Identified Mail (DKIM) are the same. They aren't. DomainKeys was a Yahoo specific technology that has been officially dead since 2007. As Chris S. stated, DKIM (DomainKeys Identified Mail) is the successor to DomainKeys. As of 2007.

A few years ago I ran both a DomainKeys and a DKIM validator on incoming mail. I did see a few emails bearing DomainKeys signatures but I'd be surprised if that were still the case. There is no longer any reason to deploy DomainKeys as none of the DomainKeys signing software is still supported.

This is all you need to worry about:

DKIM check: pass

And you're good.

Also, Chris S. is mistaken about Sender ID. It is not, nor has it ever been, proposed as a successor to SPF. Sender ID is a defunct Microsoft proposed standard that built atop SPF. SPF and Sender ID don't do the same things. Sender ID was Microsoft's attempt to add header validation checks atop SPF (which validates the Envelope Sender). The rest of the email community rejected it in part because Microsoft asserted patents rights and didn't relinquish them until after Sender ID was still born. Outside of hotmail.com and on-premise Exchange servers, Sender ID's adoption could be accurately described as a rounding error.

Microsoft has ceased validating Sender ID on hotmail leaving only on premise Exchange servers as the last vestiges of Sender ID on the internet. They have announced upcoming changes to Exchange that will stop breaking DKIM signatures as messages pass through Exchange servers. Although DMARC merely prevents phishing, Microsoft has officially hopped on the DMARC bandwagon embracing both DKIM and SPF.