When creating DomainKeys does it matter if I use o=~ or o=-?

email dkim domainkeys

I used this utility to create my DKIM key (1024 bit size), since Gmail has been blocking us (we had an old joomla install exploited, was around before me). And I got this back:

Your Selector Record:
default._domainkey.example.com IN TXT

"k=rsa;p=REALLYLONGSTRINGXXXXXXX"

Your Policy Record:
_domainkey.example.com IN TXT "o=~"

However, the DomainKey that MediaTemple's Plesk gave me had o=-, so I used that for the policy record instead.

Is that OK?

I tested with this and also tried to test with some DKIM email testers, but have not gotten an email back from any of them.


The o= tag at the _domainkey root is mentioned in this DKIM specification draft as an optional mechanism to indicate your outbound signing policy.

o=~ means "some, but not all mails from this domain are signed"
o=- means "all mails from this domain are signed (though not necessarily by me)"

Much akin to (though not to be confused with) the Fail and SoftFail qualifiers used in SPF.

Remember that this is your signing policy, you are the one to decide which policy indicator best meets your needs

Related

Server side antivirus or not?
linux command line find escape question mark
Does LXC container performance depends of host load?
Windows 8.1 clients showing printer offline after reconnecting to the network
How can i manipulate the find command to "find" the directories the "found" file is in?
List current Principals in group Managed Service Accounts
Best parameters for ext4 filesystem for storing virtualbox disk images
Use acl in backend / shrink my config
ZPOOL replace defective disk in exported pool
Enforcing apt-get version continuity on Ubuntu
How can I measure complex I/O activity to develop realistic benchmarking? [closed]
Can I use the GroupPolicy PowerShell module on non-AD standalone servers?