So anyone receiving an e-mail from `fripost.org`'s outgoing SMTP server (possibly indirectly) can decide whether it's legit or tampered with. The DKIM public key should be added to `fripost.org`'s DNS zone as a TXT record, as follows: 20140112._domainkey.fripost.org. 86400 IN TXT "v=DKIM1\; k=rsa\; p=…" Having one sub-domain (here `20140112`, the date where the key was generated) is what Google does; that's a clever way to allow multiple keys, which is useful for a smooth transition to a stronger key for instance. See RFCs [6376](https://tools.ietf.org/html/rfc6376) and [7001](https://tools.ietf.org/html/rfc7001) for references. The [Wikipedia page](https://en.wikipedia.org/wiki/Dkim) might be another good read. [[closed]]