So anyone receiving an e-mail from `fripost.org`'s outgoing SMTP server
(possibly indirectly) can decide whether it's legit or tampered with.

The DKIM public key should be added to `fripost.org`'s DNS zone as a TXT
record, as follows:

    20140112._domainkey.fripost.org. 86400 IN TXT "v=DKIM1\; k=rsa\; p=…"

Having one sub-domain (here `20140112`, the date where the key was
generated) is what Google does; that's a clever way to allow multiple
keys, which is useful for a smooth transition to a stronger key for
instance.

See RFCs [6376](https://tools.ietf.org/html/rfc6376) and
[7001](https://tools.ietf.org/html/rfc7001) for references. The 
[Wikipedia page](https://en.wikipedia.org/wiki/Dkim) might be another
good read.

[[closed]]