Domain Email Authority for

Safe and Secure Email

DKAs are what make Nextmail possible. The DKA of a domain is the authoritative source for the email policies of a domain and the cryptographic public keys of email IDs belonging to that domain. This enables email from a domain to be fully authenticated and email to a domain to be fully encrypted. To learn more about Nextmail, visit https:// , the parent domain of this DKA.

Tying an email ID to its public key

The only way for an email ID belonging to to register its public key with dka. is to send the public key as email from that email ID to dka@. This ensures that the email ID and the public key can be reliably associated with each other.
For more info, send an email to dka@ with info in the subject line.

Authority through DNS

The DKA derives its authority via a DNS pointer that ties the domain and the DKA and designates the DKA as the the Domain's Email Authority. Thus the DKA's collectively form a Public Key Infrastructure (PKI) for the email name space, enabling email IDs to send encrypted email.

Since the DNS provides the web of trust and the DKAs provide a distribution mechanism for the public keys, no additional digital certificates from certificate authorities or key distribution mechanisms are needed (as in s/MIME and PGP). Further, the Root DKA mechanism (see https://keyzero.org ) provides a migration path for non-DKA enabled email IDs until their domains are equipped with their own DKAs.