SPF and domain keys

Sun Aug 28 23:13:54 UTC 2016

Lets say my domain is foxtrot.com and we have SPF records for the SMTP
servers on foxtrot.com. Now lets say I have decided I want to allow
alphazulu.com to send mail as foxtrot.I know how to add alphazulu.com to
the SPF but If I wanted to also use DomainKeys or DKIM to authenticate
alphazulu.com would the keys need to be in foxtrots name or alphazulu? For
example,

Would I use:

_domainkey.foxtrot.com.                  IN TXT          "t=y\; o=~\;"
xxxxxxx._domainkey.foxtrot.com.           IN TXT          "k=rsa\;
p=xxxxxxxxxxx

or

_domainkey.alphazulu.com.                  IN TXT          "t=y\; o=~\;"
xxxxxxx._domainkey.alphazulu.com.           IN TXT          "k=rsa\;
p=xxxxxxxxxxx

Also,
1) Who generates the keys? Foxtrot or Alphazulu?
2) Would I need both SPF and keys or would keys alone be enough to
authenticate the other domain? ( I am in a position where I would like to
use only keys)
3) Which one is better to use in terms of provider checking? For example,
are providers even checking keys as much as they are SPF?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20160828/b62c128d/attachment.html>