Normally, you create domain keys for each domain you will be using in the "From:" headers of your outbound messages. This can become an administrative burden when you are sending mail from many different domains, as in the case of an ESP. The domain keys standard allows for a special case where you can specify a "Sender:" header in your outbound messages. The "Sender:" header is similar to a "From: (PRA)" header except that it allows you to specify that someone is sending mail on behalf of another party. It takes the following form:
Sender: Sender <sender@senderdomain.com>
[where Sender is the name of the entity sending the message (on behalf of another domain) and senderdomain.com is the domain of the sender]
Please keep in mind that mail readers may (and should) display this information to the user along with the normal From: header information. Many mail readers do not, however. When signing your outbound message with DomainKeys, the DomainKeys mechanisms will look for a "Sender:" header in your message and use that as the domain for DomainKey signing/authentication instead of the domain in the "From:" header. This allows you to create only one domain key for the domain you use in your "Sender:" header. One set of domain keys is much easier to set up and maintain than 5, 10, or 60!