diff --git a/ChangeLog b/ChangeLog
index c82d1c1..3656d29 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,10 @@
+2019-10-07 Version 0.9.5
+    - Ignore unknown service types in key records (LP: #1847020)
+      - This is required by RFC 6376 and predecessors.  It becomes important
+        now that RFC 8460, which defines a new DKIM service type exists.  This
+	change is required to avoid processing tlsrpt keys like regular email
+	keys, which is incorrect, they have different requirements.
+
 2019-09-25 Verstion 0.9.4
     - Add LICENSE to MANIFEST.in so it is included in the tarball (LP:
       #1845318)
diff --git a/README b/README
index b95b454..75a5573 100644
--- a/README
+++ b/README
@@ -11,7 +11,7 @@ signing and verification.
 
 VERSION
 
-This is dkimpy 0.9.4.
+This is dkimpy 0.9.5.
 
 REQUIREMENTS
 
diff --git a/dkim/__init__.py b/dkim/__init__.py
index dc11dfe..f38a80d 100644
--- a/dkim/__init__.py
+++ b/dkim/__init__.py
@@ -453,6 +453,16 @@ def load_pk_from_dns(name, dnsfunc=get_txt):
       ktag = b'rsa'
   if pub[b'k'] != b'rsa' and pub[b'k'] != b'ed25519':
       raise KeyFormatError('unknown algorithm in k= tag: {0}'.format(pub[b'k']))
+  try:
+      # Ignore unknown service types, RFC 6376 3.6.1
+      if pub[b's'] != b'*' and pub[b's'] != b'email':
+          pk = None
+          keysize = None
+          ktag = None
+          raise KeyFormatError('unknown service type in s= tag: {0}'.format(pub[b's']))
+  except:
+      # Default is '*' - all service types, so no error if missing from key record
+      pass
   return pk, keysize, ktag
 
 
diff --git a/dkim/tests/test_dkim.py b/dkim/tests/test_dkim.py
index a94937c..693cf27 100644
--- a/dkim/tests/test_dkim.py
+++ b/dkim/tests/test_dkim.py
@@ -64,7 +64,7 @@ class TestSignAndVerify(unittest.TestCase):
 
     def dnsfunc(self, domain):
         sample_dns = """\
-k=rsa; \
+k=rsa; s=email;\
 p=MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANmBe10IgY+u7h3enWTukkqtUD5PR52T\
 b/mPfjC0QJTocVBq6Za/PlzfV+Py92VaCak19F4WrbVTK5Gg5tW220MCAwEAAQ=="""
 
diff --git a/setup.py b/setup.py
index 3532465..ac405c2 100644
--- a/setup.py
+++ b/setup.py
@@ -25,7 +25,7 @@ from setuptools import setup
 import os
 import sys
 
-version = "0.9.4"
+version = "0.9.5"
 
 kw = {}  # Work-around for lack of 'or' requires in setuptools.
 try: