Your DKIM setup works, signatures pass. But have you checked the size of your RSA key? A key that’s too short is a ticking time bomb: it could be cracked, allowing an attacker to sign emails on your behalf.
The History of DKIM Keys: From 512 to 2048 Bits
2012: The End of 512-Bit Keys
In 2012, researchers demonstrated that a 512-bit RSA key could be cracked in under 72 hours using cheap cloud computing power. The result: anyone could impersonate a domain using a 512-bit key and send perfectly DKIM-signed emails.
Google and Yahoo then began rejecting DKIM signatures based on 512 and 768-bit keys.
2013: The Standard Moves to 1024 Bits
RFC 6376 established 1024 bits as the minimum size for DKIM RSA keys. At the time, cracking such a key was unthinkable.
2020: 1024 Bits Starts Showing Its Age
The latest RSA Factoring Challenge record: an 829-bit key was cracked in 2020, requiring approximately 2,700 core-years (2,700 CPU cores at 2.1 GHz for a full year). 1024-bit keys aren’t practically breakable yet, but the deadline is approaching.
2026: The Recommendation Is 2048 Bits
Today, best practice is clear:
| Key Size | Status in 2026 |
|---|---|
| 512 bits | Rejected by all providers |
| 768 bits | Rejected by all providers |
| 1024 bits | Functional but discouraged for sensitive sectors |
| 2048 bits | Recommended, current standard |
| 4096 bits | Possible but often too long for a single DNS TXT record |
The DNS Problem with Large Keys
A DNS TXT record is limited to 255 characters per string. A 2048-bit RSA key encoded in Base64 is approximately 390 characters, requiring the value to be split across multiple strings in the TXT record.
Most DNS providers handle this automatically. But a 4096-bit key (approximately 740 characters) can cause compatibility issues with some DNS resolvers.
That’s why 2048 bits is the ideal compromise: robust security and universal DNS compatibility.
Ed25519: The Future of DKIM?
Ed25519 is a signature algorithm based on elliptic curves. Compared to RSA:
| Criteria | RSA 2048 | Ed25519 |
|---|---|---|
| Public key size | ~390 characters | ~44 characters |
| Signature size | ~340 characters | ~88 characters |
| Security level | ~112 bits | ~128 bits |
| Performance | Slow | Very fast |
| Email support | Universal | Partial (growing) |
Ed25519 produces much shorter keys, eliminating DNS issues. It’s also faster and offers equivalent or superior security.
The Problem: Support
In 2026, Ed25519 for DKIM isn’t yet supported by all mailbox providers. Google and a few major players accept it, but many others silently ignore Ed25519 signatures.
Recommendation: if you use Ed25519, also keep an RSA 2048-bit signature in parallel (dual signing). RFC 8463 defines the use of Ed25519 with DKIM.
How to Check Your Key Size
- DKIM Checker: enter your domain and selector, the tool displays key size and algorithm
- Free audit: send a test email, key size is analyzed automatically
- Command line:
dig +short selector._domainkey.yourdomain.com TXT
Then decode the public key with OpenSSL:
echo "MIIBIjANBg..." | base64 -d | openssl rsa -pubin -inform DER -text -noout
The output will show RSA Public-Key: (2048 bit) or the corresponding size.
How to Migrate to 2048 Bits
- Generate a new 2048-bit key pair
- Publish the new public key on a new selector (e.g.,
s2._domainkey) - Configure your MTA/ESP to sign with the new selector
- Wait 48 hours for DNS propagation
- Verify with the DKIM Checker
- Remove the old DNS record once migration is confirmed
Using a new selector allows a zero-downtime migration: old and new coexist during the transition.
Regular Key Rotation
Regardless of size, rotating DKIM keys is a best practice. If a private key is compromised, the exploitation window is limited to the period between rotations.
Recommended frequency: every 6 to 12 months.
Further Reading
- Configure DKIM, the complete guide
- Anatomy of a DKIM Signature, every field explained
- Why Two DKIM Signatures?
- DKIM Checker, check your key now