A growing industry trend has been to utilize a DKIM key length of 2048 bits, because as computing power grows, so does the ability for the bad guys on the Interwebs to attack both security keys and decryption.
For those not technically inclined, moving to a 2048 bit key length is seen favorably by mailbox providers like Gmail. So if Gmail users make up a large portion of your database, you should keep reading. Honestly, keep reading even if they don’t.
Here’s how you can check your current DKIM key length.
- Head to this free public checker and enter in your domain and selector record. You’ll get your key length and any pertinent info within milliseconds.
If you’re an Oracle Dyn sender, here’s how you can upgrade to 2048 bits.
Note that before you make any changes, your old DomainKeys Identified Mail (DKIM) TXT records should be left in place until the changeover is complete in order to support your existing DKIM record and ensure proper authentication stays intact.
- Create a ticket with our support team to upgrade/rotate your DKIM keys.
- Indicate which domain that you want to upgrade/rotate the DKIM keys for and your new desired selector record. A best practice: include a date in the new selector so in the future, you can visually see how old it is and when/if it needs rotating.
- When support provides you with the new public key, you will update your DNS record with the new DKIM TXT record. Keep the old one for 24-48 hours to be sure this process is complete.
- Notify our support when that is completed and we’ll finish the process.
It’s a very easy process, so there’s no excuse to not upgrade your DKIM key length to 2048 bits.