Internet Performance Delivered right to your inbox

How to Upgrade Your DKIM Key Length to 2048 Bits

A growing industry trend has been to utilize a DKIM key length of 2048 bits, because as computing power grows, so does the ability for the bad guys on the Interwebs to attack both security keys and decryption.

At Oracle Dyn Email Delivery, we love proper email authentication and like it even better when our senders update their DKIM key length from the standard 1024 or even 728.

For those not technically inclined, moving to a 2048 bit key length is seen favorably by mailbox providers like Gmail. So if Gmail users make up a large portion of your database, you should keep reading. Honestly, keep reading even if they don’t.

Here’s how you can check your current DKIM key length.

If you’re an Oracle Dyn sender, here’s how you can upgrade to 2048 bits.

Note that before you make any changes, your old DomainKeys Identified Mail (DKIM) TXT records should be left in place until the changeover is complete in order to support your existing DKIM record and ensure proper authentication stays intact.

  1. Create a ticket with our support team to upgrade/rotate your DKIM keys.
  2. Indicate which domain that you want to upgrade/rotate the DKIM keys for and your new desired selector record. A best practice: include a date in the new selector so in the future, you can visually see how old it is and when/if it needs rotating.
  3. When support provides you with the new public key, you will update your DNS record with the new DKIM TXT record. Keep the old one for 24-48 hours to be sure this process is complete.
  4. Notify our support when that is completed and we’ll finish the process.

It’s a very easy process, so there’s no excuse to not upgrade your DKIM key length to 2048 bits.


Share Now

Whois: Josh Nason

Josh Nason is a Reputation Manager at Oracle Dyn Global Business Unit, a pioneer in managed DNS and a leader in cloud-based infrastructure that connects users with digital content and experiences across a global internet.