<img src="https://d5nxst8fruw4z.cloudfront.net/atrk.gif?account=lYCzn1QolK10N8" style="display:none" height="1" width="1" alt="">

DKIM Key Length

Overview

We recommend using 1024-bit keys for DKIM signing in order to make it more difficult for others to spoof messages as coming from you. This has been GreenArrow Engine’s default behavior when generating new DKIM keys since an August 2011 update. Prior to that update, the default key length was 384-bits. If you have any DKIM keys with key lengths less than 1024-bits, we recommend replacing them.

For background information on why we recommend using 1024-bit key, see this Wired.com article on how Google.com’s 512-bit key was broken.

This page describes how to check whether you have any keys which need to be replaced. If you identify any keys that need to be replaced, the Replacing DKIM Keys page describes how this can be done.

Feel free to contact GreenArrow technical support if you have any questions about how to check, or replace your DKIM keys.

Checking Existing Key Lengths

To check the lengths of your DKIM keys, perform the following steps:

  1. Login to GreenArrow Engine’s web interface.
  2. Navigate to Configure => DKIM Keys:
    engine-configure-dkim-keys2.png
  3. View the values under the Bits heading for your DKIM keys. Any keys containing values less than 1024 in this column should be replaced. In the screenshot below, all keys are 1024-bits long:
    engine-dkim-key-bitlength.png