DKIM Key Length
We recommend using
1024-bit keys for DKIM signing in order to make it more difficult for others to spoof messages as coming from you. This has been GreenArrow Engine’s default behavior when generating new DKIM keys since an August 2011 update. Prior to that update, the default key length was
384-bits. If you have any DKIM keys with key lengths less than
1024-bits, we recommend replacing them.
For background information on why we recommend using
1024-bit key, see this Wired.com article on how Google.com’s 512-bit key was broken.
Key lengths longer than
1024-bit (for example,
2048-bit) are supported, but
come with an injection speed penalty. When using larger keys, you may see lower
throughput in the amount of email that can be injected into GreenArrow.
This page describes how to check whether you have any keys which need to be replaced. If you identify any keys that need to be replaced, the Replacing DKIM Keys page describes how this can be done.
Feel free to contact GreenArrow technical support if you have any questions about how to check, or replace your DKIM keys.
Checking Existing Key Lengths
To check the lengths of your DKIM keys, perform the following steps:
- Login to GreenArrow Engine’s web interface.
- Navigate to
- View the values under the
Bitsheading for your DKIM keys. Any keys containing values less than
1024in this column should be replaced. In the screenshot below, all keys are