Postal
DKIM - 1024 vs 2048 #3379
lubosstrejcek
started this conversation in
Feature suggestions
DKIM - 1024 vs 2048
#3379
Replies: 2 comments
-
|
I don't really know enough to comment but I don't know if this change accomplishes too much since the message is signed either way? |
Beta Was this translation helpful? Give feedback.
0 replies
-
|
Why Choose DKIM 2048?
1. Increased Security As we’ve already mentioned, 2048-bit keys provide stronger encryption. As email attacks grow in sophistication, email providers and ISPs are raising the bar on security. DKIM 2048 helps future-proof your email authentication and ensures that your domain is protected from malicious attacks such as email spoofing.
2. Better Reputation with ISPs Internet service providers (ISPs) look for stronger authentication methods when assessing email legitimacy. Using DKIM 2048 can give your emails an edge, helping them pass through spam filters more effectively. It’s a small but significant way to increase trust with email service providers, resulting in better inbox placement rates.
3. ISP Preferences Some major ISPs, including Gmail, have publicly stated that they prefer DKIM keys of 2048 bits or longer. By adopting DKIM 2048, you’re staying aligned with the preferences of the largest email providers, which can directly improve your deliverability.
Why Not Stick with DKIM 1024?
While 1024-bit keys are faster and less resource-intensive, they no longer meet modern security standards. Many email providers and large corporations are moving away from 1024-bit encryption due to its vulnerabilities. Continuing to use DKIM 1024 could eventually harm your email reputation and deliverability as providers shift to stronger encryption methods.
…On 23. 5. 2025 at 18:57 +0200, Will Power ***@***.***>, wrote:
I don't really know enough to comment but I don't know if this change accomplishes too much since the message is signed either way?
—
Reply to this email directly, view it on GitHub, or unsubscribe.
You are receiving this because you authored the thread.Message ID: ***@***.***>
|
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
-
Hello,
Based on the recent events and recommendations. We should start using 2048 dkim key. Maybe best to offer the admin the length during the initial setup?
AS IS: app/models/domain.rb - Line 85: self.dkim_private_key = OpenSSL::PKey::RSA.new(1024).to_s
TO BE app/models/domain.rb - Line 85: self.dkim_private_key = OpenSSL::PKey::RSA.new(2048).to_s
?
Thanks, Lubos
Beta Was this translation helpful? Give feedback.
All reactions