GreenArrow Email Software Documentation

DKIM Key Length

Overview

We recommend using 1024-bit keys for DKIM signing in order to make it more difficult for others to spoof messages as coming from you. This has been GreenArrow Engine’s default behavior when generating new DKIM keys since an August 2011 update. Prior to that update, the default key length was 384-bits. If you have any DKIM keys with key lengths less than 1024-bits, we recommend replacing them.

For background information on why we recommend using 1024-bit key, see this Wired.com article on how Google.com’s 512-bit key was broken.

Key lengths longer than 1024-bit (for example, 2048-bit) are supported, but come with an injection speed penalty. When using larger keys, you may see lower throughput in the amount of email that can be injected into GreenArrow.

This page describes how to check whether you have any keys which need to be replaced. If you identify any keys that need to be replaced, the Replacing DKIM Keys page describes how this can be done.

Feel free to contact GreenArrow technical support if you have any questions about how to check, or replace your DKIM keys.

Checking Existing Key Lengths

To check the lengths of your DKIM keys, perform the following steps:

  1. Login to GreenArrow Engine’s web interface.
  2. Navigate to Configure => DKIM Keys:
    engine-configure-dkim-keys2.png
  3. View the values under the Bits heading for your DKIM keys. Any keys containing values less than 1024 in this column should be replaced. In the screenshot below, all keys are 1024-bits long:
    engine-dkim-key-bitlength.png

Copyright © 2012–2024 GreenArrow Email