Domain Keys Identified Mail, or DKIM, is a technical standard that helps to protect email senders and recipients from spam, spoofing, and phishing. It is a form of email authentication that allows an organization to claim responsibility for a message in a way that can be validated by the recipient. For years, the standard key length was 1024 bit DKIM keys. A 1024 bit DKIM refers to the key length of 1024 characters. The longer the key length, the more challenging it is for hackers to break the DKIM key. And therefore, the National Institute of Standards and Technology (NIST) recommends 2048 bit keys.
Currently, 1024-bit DKIM keys are being widely used and the evolution of security threats requires us to upgrade our DKIM key strength from 1024 bits to 2048 bits (for all the possible DKIM configurations). Hence, we recommend the DKIM keys being used for your mailing domain be reviewed and upgraded to 2048 bit keys as applicable.
WHY THE 2048-BIT DKIM KEY?
With double the key length, 2048 bit keys provide enhanced tampering protection with the strongest signing for automated security domain authentication. The 2048 bit keys are thought to be secure against forms of cryptographic attacks for the next several years.
Bitsight is a company that calculates security ratings to shed light on an organization’s security performance and measures cyber risk. Properly configured DKIM records can help to ensure that only authorized hosts can send email on the behalf of a company. Bitsight verifies that a company uses DKIM and has configured it in a way that prevents email spoofing.
The future of 2048-bit encryption…
While doubling key strength delivers an exponential increase in protection – encryption strength is directly tied to key size – the computational power required to process 2048-bit certificates is five to 30 times greater than that for 1024-bit certificates. Enterprises that operate high-volume sites and services need to ensure their infrastructure can handle larger key sizes.