2048 bits DKIM Public Key
Some servers start to take reputation away from emails signed with 1024-bit DKIM keys.It would be nice to extend the functionality and allow 2048 bit DKIM keys
Frank Offermann commented
DMARC DKIM validation fails and emails are no longer delivered according to DMARC policy.
Error message: "dkim=fail reason="signature verification failed" (1024-bit key; unprotected)"
The DKIM signature must be updated to 2048-bits.
Philippe GOUTAGNY commented
nous faisons partie du groupe Société Générale, qui examine chaque mois nos DNS avec BitSight. Il nous demande de pousser la sécurité des clés DKIM de 1024 à 2048. Pouvez-vous nous proposer cet ajout sécuritaire ?
we are part of the Societe Generale group, which reviews our DNS with BitSight on a monthly basis. He asks us to push the security of the DKIM keys from 1024 to 2048. Can you offer us this security addition?
P. Goutagny(Edited by admin)
Alejandro Navarro commented
I'm also waiting for this feature. Do you have any update?
Florian Beese commented
It would be great, if this topic can get priority soon. We just encountered issues with mail delivery to Microsoft 365 Exchange servers. All emails sent via Mailjet have been marked as spam. We assume this may be the issue. Once a mail is moved from Spam to the inbox, the sender gets a better rating at MS, so that further emails are not listed as spam. But this is not a solution for our customers.
Also this issue downrates our rating on mail-tester.com significantly. See also this serverfault post, which has the same issue:
Chris Heard commented
Support for 2048 bit DKIM keys. - Now days many org need 2048 bit DKIM key as org policy and can not add mailjet DKIM keys in DNS as Mailjet doesnt support 2048 bit DKIM keys. kindly provide support for 2048 bit DKIM keys.
Yes, please, DMARC doesn't work because of that.