Last updated: July 2026
In short: The Ed25519 signing algorithm (RFC 8463) introduces modern elliptic curve cryptography to DomainKeys Identified Mail (DKIM). It delivers significantly stronger security than traditional RSA while generating compact keys that easily fit inside any DNS management interface.
Since the initial standardization of DKIM, RSA has served as the universal cryptographic workhorse. However, maintaining adequate resistance against modern computational power requires increasing RSA key lengths to 2048 bits—producing unwieldy DNS strings that exceed 300 base64 characters. To solve this architectural bottleneck, RFC 8463 introduced a state-of-the-art cryptographic algorithm: Ed25519.
Elliptic curve cryptography and compact keys
RFC 8463 officially specifies the Edwards-Curve Digital Signature Algorithm using the Curve25519 curve for DKIM (This document adds a new, stronger signing algorithm, Edwards-Curve Digital Signature Algorithm, using the Curve25519 curve (Ed25519), which has much shorter keys than RSA for similar levels of security.).
The primary operational advantage of Ed25519 is its efficiency. While a secure RSA public key requires at least 2048 bits of payload data (often necessitating string concatenation in TXT records), an Ed25519 public key requires just 256 bits (k=ed25519). This allows administrators to publish robust cryptographic parameters inside a short, clean, single-line DNS TXT record without string splitting.
A complete DKIM DNS record using Ed25519 looks like this:
v=DKIM1; k=ed25519; p=11qYAYKxCrfVS/7TyWQHOg7hcvPapiMlrwIaaPcHURo=
Migration strategy and dual-signing
While Ed25519 provides clear architectural benefits, domain owners must account for backward compatibility during migration. Under the core DKIM specification (RFC 6376), signers and verifiers are mandated to support traditional RSA (Signers and Verifiers MUST support the "rsa" key type.). Because legacy receiving servers might not yet implement RFC 8463, replacing RSA entirely with Ed25519 can result in signature verification failures on older systems.
To achieve modern security without risking deliverability, best practice is to deploy dual-signing:
- Primary RSA selector: Sign outgoing messages using a standard 2048-bit RSA key (
k=rsa) on a primary selector to ensure universal compatibility with legacy verifiers. - Secondary Ed25519 selector: Apply a concurrent second signature using an Ed25519 key (
k=ed25519) on a separate selector to deliver state-of-the-art cryptographic protection to modern receiving gateways.
Auditing your configuration
To verify whether your outgoing mail headers carry dual signatures and confirm that your Ed25519 key record is syntactically valid in DNS, audit your domain using the free MXAudit scanner.
For deeper technical insight into authentication structures or step-by-step setup guides across specific providers, visit the DKIM hub and practical guides like IONOS DKIM setup.
Further reading
- RFC 8463 — A New Cryptographic Signature Algorithm for DomainKeys Identified Mail (DKIM) (retrieved: July 16, 2026)