Last updated: July 2026

In short: For RSA-based DKIM keys, the updated protocol standard (RFC 8301) mandates a minimum key length of 1024 bits and strongly recommends 2048 bits. Keys under 1024 bits must be rejected as invalid by verifying mail servers.

The cryptographic strength of DomainKeys Identified Mail (DKIM) depends heavily on the length of the RSA key pair deployed on your mail servers. Administrators frequently debate whether to publish 1024-bit keys or larger 2048-bit keys in their DNS records. The updated standard, RFC 8301, establishes clear, mandatory requirements for key size and algorithm selection.

Mandatory key requirements under RFC 8301

According to RFC 8301, signers must deploy RSA keys of at least 1024 bits and should ideally adopt 2048 bits (Signers MUST use RSA keys of at least 1024 bits for all keys. Signers SHOULD use RSA keys of at least 2048 bits.).

At the same time, the specification dictates compatibility standards across receiving systems: verifiers must be capable of validating signatures using keys ranging from 1024 to 4096 bits (Verifiers MUST be able to validate signatures with keys ranging from 1024 bits to 4096 bits, and they MAY be able to validate signatures with larger keys.).

A typical 2048-bit RSA key record in DNS looks like this:

v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA...

Why keys under 1024 bits are rejected

In the past, administrators frequently deployed 512-bit RSA keys because their short base64 representation easily fit within the historical 255-character string limit of older DNS control panels. Today, however, 512-bit keys are cryptographically weak and can be broken rapidly using modern computing resources.

To protect email integrity, RFC 8301 establishes a strict lower bound: verifiers must refuse to recognize RSA keys shorter than 1024 bits (Verifiers MUST NOT consider signatures using RSA keys of less than 1024 bits as valid signatures.). If an incoming message is signed with a 512-bit key, receiving servers treat the signature as completely invalid.

Hash algorithms: SHA-256 is required

In addition to key length, the underlying cryptographic hash algorithm is critical. RFC 8301 strengthens protocol security by making SHA-256 mandatory: Signers MUST sign using rsa-sha256. Verifiers MUST be able to verify using rsa-sha256. Furthermore, the deprecated SHA-1 algorithm is strictly forbidden: rsa-sha1 MUST NOT be used for signing or verifying.

Handling long TXT records for 2048-bit keys

Because the base64 payload of a 2048-bit RSA key exceeds 255 characters, it cannot be stored as a single un-split string in older DNS management interfaces. However, the DNS protocol explicitly allows long TXT records to be split across multiple concatenated strings inside a single TXT entry. Modern cloud providers and hosting panels either split these strings automatically or permit direct entry of the entire 2048-bit key.

Auditing your configuration

To check whether your domain currently deploys 1024-bit or 2048-bit keys, confirm SHA-256 usage, and verify that split DNS strings reassemble cleanly, scan your domain with the free MXAudit scanner.

For comprehensive guides on managing your signing infrastructure across different providers, explore the DKIM hub and setup guides like IONOS DKIM setup.

Further reading