Are people using 4096-bit DKIM keys, and what is the recommended DKIM key length?
Summary
What email marketers say8Marketer opinions
Email marketer from AuthSMTP says that 2048-bit key length is the most common and offers a good balance between security and performance.
Email marketer from MXToolbox shares that increasing the DKIM key length improves security, advising users to check with their provider regarding support for key sizes greater than 2048 bits.
Email marketer from Reddit mentions that while 2048 is common, they believe 4096-bit keys are becoming increasingly prevalent due to heightened security concerns, and it future proofs against advances in computational power for cracking keys.
Email marketer from EasyDMARC highlights that longer DKIM key sizes, such as 2048 bits or greater, offer better protection against cryptographic attacks compared to shorter keys like 1024 bits.
Email marketer from Reddit discusses if a smaller business would need the same level of protection. He suggests that the bare minimum should be 1024 bits. This is what he uses to prove to email providers that emails are legit. A bigger business might use a 2048 bit key.
Email marketer from StackExchange suggests that 1024-bit keys are the practical minimum for DKIM, and 2048-bit keys are better. They explain that longer keys provide better security but may be overkill for most purposes.
Marketer from Email Geeks shares that they have created 4096-bit DKIM keys and thinks some are in use.
Email marketer from EmailSecurityATP suggests that there are no downsides to using a 4096 bit DKIM key and they recommend to generate one and use that key if your service provider supports it.
What the experts say2Expert opinions
Expert from Word to the Wise explains that while longer keys offer greater security, the practical benefits of exceeding 2048 bits are debatable for most email senders. They emphasize the importance of proper implementation and monitoring over solely relying on key length.
Expert from Email Geeks explains that 1536 bits is long enough for brute force attacks and the RFC requires 2048 bit keys to be supported, anything longer is implementation defined.
What the documentation says4Technical articles
Documentation from ietf.org defines that implementations MUST support a minimum key length of 1024 bits. It also recommends using longer keys where possible, noting the security benefits.
Documentation from Google says that the DKIM key should be 2048 bits if possible to meet modern security standards.
Documentation from Cloudflare explains that the recommended DKIM key size is 2048 bits. Cloudflare automatically rotates keys to ensure security and supports this key length.
Documentation from DKIM Wizard says that the minimum DKIM key length to use is 2048 bits to prevent hackers from forging DKIM signatures.