Why defend DKIM key size and what key sizes do ESP's support?

Email marketer from AuthSMTP shares that both 1024-bit and 2048-bit are acceptable but some older systems might not work with larger keys so you may need to use 1024 bit. They also mention that it is down to the individual companies security policy.

Email marketer from expert.ai explains that DKIM key length is the size (in bits) of the cryptographic key used to sign email messages. A longer key length provides stronger security but may not be supported by all email providers.

Email marketer from SuperOffice mentions that not all email clients and servers support 2048-bit DKIM keys so it's important to check and test your settings work correctly. They recommend checking which type is best suited for your requirements.

Marketer from Email Geeks shares that there isn’t really any reason _not_ to support 2048-bit keys that he can think of beyond “we haven’t gotten around to putting in the dev hours yet.” He suggests confirming that 1024-bit isn’t deprecated and there haven’t been any known successful collision attacks against 1024-bit DKIM keys in the wild. He also notes that a 2048-bit key will require multiple DNS TXT record strings which may be marginally more likely to experience errors by the receiver.

Email marketer from dmarcanalyzer indicates that DKIM is vital to ensure that your emails aren't compromised or spoofed and they recommend using 2048-bit keys for the optimal security.

Email marketer from Postmark explains both 1024-bit and 2048-bit keys are acceptable. Larger keys take slightly longer to process, but for the increase in security, they recommend 2048-bit keys.

Email marketer from SocketLabs shares that 2048-bit DKIM keys provide enhanced security compared to 1024-bit keys, making them more resistant to potential attacks and tampering. They recommend larger key size where possible.

Email marketer from Mailgun allows users to choose between 1024-bit and 2048-bit DKIM keys. They suggest using 2048-bit keys for optimal security unless there's a specific compatibility reason to use 1024-bit.

Email marketer from Reddit explains that while 1024-bit keys haven't been compromised, security standards evolve. Some organizations require 2048-bit keys to align with internal security policies.

Email marketer from SendGrid supports 1024-bit DKIM keys but recommends upgrading to 2048-bit when possible for better security. They note that some older systems might have issues with longer keys, but these are increasingly rare.

Email marketer from Mailhardener explains that 1024-bit keys are considered sufficient for DKIM security, but 2048-bit keys offer a larger security margin against potential cryptographic attacks. They recommend using 2048-bit keys if supported by your ESP.

Email marketer from SparkPost indicates that they support both 1024-bit and 2048-bit DKIM keys. They recommend using 2048-bit keys for enhanced security.

Email marketer from StackExchange responds that larger DKIM keys (2048-bit) offer more resistance against brute-force attacks and key compromise, which is increasingly important as computing power grows.

Marketer from Email Geeks clarifies that SparkPost supports 2048 bit keys, but the default key size is 1024.

Expert from Word to the Wise, in the context of a comment, explains that choosing key size requires considering compatibility, noting that while 2048-bit keys offer better protection, they may not be supported by all receiving systems. "Defending" a choice involves balancing security with practical interoperability.

Expert from SpamResource shares that while larger DKIM key sizes (2048-bit) are generally recommended for improved security, the practical benefits over 1024-bit keys might be minimal in certain contexts. The primary reason to 'defend' it would be to align with industry best practices and demonstrate a commitment to security.

Documentation from RFC Editor, the DKIM standard, specifies that key lengths of at least 1024 bits SHOULD be used with RSA. It doesn't explicitly forbid shorter keys but implies they are less secure and future-proof.

Documentation from Google Workspace admin help recommends using a 2048-bit DKIM key as this increases your domain's security.

Documentation from OpenDKIM recommends generating 2048-bit RSA keys for DKIM signing to ensure long-term security and compliance with evolving security standards.