Summary
DKIM selector names are often interpreted based on their naming convention, frequently including the key's generation date or purpose, but this is not strictly required. Selectors facilitate key rotation and management by allowing senders to publish multiple public keys. The recommended DKIM key size is generally 2048 bits or greater for enhanced security. While 1024-bit keys are supported by RFC 8301, they are less secure. Regular key rotation (e.g., every 2-5 years) using new selectors improves security, though testing for compatibility with older systems supporting smaller key sizes is essential.
Key findings
- Selector Interpretation: DKIM selector names may indicate key generation date or purpose, but the selector itself is arbitrary.
- Key Size Recommendation: 2048 bits or greater is the recommended DKIM key size for strong security, with 4096 being a future goal.
- Key Rotation: Regular DKIM key rotation is crucial for security and can be facilitated by selectors.
Key considerations
- Compatibility: Test compatibility, especially with older systems that may have issues with key sizes larger than 1024 bits.
- Security vs. Performance: Consider the trade-offs between security and performance implications of larger key sizes.
- Naming Conventions: Descriptive selector names can aid key management and troubleshooting but are not mandatory.
What email marketers say
11 marketer opinions
DKIM selector names can be interpreted based on the naming convention used, often including the key's generation date or purpose. While there's no strict standard, descriptive names aid key management. The recommended DKIM key size is generally 2048 bits or greater for enhanced security. While some older systems might support 1024-bit keys, a move to 2048 bits is strongly advised for improved protection against spoofing.
Key opinions
- Selector Interpretation: DKIM selector names often indicate the key's generation date or purpose, assisting in key management.
- Recommended Key Size: The recommended DKIM key size is 2048 bits or greater for enhanced security.
- Security: Larger key sizes offer improved protection against spoofing and unauthorized email.
Key considerations
- Compatibility: Older systems might have issues with keys larger than 1024 bits, so testing is essential.
- Key Naming: Descriptive selector names can aid key management and troubleshooting.
- Key Rotation: DKIM selectors can be used to facilitate key rotation and management.
Marketer view
Email marketer from MXToolbox suggests that DKIM selectors should be short, alphanumeric strings. They also mention that selectors should be unique to prevent conflicts when using multiple DKIM keys.
8 Jan 2023 - MXToolbox
Marketer view
Email marketer from Reddit (u/EmailExpert) shares that while 2048-bit keys are generally recommended, some older systems might have issues with keys larger than 1024 bits. It's essential to test compatibility.
15 Apr 2025 - Reddit
What the experts say
2 expert opinions
DKIM selectors are arbitrary identifiers used to publish multiple public keys, facilitating key rotation. Experts recommend key sizes of 2048 bits and regular rotation, suggesting rotation every 2-5 years.
Key opinions
- Selector Purpose: DKIM selectors are arbitrary identifiers for publishing multiple public keys.
- Key Size Recommendation: 2048-bit keys are recommended by experts.
- Key Rotation: Regular key rotation is advised, with a suggested interval of 2-5 years.
Key considerations
- RFC Syntax: Consult the relevant RFC for more specific information on DKIM selector syntax.
- Regular Key Rotation: Consider regularly rotating DKIM keys to mitigate security risks.
Expert view
Expert from Spamresource mentions that the selector is arbitrary and is used to publish multiple public keys. They also suggest to check the RFC for more specific information on syntax.
5 May 2024 - Spamresource
Expert view
Expert from Email Geeks bumped his keys to 2048 and rotates them after 2-5 years.
9 Feb 2023 - Email Geeks
What the documentation says
4 technical articles
DKIM selectors are strings identifying DKIM key pairs, enabling receivers to locate the public key for verification. They facilitate key rotation and management, allowing senders to publish multiple keys. RSA keys should be at least 1024 bits, ideally 2048 bits or longer, for better security. Regular key rotation with new selectors enhances security by minimizing the impact of compromised keys.
Key findings
- Selector Identification: DKIM selectors identify the key pair used to sign an email, helping receivers find the public key.
- Key Rotation Support: Selectors enable key rotation and management by allowing multiple published keys.
- Minimum Key Length: RSA keys should be at least 1024 bits, with 2048 bits or more recommended.
Key considerations
- Regular Rotation: Regularly rotate DKIM keys for enhanced security.
- Selector Uniqueness: Use a new selector for each key rotation to limit the impact of compromised keys.
- Performance: Key size impacts both security and performance; consider the trade-offs.
Technical article
Documentation from Google Workspace Admin Help recommends regularly rotating DKIM keys. Using a new selector for each key rotation improves security by limiting the impact of a compromised key.
27 Nov 2021 - support.google.com
Technical article
Documentation from Cloudflare.com states that a DKIM selector is a string that identifies the DKIM key pair used to sign an email. It tells the receiving server where to look up the public key to verify the signature.
14 Dec 2024 - Cloudflare.com
Are people using 4096-bit DKIM keys, and what is the recommended DKIM key length?
Do DKIM selectors affect email reputation?
How can DMARC reports be enriched with user-level data for better domain enforcement?
How do I find the DKIM selector for my domain in Dmarcian or Hubspot?
How does changing DKIM selectors impact email reputation and what are the best practices for key rotation?
What are the pros and cons of 1024-bit vs 2048-bit DKIM keys?
