Suped

Summary

The choice of DKIM key size, particularly between 1024-bit and 2048-bit, is a frequent topic in email deliverability and security discussions. While 2048-bit keys offer enhanced cryptographic strength, 1024-bit keys remain widely supported and are not yet deprecated. The primary challenge often lies in an email service provider's (ESP) ability or willingness to support larger key sizes, which involves significant development work beyond just the underlying Mail Transfer Agent (MTA) capabilities.

Suped DMARC monitor
Free forever, no credit card required
Get started for free
Trusted by teams securing millions of inboxes
Company logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logo

What email marketers say

Email marketers often find themselves caught between customer security requirements and the practical limitations of their ESPs regarding DKIM key sizes. While many acknowledge the perceived benefit of 2048-bit keys, the operational reality points to the continued viability of 1024-bit keys and the significant effort required for ESPs to implement larger options, especially when dealing with cloud-based sending.

Marketer view

Marketer from Email Geeks inquires if the 2048-bit key requirement is an internal security policy for the sender, indicating that such demands often originate from within the customer's organization.

30 Sep 2020 - Email Geeks

Marketer view

Marketer from Email Geeks explains their customer's strict security requirement for a minimum 2048-bit DKIM key, which their current ESPs do not seem to support for cloud sending. This highlights a common conflict between customer policy and provider capability.

30 Sep 2020 - Email Geeks

What the experts say

Experts in the email deliverability space generally agree that while 2048-bit DKIM keys offer a higher level of security, 1024-bit keys are still considered safe and widely supported, with no known practical vulnerabilities. They emphasize that the main barrier to broader 2048-bit adoption is often the significant development and integration work required by ESPs, rather than a lack of underlying MTA capability.

Expert view

Expert from Email Geeks questions the source of the demand for a specific DKIM key size, suggesting that clarifying the origin of the security requirement is a crucial first step.

30 Sep 2020 - Email Geeks

Expert view

Expert from Email Geeks asks for clarification on whether the key size in question is deemed too large or too small, highlighting the ambiguity that can arise in technical security discussions.

30 Sep 2020 - Email Geeks

What the documentation says

Official documentation and security best practices generally encourage the use of stronger cryptographic keys where possible, but acknowledge that 1024-bit DKIM keys still meet minimum security requirements. The emphasis is often on ensuring proper implementation and maintaining the integrity of the email authentication process, with 2048-bit keys being a recommendation for enhanced security, not a strict mandate for immediate deprecation of smaller keys.

Technical article

Documentation from Mailjet highlights that upgrading from 1024-bit to 2048-bit DKIM keys is essential for protecting emails from fraud. They emphasize that the longer key provides stronger cryptographic protection for email authentication.

24 Apr 2025 - Mailjet

Technical article

Documentation from Twilio describes a 2048-bit DKIM key as a powerful security measure designed to protect emails from unauthorized changes and impersonation. They advocate for its use to enhance email integrity.

20 Jun 2023 - Twilio

10 resources

Start improving your email deliverability today

Get started