Cryptographic Algorithm and Key Usage Update to DomainKeys Identified Mail (DKIM)
Embed This Widget
Add the script tag and a data attribute to embed this widget.
Embed via iframe for maximum compatibility.
<iframe src="https://ipfyi.com/iframe/entity//" width="420" height="400" frameborder="0" style="border:0;border-radius:10px;max-width:100%" loading="lazy"></iframe>Paste this URL in WordPress, Medium, or any oEmbed-compatible platform.
https://ipfyi.com/entity//Add a dynamic SVG badge to your README or docs.
[](https://ipfyi.com/entity//)Use the native HTML custom element.
S. Kitterman · 2018-01
Abstract
The cryptographic algorithm and key size requirements included when DKIM was designed in 2006 are increasingly weak as hardware and cryptanalytic advances continue. This document updates DKIM requirements to those minimally suitable for near-term future use and removes DKIM's requirement for SHA-1 support.
Why This RFC Matters
RFC 8301 addressed the aging cryptographic underpinnings of DKIM by mandating RSA key sizes of at least 1024 bits (with 2048 bits strongly recommended) and removing the SHA-1 algorithm from the required algorithm set, reflecting that SHA-1 collision attacks had become feasible. For email operators this meant rotating DKIM signing keys to stronger parameters, a change that major email providers and ESPs implemented in 2018. The Best Current Practice status signals that this is an operational requirement rather than just a theoretical recommendation, directly affecting email deliverability for domains using under-specified key configurations.