RFC 4871 required the use of a DKIM RSA key length of at least 1,024 bits “for long-lived keys,” but also required that verifiers continue to support shorter keys. And many shorter keys were in common use even five years later, when Google’s 512 bit DKIM key was cracked and used to send spoofed email to Google’s founders. So for various reasons, it’s interesting to see what DKIM key lengths are in common use.
In 2021, for the first time in the dataset provided by DomainTools (formerly Farsight Security), the number of 2,048 bit DKIM RSA keys overtook the number of 1,024 bit RSA keys – and by a large margin.
DKIM RSA key sizes observed from 2013 through 2021
As we can see, there are about twice as many 2,048 bit keys observed in CY2021 as 1,024 bit keys, or about 4.5 times as many as were observed in CY2020.
More information about DKIM keys can be found on our new DKIM Statistics page.