How often should you rotate your DKIM key?

DKIM (DomainKeys Identified Mail) is a great process for authenticating email messages. It uses a public-private key pair to cryptographically sign an email message to ensure that it was not modified in transit and that it actually originated from somebody associated with the domain name used in the from address.

It's good stuff, and implementation is now relatively easy for most folks. ESPs support it, Google supports it, and you can do it with good ol' Postfix. But that's just setup -- what about ongoing maintenance? There's one thing you should be doing periodically, and that's updating your DKIM key pair, so that bad guys never have enough time to crack your DKIM key while it is still in use.

How often should you rotate (update) your DKIM key pair? Anti-abuse messaging industry group M3AAWG covers this in a whitepaper from 2019. And Proofpoint provides a concise summary of the same.

Too complicated? OK, fine. Rotate your DKIM key every six months. There. Easy, right? Let's say eventually bad guys figure out how to crack your key, putting in a couple of years hard work, maybe with assistance from a botnet or two. Six months is not so short a period that you are stuck updating keys constantly, but it's a quick enough interval that by the time somebody cracks that key it's been months or years since you actually used it to sign messages.

And make sure it's a 2048-bit key. A smaller key length isn't secure enough and a longer key length isn't certain to be supported by ISPs. Researchers broke a 768-bit key in 2010 with two years of work, and while a quantum computer could bust a 2048-bit key in 10 seconds, no such thing exists yet. So you're safe for now.

For some folks, implementing a 2048-bit DKIM key can be difficult, because the public key can be too long to fit into a single DNS text record. There's a solution to that; it's to break the TXT record up into chunks, as described here or here. If that's an insurmountable challenge, implement a 1024-bit key instead -- its public key will fit in a single DNS TXT record. That's better than not implementing DKIM at all -- lots of people still use 1024-bit keys. It's just not really forward looking, not future proof. Solve that problem tomorrow; your problem today is getting DKIM appropriately up and running.

TL;DR? Rotate your DKIM key every six months, and use a 2048-bit key if possible.

And don't do anything silly like try to rotate your DKIM keys daily or hourly. Email messages can get delayed in transit, and you need to have the key stable in DNS long enough for every possible ISP to receive and check the signature of that email message. After you stop using a key, it must remain alive at least long enough to account for its use by all messages already in transit, until they are delivered. I would assume that'd be 3-4 days, but I don't see any hard data on this and I think it unwise to proceed on assumptions alone.

No comments:

Post a Comment

Comments policy: Al is always right. Kidding, mostly. Be polite, and you're welcome to join in, even if it's a differing viewpoint.