Domains & Authentication

Do I need 2048-bit DKIM?

How DKIM key size is handled in MailBlastr — it generates a 2048-bit key pair for you and you publish one DKIM TXT record holding the public key, so there is no size to choose.

Short answer: you do not need to think about DKIM key size at all — MailBlastr already uses a strong 2048-bit key. MailBlastr generates an RSA key pair for your domain, uses the private key to sign your mail, and gives you one DKIM TXT record holding the public key to publish. The size is fixed at 2048 bits; there is no choice to make.

This is the "BYO DKIM" model: the public key lives in a TXT record on your domain (v=DKIM1; k=rsa; p=...) rather than being delegated to the provider with CNAMEs. MailBlastr handles the key generation for you, so the only thing you do is paste the one TXT value.

The DKIM record MailBlastr generates

There is a single DKIM record: a TXT at a fixed selector hostname on your domain, holding the public half of the 2048-bit key pair MailBlastr generated.

DKIM — TXT
TypeTXToptional

A single DKIM key record.

Namemailblastr._domainkey.yourdomain.comoptional

The DKIM selector hostname. mailblastr is the fixed selector MailBlastr uses.

Valuev=DKIM1; k=rsa; p=<public key>optional

The RFC 6376 DKIM key record holding your domain’s 2048-bit public key.

TTLAutooptional

Provider default; MailBlastr does not require a specific TTL.

Why a single TXT record

  • Strong keys by default. MailBlastr signs with a 2048-bit key — you inherit that strength without choosing or managing it.
  • Nothing to generate. MailBlastr creates the key pair and holds the private key; you only publish the public key in one TXT record.
  • Paste it exactly. The public key is a long base64 string, so copy the value verbatim — a truncated, wrapped, or re-quoted value will block verification.

1024-bit vs 2048-bit, if you’re wondering

A frequent question is whether you need a 2048-bit DKIM key. MailBlastr already uses 2048-bit, so you are covered — but the background, for completeness:

1024-bit is RFC-compliant. RFC 8301 §3.2 sets 1024 bits as the minimum verifiers must support and the recommended floor for signers. Gmail, Outlook, Yahoo, and Apple all accept 1024-bit DKIM signatures, and 1024-bit remains widely used for transactional and marketing mail.

It meets the bulk-sender requirements. The 2024 Google / Yahoo / Microsoft requirements (for anyone sending more than 5,000 messages a day to their users) require DKIM alongside SPF and DMARC, but none of them mandate a specific key length — and 2048-bit comfortably satisfies them.

1024-bit2048-bit (MailBlastr default)
SecurityMeets current RFC recommendations for email signing.Larger cryptographic margin / future-proofing.
PerformanceFaster signing and verification.More resources per message; negligible at normal volumes.
DNS compatibilityFits comfortably in a single TXT record.Longer public key — some DNS providers wrap the value; paste it exactly as shown.
DeliverabilityNo penalty.No downside — and you get the stronger key automatically.
The 2048-bit public key is a long value. If your DNS provider rejects or wraps long TXT records, paste the value exactly as MailBlastr shows it — do not add quotes or line breaks. See What if my domain isn’t verifying?.