| Public key size is less than 2048 bits |
Keys shorter than 2048 bits may be insecure. |
Use OpenSSL or SSL implementation of your choice to generate a new keypair, and specify 2048 bits or greater of key strength at generation. Implement the stronger keypair into your DKIM configuration. |
 |
| Malformed public key |
There is a problem with the public key that may render it ineffective. The key may not have been produced or configured properly. |
Check that your keys are properly stored and the DKIM record has the correct key. You may need to generate a new public key. |
 |
| Public key size is smaller than 1024 bits |
Keys shorter than 1024 bits can be broken with consumer devices. A key length of 2048 bits is recommended. |
Use a TLS implementation of your choice to generate a new RSA key pair and specify bit strength that is larger than 1024 bits. Implement the stronger key pair into your DKIM configuration. To avoid a WARN grade on your new key, specify at least 2048 bits. |
|
| This DKIM record contains a malformed flag value |
Your record uses unrecognized flags that may make it ineffective. |
If it's used, double check that your “t=” statement only has “y” or “s” for values, as allowed in RFC-4871, DomainKeys. |
|
| This DKIM Record is intended for testing purposes |
This key is for testing purposes only and should be treated the same way as an unsigned email. |
Remove the “t=y” tag from your record to receive full evaluation of your DKIM configuration. |
 |
| This DKIM record contains an empty public key |
This typically indicates the key has been revoked. |
|
|
Feedback
0 comments
Please sign in to leave a comment.