Publication Date – September 11, 2023
|Public key size is less than 2048 bits
|Keys shorter than 2048 bits may be insecure.
|Use OpenSSL or SSL implementation of your choice to generate a new keypair, and specify 2048 bits or greater of key strength at generation. Implement the stronger keypair into your DKIM configuration.
|Malformed public key
|There is a problem with the public key that may render it ineffective. The key may not have been produced or configured properly.
|Check that your keys are properly stored and the DKIM record has the correct key. You may need to generate a new public key.
|Public key size is smaller than 1024 bits
|Keys shorter than 1024 bits can be broken with consumer devices. A key length of 2048 bits is recommended.
|Use a TLS implementation of your choice to generate a new RSA key pair and specify bit strength that is larger than 1024 bits. Implement the stronger key pair into your DKIM configuration. To avoid a WARN grade on your new key, specify at least 2048 bits.
|This DKIM record contains a malformed flag value
|Your record uses unrecognized flags that may make it ineffective.
|If it's used, double check that your “t=” statement only has “y” or “s” for values, as allowed in RFC-4871, DomainKeys.
|This DKIM Record is intended for testing purposes
|This key is for testing purposes only and should be treated the same way as an unsigned email.
|Remove the “t=y” tag from your record to receive full evaluation of your DKIM configuration.
|This DKIM record contains an empty public key
|This typically indicates the key has been revoked.