Bad Finding Messages
Malformed public key: There is a problem with the public key that may render it ineffective. The key may not have been produced or configured properly.
- Need to fix this? Check that your keys are properly stored and the DKIM record has the correct key. You may need to generate a new public key.
Public key size is smaller than 1024 bits: Keys shorter than 1024 bits can be broken with consumer devices. A key length of 2048 bits is recommended.
- Need to fix this? Use a TLS implementation of your choice to generate a new RSA key pair and specify bit strength that is larger than 1024 bits. Implement the stronger key pair into your DKIM configuration. To avoid a WARN grade on your new key, specify at least 2048 bits.
This DKIM record contains a malformed flag value: Your record uses unrecognized flags that may make it ineffective.
- Need to fix this? If it's used, double check that your “t=” statement only has “y” or “s” for values, as allowed in RFC-4871, DomainKeys.
Warn Finding Messages
Public key size is less than 2048 bits: Keys shorter than 2048 bits may be insecure.
- Need to fix this? Use OpenSSL or SSL implementation of your choice to generate a new keypair, and specify 2048 bits or greater of key strength at generation. Implement the stronger keypair into your DKIM configuration.
Neutral Finding Messages
This DKIM Record is intended for testing purposes: This key is for testing purposes only and should be treated the same way as an unsigned email.
- Need to fix this? Remove the “t=y” tag from your record to receive full evaluation of your DKIM configuration.
This DKIM record contains an empty public key: This typically indicates the key has been revoked.
- September 11, 2023: Published.
Feedback
0 comments
Please sign in to leave a comment.