[GH-ISSUE #685] Documentation request change: DKIM 2048 bit goes against Google's policies. #1049

New issue

Closed

opened 2026-03-14 11:35:25 +03:00 by kerem · 1 comment

kerem commented

2026-03-14 11:35:25 +03:00

Owner

Originally created by @Waffleophagus on GitHub (Sep 25, 2024).
Original GitHub issue: https://github.com/anonaddy/anonaddy/issues/685

I got Addy setup over the weekend and I am quite pleased with it. But one thing that I did when following the setup guide was make a 2048 bit DKIM key goes against what Google suggests. My emails were going to inboxes, but the DMARC reports I got from Google were saying it was failing. So after asking around I discovered this: https://support.google.com/a/answer/11612790?hl=en Specifically the line that says

You can not enter a 2048-bit key as a single text string with a 255-character TXT record limit. Your DKIM key might be truncated, or your DKIM records might be sent out of order.

My suggestion, assuming this is correct (And having just set my DKIM key to 1024 bit and will report back tomorrow when I get the next DMARC report) is to update the documentation and explain why a 1024 is required.

If you'd like I can PR this change sometime in the next day or so, simple enough.

I am also aware of the fact that I may be totally wrong on this, and if so, would love to hear that as well!

Originally created by @Waffleophagus on GitHub (Sep 25, 2024). Original GitHub issue: https://github.com/anonaddy/anonaddy/issues/685 I got Addy setup over the weekend and I am quite pleased with it. But one thing that I did when following the setup guide was make a 2048 bit DKIM key goes against what Google suggests. My emails were going to inboxes, but the DMARC reports I got from Google were saying it was failing. So after asking around I discovered this: https://support.google.com/a/answer/11612790?hl=en Specifically the line that says > You can not enter a 2048-bit key as a single text string with a 255-character TXT record limit. Your DKIM key might be truncated, or your DKIM records might be sent out of order. My suggestion, assuming this is correct (And having just set my DKIM key to 1024 bit and will report back tomorrow when I get the next DMARC report) is to update the documentation and explain why a 1024 is required. If you'd like I can PR this change sometime in the next day or so, simple enough. I am also aware of the fact that I may be totally wrong on this, and if so, would love to hear that as well!

kerem closed this issue

2026-03-14 11:35:30 +03:00

kerem commented

2026-03-14 11:35:36 +03:00

Author

Owner

@willbrowningme commented on GitHub (Nov 15, 2024):

You can still use 2048 or even higher.

You can split it up into separate "strings" with each being less than 255 characters as described in the answer below.

https://serverfault.com/questions/1141834/how-to-correctly-split-a-dkim-txt-dns-entry

@willbrowningme commented on GitHub (Nov 15, 2024): You can still use 2048 or even higher. You can split it up into separate "strings" with each being less than 255 characters as described in the answer below. https://serverfault.com/questions/1141834/how-to-correctly-split-a-dkim-txt-dns-entry

No labels

bug

pull-request

No milestone

No project

No assignees

1 participant

Notifications

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/anonaddy#1049

No description provided.

Rows
Columns