Back in 2011, we
launched the ability for any Google Apps administrator to set up
DomainKey Identified Mail (DKIM). DKIM is a way to digitally sign messages so that recipient servers can verify that the message really comes from your domain and hasn't been changed along the way. Additionally, when you sign your messages with DKIM, they become less likely to get caught up in recipients’ spam filters.
The fight against spoofers still continues today, and as spoofers’ tools have gotten more powerful, 1024-bit DKIM keys are no longer as secure. For that reason, we’re pleased to announce that Google Apps customers can now digitally sign their messages with 2048-bit DKIM keys, and we strongly recommend making this the standard for all email messages sent from your domain going forward.
Recommendations- If you are currently not using DKIM to protect your Gmail messages, set up 2048-bit DKIM in the Admin console. See the Help Center articles below for instructions.
- If you are already using DKIM with 1024-bit keys, check with your DNS provider to see if they support 2048-bit keys. If so, update your domain keys to 2048-bit for the best protection.
Important: Some domain registrars do not yet support 2048-bit DKIM keys, even though this has been available for more than 30 years. For those domains, we still offer the ability to sign messages with 1024-bit keys from a drop-down.
Launch DetailsRelease track: Launching to both Rapid release and Scheduled release
Rollout pace: Gradual rollout (potentially longer than 3 days for feature visibility)
Impact: Admins only
Action: Admin action suggested/FYI
More InformationAbout DKIMGenerate the domain key Update DNS recordsUpdate DNS records for a subdomain
Note: all launches are applicable to all Google Apps editions unless otherwise notedLaunch release calendarLaunch detail categoriesGet these product update alerts by emailSubscribe to the RSS feed of these updates