Allow rotation of DKIM keys
I would like the ability to rotate the DKIM key used by mailgun for my domain on a periodic basis. The only option I was given by mailgun support is to delete my domain and start over. Rotating the key is important to mitigate the effects when keys are compromised.
Anonymous
shared this idea
-
Jeremy Lopez commented
Hi Chris, looks like the improvement for automatic DKIM key rotation was recently released under the name of "automatic sender security" :)
https://help.mailgun.com/hc/en-us/articles/16956951504539-How-can-I-rotate-my-DKIM-key#h_01HXVQP0N1RT06YGDVVJQ1MFS9 -
Hi all,
Apologies for the delay here. We have released the ability to manage multiple DKIM keys for a sending domain, which will allow users to rotate their keys (manually for now). Please see the following help article for information on how to perform this action: https://help.mailgun.com/hc/en-us/articles/16956951504539-How-do-I-rotate-my-DKIM-key-
I will be keeping this feature request open, as we expect to release additional functionality in Q3 of this year that will allow for automatic rotation of DKIM keys based on a set schedule. Stay tuned for more information.
-
lucky narayani commented
Is there any update on this feature?
-
Link Porterfield
commented
You and me both. I asked support about this back in Q3 of 2019, and the only way was to remove the domain and add it again with the 2048 bit key. I haven't done yet due to it being a service affecting, disruptive procedure.
-
Aidan Kane
commented
As an extension of this, it would be great if Mailgun could support the model where they manage it for you.
On sendgrid, for example, you set up 2 domain records which are both CNAMEs to them. That way they can flip flop between the 2 domains rotating the key each time.
-
Scott Grantham
commented
I'd like a way to rotate DKIM keys, or migrate from 1024 bit to 2048 bit keys.
-
cchop
commented
Support 2048-bit DKIM keys
-
Daniel
commented
How can the keys be compromised if only Mailgun knows them?