Allow rotation of DKIM keys
I would like the ability to rotate the DKIM key used by mailgun for my domain on a periodic basis. The only option I was given by mailgun support is to delete my domain and start over. Rotating the key is important to mitigate the effects when keys are compromised.

Hi all,
This is planned for Q4 of this year, as well as the ability to switch between 1024 and 2048 bit keys without having to delete and re-add the domain.
-
Link Porterfield commented
You and me both. I asked support about this back in Q3 of 2019, and the only way was to remove the domain and add it again with the 2048 bit key. I haven't done yet due to it being a service affecting, disruptive procedure.
-
Aidan Kane commented
As an extension of this, it would be great if Mailgun could support the model where they manage it for you.
On sendgrid, for example, you set up 2 domain records which are both CNAMEs to them. That way they can flip flop between the 2 domains rotating the key each time.
-
Scott Grantham commented
I'd like a way to rotate DKIM keys, or migrate from 1024 bit to 2048 bit keys.
-
cchop commented
Support 2048-bit DKIM keys
-
Daniel commented
How can the keys be compromised if only Mailgun knows them?