Question(s) about DKIM

Hi,

I just configured my domain with DKIM, following this documentation page: DomainKeys & DKIM | Axigen Documentation

I made the .pem files with WSL , generated the public keys, applied the DNS settings on my domain provide, added the Acceptance and Routing rules to Webadmin.

When testing to send an e-mail to my Gmail account, I can see that it is now signed by and have DKIM: Pass

Thats great! I might be able to have some more faith in my emails being delivered now.

But, I am just wondering about 1 thing, Do I need to re-make and update the .pem files every few months? Are they like the HTTPS certificates that run out and need to be re-applied?

if so, Could I not just have used my HTTPS (webmail) certificate instead of making new ones?

thanks!

Hello Peter,

No, them are not expiring so you may keep it for as long you like.

On the other hand, at enterprise level the current recommendation made by Messaging, Malware and Mobile Anti-Abuse Working Group (M3AAWG) is to rotate them at every six months [1] [2].

HTH,
Ioan

[1] https://www.m3aawg.org/sites/default/files/m3aawg-email-authentication-recommended-best-practices-09-2020.pdf
[2] https://www.m3aawg.org/DKIMKeyRotation