What is a good DKIM key rotation strategy?
A strong rotation strategy includes:
publishing a new selector while keeping the old one active
graduating all systems to the new key
monitoring message signatures for a full propagation cycle
removing the old selector only after all systems stop using it
Rotation reduces long term risk and prevents attackers from taking advantage of compromised or aging keys.
Was this answer helpful?
Thanks for your feedback!