Twilio SendGrid now uses 2048 Bit DomainKeys Identified Mail (DKIM) to provide stronger security and protection. Existing domain authentication configurations are not changing automatically but if you wish to enhance your security from your existing setup follow this guide.
If you created your first domain authentication after May 2021, you already have a 2048 DKIM key.
How can I tell if I have 1024 bit DKIM keys or 2048 bit DKIM keys?
You can use this online tool to easily check their key length. The tool asks for the selector and domain. If the customer’s DKIM key was at s1._domainkey.example.com, then you would enter “s1” in the selector field and “example.com” in the domain field.
To migrate to 2048 Bit DKIM Keys:
- Log into your SendGrid account and navigate to Settings.
- Select Sender Authentication and then click Authenticate Your Domain.
- Continue through the domain authentication process. When you get to the second page, you will need to use a custom selector that differs from the default “s1” that SendGrid uses under the advanced settings. You should use a unique value (eg. 'abc').
- Delete the old domain authentication once you have verified the new one.
For more information about DKIM records, go to the DKIM Records Explained page.