DKIM authentication of valid email fails when using 1536 or 2048 bit keys
Last Updated January 04, 2019
DKIM authentication of valid email fails after creating and configuring a DKIM key either 1536 or 2048 bits long, and adding the associated DNS TXT record to your DNS server. DKIM authentication using a 1024 bit key, however, works without issue.
Some DNS servers will not accept or serve the long TXT records generated by 1536 bit or 2048 bit DKIM keys.
Please consult the DNS server documentation before using DKIM keys greater than 1024 bits in length. This helps ensure that the full TXT record associated with the DKIM key will be served by the DNS infrastructure.
For Windows 2003 and 2008 DNS servers, the long DKIM keys can be broken up into multiple lines when entering the record into the DNS management tool. A single long line will be truncated at 256 characters, but multiple lines will be accepted. For example, the following DKIM record would be truncated when entering it into dnsmgmt: