DKIM Ed25519-SHA256 adoption
In this blog, we will delve into the significance of these RFCs, their recommendations, and the current state of email providers' support for Ed25519-SHA256.
DKIM
Email security is a crucial aspect of digital communication, and DomainKeys Identified Mail (DKIM) has long been a key mechanism for enhancing email authenticity and integrity. DKIM was standardized in RFC6376, introduced in September 2011, to address email spoofing and tampering. However, recent advancements in cryptographic algorithms have led to RFC8463 in September 2018, which prescribes the use of the Ed25519-SHA256 algorithm for DKIM signatures.
Ed25519-SHA256
The Ed25519-SHA256 algorithm is superior and more efficient than the older RSA algorithm that became obsolete in November 2016 with RFC8017. Compared to a 2048-bit RSA key, Ed25519-RSA256 offers the advantage of smaller key sizes while maintaining higher cryptographic strength. This enables stronger signatures without encountering length restrictions in DNS records. Here are examples of an RSA and an Ed25519 DKIM DNS record. As you can observe, the key size is significantly smaller and can easily fit within the 255-byte limit of the DNS structure.
rsa._domainkey.example.com
"v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDPUExiq1wQ1CJ+mv9WBTreAaLD/u25hLKfD1eRoMmgjk29ltOz3tXFtyPTywqHQ5hYL2I46bWZTnc18kMdjj2IKExDpGFa3pRUeQEHeGfkyd1QZi1FLyGo4X4PC26lSKm0/gNMvoKCzA7ESm49LHr1L9LjvaG6OdLfKI40k0qTiQIDAQAB"
ed25519._domainkey.example.com
"v=DKIM1; k=ed25519; p=1mhHuf6JcXfsGMT7+KBPIHNb1RiAfXnuuzIBxV4rcXE="
Adoption
Despite the new requirements outlined in RFC8463, the implementation by email providers has been limited thus far. While the RFC states that...
Signers SHOULD implement and verifiers MUST implement the Ed25519-SHA256 algorithm
..., the reality falls short. Below is an overview of the current support for Ed25519-SHA256 signing and verification among email providers:
| Provider | Signing | Verification | Auth Result | DMARC Result |
|---|---|---|---|---|
| Microsoft | ❌ | ❌ | fail |
|
| ❌ | ❌ | neutral |
fail |
|
| Yahoo | ❌ | ❌ | perm_fail |
permerror / temperror |
| Mimecast | ❌ | ✔️ | ||
| Fastmail | ❌ | ❌ | invalid |
temperror |
| Mail.Ru | ❌ | ✔️ | ||
| Comcast | ❌ | ❌ | fail |
|
| Seznam | ❌ | ❌ | fail |
|
| Proofpoint | ❌ | ❌ | permerror |
|
| ProtonMail | ❌ | ✔️ | ||
| Tutanota | ❌ | ❌ | permerror |
|
| Zoho Mail | ❌ | ? |
Conclusion
The lack of implementation hinders the enhancement of email security and the widespread adoption of a more secure cryptographic algorithm. We remain hopeful that major email providers will prioritize adding support for the Ed25519-SHA256 algorithm soon.