DKIM Ed25519-SHA256 adoption

DKIM

Email security is a crucial aspect of digital communication, and DomainKeys Identified Mail (DKIM) has long been a key mechanism for enhancing email authenticity and integrity. DKIM was standardized in RFC6376, introduced in September 2011, to address email spoofing and tampering. However, recent advancements in cryptographic algorithms have led to RFC8463 in September 2018, which prescribes the use of the Ed25519-SHA256 algorithm for DKIM signatures.

Ed25519-SHA256

The Ed25519-SHA256 algorithm is superior and more efficient than the older RSA algorithm that became obsolete in November 2016 with RFC8017. Compared to a 2048-bit RSA key, Ed25519-RSA256 offers the advantage of smaller key sizes while maintaining higher cryptographic strength. This enables stronger signatures without encountering length restrictions in DNS records. Here are examples of an RSA and an Ed25519 DKIM DNS record. As you can observe, the key size is significantly smaller and can easily fit within the 255-byte limit of the DNS structure.

rsa._domainkey.example.com
"v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDPUExiq1wQ1CJ+mv9WBTreAaLD/u25hLKfD1eRoMmgjk29ltOz3tXFtyPTywqHQ5hYL2I46bWZTnc18kMdjj2IKExDpGFa3pRUeQEHeGfkyd1QZi1FLyGo4X4PC26lSKm0/gNMvoKCzA7ESm49LHr1L9LjvaG6OdLfKI40k0qTiQIDAQAB"

ed25519._domainkey.example.com
"v=DKIM1; k=ed25519; p=1mhHuf6JcXfsGMT7+KBPIHNb1RiAfXnuuzIBxV4rcXE="

Adoption

Despite the new requirements outlined in RFC8463, the implementation by email providers has been limited thus far. While the RFC states that...

Signers SHOULD implement and verifiers MUST implement the Ed25519-SHA256 algorithm

..., the reality falls short. Below is an overview of the current support for Ed25519-SHA256 signing and verification among email providers:

Provider Signing Verification Auth Result DMARC Result
Microsoft fail
Google neutral fail
Yahoo perm_fail permerror / temperror
Mimecast ✔️
Fastmail invalid temperror
Mail.Ru ✔️
Comcast fail
Seznam fail
Proofpoint permerror
ProtonMail ✔️
Tutanota permerror
Zoho Mail ?

Conclusion

The lack of implementation hinders the enhancement of email security and the widespread adoption of a more secure cryptographic algorithm. We remain hopeful that major email providers will prioritize adding support for the Ed25519-SHA256 algorithm soon.