Verifying a DKIM TXT Record and Key Length

After reading the Wired story last week about Zachary Harris discovering a widespread vulnerability related to the use of weak cryptographic DKIM keys (less than 1024 bits) by companies like Google, eBay, Yahoo, Twitter and PayPal, and the subsequent CERT warning (VU#268267), I decided to write a quick tool to check DKIM TXT records and determine their key length:

This tool grabs your DKIM DNS TXT record and uses OpenSSL to parse the contained public key to determine its key length.

Checking your DKIM DNS record

Update — Due to the recently released vulnerability related to the use of weak cryptographic DKIM keys, I wrote an online tool to check and verify DKIM TXT records, and determine their public key length: DKIM Key Checker

What is DKIM?

DomainKeys Identified Mail (DKIM) is a method for email authentication designed to detect sender address forgery (spoofing) in email, which is often used in spam and phishing emails.

Continue reading Checking your DKIM DNS record