LoginGet Started

Outbound Security

DMARC RiComputerLine

Active Visibility

SPF Analyzer

Sender Identity

DKIM Validator

Cryptographic Security

BIMI Suite

Brand Verification

Inbound Security

MTA-STS

Enforced Encryption

TLS-RPT

Delivery Reporting

Utilities

Domain Audit

FREE

Full Security RiCheckLine

SVG Converter

FREE

BIMI Automation

PricingContact Us

DKIM & RiKeyLine Rotation

DomainKeys Identified RiMailLine (DKIM) adds a cryptographic digital signature to your emails. This proves the email hasn't been tampered with in transit.

Why Rotate Keys?

Like passwords, DKIM keys should be changed periodically (at least every 6-12 months). If an attacker steals your private key, they can sign malicious emails that look completely legitimate.

Zero-Downtime Rotation Strategy

To rotate keys without blocking email, use the Dual Selector method:

1

Create RiKeyLine 2 (Passive)

Generate a new key pair (selector: key2) and publish the public key to your DNS. Do not configure your email server to sign with it yet.

2

Wait for Propagation

Wait 24-48 hours. This ensures all receiving servers see the new public key in your DNS.

3

Switch Signing

Update your email server to start signing messages with key2. You can now safely retire key1.