How to downgrade DKIM bit key from 2048 to 1024

Hello HOSHB,

Thanks for your reply with patience.

First, Microsoft didn't automatically upgrade customers DKIM key size from 1024 to 2048 yet. Since your DKIM size is 1024, and it didn't work now.  In this case please double check if  the two specific CNAME records required by DKIM are correct. They are like these as below

Host name:   selector1._domainkey

Points to address or value: selector1-<domainGUID>._domainkey.<initialDomain>

TTL:    3600

Host name:   selector2._domainkey

Points to address or value: selector2-<domainGUID>._domainkey.<initialDomain>

TTL:    3600

However, since your Office 365 is hosting in GoDaddy, the required CNAME records you have may be different from Microsoft Hosted (Above), the records I provided are from Microsoft Official article, and I can find limited information about GoDaddy, so it is recommended that please focus on the GoDaddy dedicated support team to double check it, thanks.  

On another hand, if the CNAME records are OK, you can suggest your admin try to temporarily disable the DKIM in the Office 365 Exchange Admin Center > Protection > DKIM.  After that please wait for some hours and re-enable it to see how it goes, thanks.

As your Office 365 hosting in GoDaddy, and we are focus on Microsoft hosted Office 365 Exchange Online Support. The information (records and settings ) I provided above may be different from the GoDaddy side, so it is recommended that please contact the GoDaddy support team for further professional assistance, thanks.

By the way, if you need any further help from Our Microsoft Office 365 for Business side, please feel free to let me know and I am willing to help you, thanks.

Your understanding and patience will be highly appreciated.

Best regards,

Oliver

Hi Oliver,

Thanks for the reply. You’re correct. My bit key is still set at 1024. 

My DKIM stopped authenticating (it worked for months) and I thought it may be due to O365’s move to 2048 bit keys.

I’m still trying to figure out why DKIM fails when I enable it for my domain. Currently troubleshooting with an MSFT technician.

Have you recently heard of or experienced DKIM failures?

fyi - I have O365 with GoDaddy, who isn’t trained to provide email authentication support, and hosting with Wix.

Hello HOSHB,

Do you have any updates to share with me?

Regards,

Oliver

Hello HOSHB,

Based on your description, I did a lot of tests and research about DKIM in Office 365, just as you mentioned the 2048 bit DKIM selector key size has been rolled out.  And as far as I know the Office 365 DKIM selector key size is 1024 by default, and if you need 2048 bit DKIM selector key size, you need to manually upgrade it via Powershell.   So **I want to double confirm have your ever upgraded it manually?**For more details, you can refer to https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/use-dkim-to-validate-outbound-email#1024to2048DKIM

For further checking and researching, I need to collect your current DKIM configuration details, so please try to get it via Exchange Online Powershell and then provide the Complete result with me via Private Message (PM).  You can connect to Exchange online powershell with your global admin account and then run Get-DkimSigningConfig | fl to get your current configurations, thanks.  And may I know if you upgraded the DKIM selector key size to 2048 for Default domain ( onmicrosoft.com) or your custom domain?

Regards,

Oliver