DKIM Weekly Rotation of key, with new 'selector' where previous selector is removed the next week
As in:
https://proton.me/blog/dkim-replay-attack-breakdown
Rotating DKIM is highly important.
Currently, it' **** easy to rotate the DKIM key on Plesk, not to talk of updating DNS and running Route 53 update.
This is asked to be implmented, where a second key is added, and new mails use it.
Old key would be depreciated a week later, as previous emails are still in the progress.
Rotate your DKIM keys regularly – Rotating our DKIM keys allowed us to quickly stop the attack and buy time for the permanent solution. Although tedious and risky to do manually, Proton’s DKIM key management system(new window) allowed us to easily do this in minutes, and this system is the same system used for all domains hosted at Proton. The system also automatically rotates keys regularly to reduce the risk of key compromise.
Thank you for your idea! We will consider this functionality in upcoming releases if it will be popular.
Everyone, please continue voting for this feature if you consider it important.
-- PD