- Newest
- Most votes
- Most comments
Hi Miquel,
I've had the same questions as you and you need indeed to keep all three records. This is how EasyDKIM works. 2 selectors are used for keys rotation (old one and new one). You cannot force the rotation. This is handled by AWS and occurs once a year, though A makes no commitment on this (not documented). The third key is used as backup when upgrading key length. It will be used in case of rollback. It will stay forever. You cannot delete it.
AWS always uses one selector at a given time. You can verify what selector is used by sending an email from your domain.
AWS documentation could be improved on how EasyDkim works. It would be nice also to see in the admin console which key is active.
Regards, V.P.
Hi Miquel,
Assuming you have generated this using Easy DKIM in SES. I do not believe any newly generated records for the 2048 bits key should not point to the 1048-bit key or an expired key. It may be an issue where DNS propagation takes some time resulting in some records still pointing to old/expired keys. (According to AWS it may take up to 72 hours for DNS propagation)
Please verify the CNAME records for the newly generated 2048 bits key is accurate in your hosting provider or else regenerate the keys and try adding them to your DNS provider.
Relevant content
- asked 5 months ago
- asked 6 months ago
- Accepted Answerasked 2 years ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 7 months ago
- AWS OFFICIALUpdated 2 years ago
Yes, it is using the Easy DKIM in SES. How do I regenerate the keys please? Thanks a lot for your answer