On Tue, Oct 14, 2025 at 04:25:29PM -0000, Stuart Henderson wrote: > On 2025-10-14, Jan Stary <[email protected]> wrote: > > Using the shorter ed25519 key instead (the other example in pkg-readme) > > works fine: a receiving MX says "dkim=pass header.d=stare.cz ..." > > Support for ed25519 in DKIM across the net is still rather poor.
Unfortunately this is true. Additionally, some mail systems that don't support ed25519 will treat mail with only a valid ed25519 DKIM signature as having an invalid signature, so instead of being indeterminate, (I.E. no signature that the receiving system understands), it's flagged as failing DKIM testing. > Realistically you still need to use RSA at least in addition to ed25519. If you can guarantee that SPF will always pass, or at least that it will always pass for mail for which you want a high confidence that it will be delivered, then running with only ed25519 DKIM is _possible_. This is neither a recommendation to do that, or to avoid doing it, rather an observation from several years of working with a domain that intentionally only provides ed25519 signing of mail along with strict DMARC policy. After all, somebody has to be the first to move to ed25519-only DKIM signing, otherwise we'll be stuck with the overhead of RSA forever.
