https://support.google.com/mail/answer/81126?hl=en
Look at "authenticate your mail" in the above link. Gmail required 1024 bits. Google market dominance makes it a defacto standard. Original Message From: pg...@dev-mail.net Sent: October 13, 2018 7:40 AM To: postfix-users@postfix.org Subject: Re: Are sha1 & TLSv1 fully deprecated wrt mail, and time to block them? I appreciate the comments on this. Boils down to: > ... moral of this story is .... in no particular order, ** 'Best/current Practice' _is_ better than sha1/dkim & TLSv1 ** FinCo's lazy & sloppy, not worth rejecting, but I can flag & watch ** I've checked my ~12 month logs; FinCo represents ~ 95% of accepted/legit mail that's both sha1/dkim & TLSv1 ** I'll send one letter to FinCo's CIO/CSO offices. I expect no change, but it'll make me 'feel better'. ** I've confirmed that < 1024 bit sigs are not accepted at all ** for now, my TLS policy stays at ="may" and get back to more useful work. thanks all.