Double DKIM dns records
Is it a problem if I create two DKIM domainkey records for the same domain?
- mailservice1._domainkey.example.com
- mailservice2._domainkey.example.com
I'm testing/migrating from a mail service to another and I would like to maintain both for some weeks.
The purpose of the selector key is to allow multiple keys to be used. The design of DKIM assumes that you will have multiple keys for various reasons. There is a requirement that each active key have a different selector key.
It is recommended to replace the signing keys periodically. When doing so, you create the record for the new key, and retain the old record until you can reasonably assume all mail signed with the key has been validated.
When using third parties to deliver mail (common for businesses), the third parry should be provided their own signing key. The public key would then be added to DNS as an additional record.
When using multiple MTAs to sign mail, it may be more secure to generate the keys locally. While the private key needs to be kept secure, the public key can be safely transferred. The public key, would be sent to the DNS maintainer to add the appropriate selector record.