What is the difference between rsa-sha256 and ed25519 DKIM signatures?

Still have a question, spotted an error, or have a better explanation or a source we should cite?

These are the two cryptographic algorithms you can use to generate DKIM signatures. They differ in how the math works, how long the keys are, and how widely they're supported.

rsa-sha256 is the older of the two and the current standard. It uses RSA encryption combined with SHA-256 hashing. RSA keys need to be large to be secure: 2048 bits is the recommended minimum today, with 4096 bits for higher security environments. Most ESPs default to rsa-sha256, and every major mailbox provider supports it. If your DKIM is set up and working, it's almost certainly using rsa-sha256.

ed25519 is a newer elliptic curve algorithm. Its keys are much shorter (256 bits instead of 2048+ bits), but the security is comparable or better. Shorter keys are also faster to sign and verify, which matters at scale. The RFC for ed25519 DKIM signatures is newer, and while support has grown, it's not yet universal. Some older mail infrastructure doesn't support ed25519 verification.

And for For most senders, the practical answer is: use rsa-sha256 for now. It's universally supported, and if your ESP supports it, consider publishing both an rsa-sha256 key and an ed25519 key under different selectors. Mail servers that support ed25519 will use it; those that don't will fall back to RSA. This is sometimes called "algorithm agility" and it's a forward-compatible approach.

If you do use ed25519, you still want a 2048-bit rsa-sha256 backup. Not because ed25519 is weaker but because some receiving infrastructure, particularly older enterprise mail servers, won't recognize ed25519 and may not know how to verify the signature. Check with your ESP whether they support ed25519 before planning anything around it.

For guidance on key lengths for RSA, see 1024 vs 2048-bit DKIM keys.

Contributors

Who worked on this answer

Every name links to their profile. Every company links to their site. Real people, real accountability.

Ask an AI · tailored to your setup

Get a recommendation on algorithm choice for your specific mail setup.

I read this on the Email Almanac about rsa-sha256 vs ed25519 DKIM signatures. My situation: My current DKIM setup uses rsa-sha256 / ed25519 / not sure. I'm using describe your ESP. I want to understand [describe e.g., "whether my ESP supports ed25519" or "how to publish both algorithms under different selectors" or "whether using ed25519 only is causing some messages to fail verification"].

Edit the yellow boxes, then send to the AI of your choice.