Migrating Email Providers; Are Multiple DKIM Records Viable During Transition?

Multiple DKIM records are a viable option.

DKIM keys and records should be replaced periodically. During the update process the old record remains for a period of time to allow verification of in transit messages. This can also allow re-validating received messages.

I don't see any value in using CNAME for DKIM records. It will only add additional DNS lookups before the required TXT record is read. DKIM records should be added each time the key changes. This requires new TXT records and might require new CNAME records as well.


To answer your question.

CNAME for the DKIM record is just a method for the ESP to handle key rotation without having access to your DNS or requesting you to change your DNS TXT Record every time they rotate the key.

sector._domainkey.example.com. IN TXT "DKIM KEY"

sector._domainkey.example.org. IN CNAME sector._domainkey.example.com.

If you add the TXT Record, either the provider does not rotate keys for you or you are the one rotating keys.

You can also setup multiple key selectors per service, and run sendgrid and mandrill in parallel, this also lets you test mandrill before switching to them. Note: There is no limit to the number of DKIM sectors, there are limits to the number of DNS lookups for SPF (10).

Tags:

Dkim

Spf

Sendgrid