Rotating your DKIM keys is one of those email security best practices that most senders know they should follow but rarely get around to. It reduces the risk of key compromise, keeps your sender authentication fresh, and is increasingly expected by receiving mail servers. Until now, doing it meant manual work and the risk of downtime if DNS wasn't updated in time.
We've fixed that. AhaSend now supports automatic DKIM key rotation.
DKIM-Key-What?
DKIM is like a digital signature on your emails, which lets receiving mail servers verify that the email genuinely came from you. Key rotation means you regularly swap out that signature for a fresh one, so that if the old key ever gets compromised, it can't be used against you.
DKIM key rotation is a meaningful step toward better email security hygiene.
How it works
When enabled, AhaSend will automatically generate a new DKIM key pair before your current key expires, publish the new public key, and retire the old one. No manual intervention required.
Rotation periods depend on your plan:
- Free — keys rotate every 180 days
- Pro — keys rotate every 90 days
- Max — configurable rotation period with a minimum of 30 days
How to enable DKIM key rotation
New customers
DKIM key rotation is part of the standard domain setup. When adding your domain, simply follow these steps:
- Go to the Domains tab in your dashboard.
- Click Add domain, then Create domain.
- Add all DNS records listed under Required to start sending and Recommended improvements to your DNS provider.
Rotation will be active as soon as your DNS records have propagated.
Existing customers
Enabling automatic DKIM rotation requires re-adding your domain to AhaSend. This is a one-time step, but it does involve a brief interruption to email delivery while your new DNS records propagate. We recommend scheduling this change during a maintenance window or a low-traffic period to minimise impact.
- Go to the Domains tab in your dashboard.
- Open the domain you want to configure.
- Click Delete domain.
- Click Add domain, then Create domain.
- Add all DNS records listed under Required to start sending and Recommended improvements to your DNS provider.
Once your DNS records are propagated, automatic DKIM rotation will be active for that domain.
Note: Deleting and re-adding your domain does not affect your sending history or account settings. However, if you are using Scoped Credentials with a domain scope, you will need to reconfigure the domain scope for those credentials after re-adding your domain. You can do this from the Credentials page in your dashboard.
If you have any questions about the setup process, our support team is happy to help at [email protected] or Discord.