DKIM glossary

What does a=rsa-sha256 mean in a DKIM signature?

Samuel Chenard

By Samuel Chenard · CEO & Co-Founder, Palisade · Reviewed July 15, 2026

a=rsa-sha256 is the signing algorithm in a DKIM-Signature: an RSA key with SHA-256 hashing. It's the modern default. The older rsa-sha1 is deprecated and treated as insecure by today's receivers, and ed25519-sha256 exists but has only partial support — so RSA-SHA256 stays the safe choice.

a=rsa-sha256 at a glance
Taga (signing algorithm)
Valid valuesrsa-sha256 (standard) · ed25519-sha256 (RFC 8463) · rsa-sha1 (deprecated)
DefaultNo universal default in DNS; the signer chooses. rsa-sha256 is the accepted norm.
Where it goesIn the DKIM-Signature header, near v= and c=.

How a=rsa-sha256 works

a= states how the message was signed: the key algorithm and the hash. rsa-sha256 — an RSA key with SHA-256 hashing — is the modern standard, and it's what you should see on essentially all current mail.

The older rsa-sha1 is deprecated. SHA-1 is broken for security use, and today's receivers treat rsa-sha1 signatures as insecure or simply fail them. If you find a sender still using it, that's a key and configuration to update, not a curiosity.

ed25519-sha256 (RFC 8463) is a newer option with smaller signatures, but receiver support is only partial. Because of that, most senders that adopt it publish an RSA key too and dual-sign — so rsa-sha256 remains the safe default you can rely on everywhere.

Correct record vs common mistake

Correct

DKIM-Signature: v=1; a=rsa-sha256; d=example.com; s=s1; ...

The current standard: an RSA key with SHA-256 hashing, verified by essentially every modern receiver.

Common mistake

DKIM-Signature: v=1; a=rsa-sha1; d=example.com; s=s1; ...

rsa-sha1 relies on the broken SHA-1 hash. Modern receivers treat it as insecure and many fail it outright — move the sender to rsa-sha256.

Troubleshooting a=rsa-sha256

IssueLikely causeFix
Receiver flags the signature as insecureThe sender still signs with rsa-sha1Reconfigure the sender to sign with rsa-sha256 and rotate to a modern key
ed25519 signatures failing at some receiversPartial receiver support for ed25519-sha256Dual-sign: keep an rsa-sha256 signature alongside the ed25519 one
Weak key even with rsa-sha256SHA-256 is fine but the RSA key is only 1024-bitRotate to a 2048-bit RSA key while keeping a=rsa-sha256

See this on your own domain

Enter your domain — the check runs instantly on the next page. Free, no signup.

Why it matters for MSPs

A single legacy sender still signing with rsa-sha1 can drag a client's authentication results down and put mail at risk of being failed. Across a fleet, these stragglers hide in older appliances and forgotten integrations — worth sweeping for before you push any domain to reject.

Trusted by MSPs

Palisade allowed our team to deploy DMARC on our domains in minutes instead of hours and making sure our clients are compliant with cutting edge security recommendations from Microsoft.
Alvin KalliAlvin Kalli CSIO, MSP Corp
Partner LogoPartner LogoPartner LogoPartner LogoPartner LogoPartner LogoPartner LogoPartner LogoPartner LogoPartner LogoPartner LogoPartner LogoPartner LogoPartner LogoPartner LogoPartner LogoPartner LogoPartner LogoPartner LogoPartner LogoPartner LogoPartner LogoPartner LogoPartner LogoPartner LogoPartner LogoPartner LogoPartner LogoPartner LogoPartner LogoPartner LogoPartner LogoPartner LogoPartner Logo

Enforce it — don't just monitor it

Palisade surfaces weak or outdated signing — like a sender still on rsa-sha1 — from the report data, so you can upgrade it to rsa-sha256 before the domain is advanced to full enforcement.

Free 15-day trial · No credit card · Your own domain free forever (NFR)

Frequently asked questions

It's the DKIM signing algorithm: an RSA key with SHA-256 hashing. It's the modern standard and what almost all legitimate mail uses today.

No. SHA-1 is broken for security purposes, rsa-sha1 is deprecated, and modern receivers treat those signatures as insecure or fail them. Move any sender still using it to rsa-sha256.

Only carefully. ed25519-sha256 (RFC 8463) is fine cryptographically but receiver support is partial, so pair it with an RSA key and dual-sign rather than relying on it alone.

There's no forced default in DNS — the signer picks — but rsa-sha256 is the de facto standard and the safe choice everywhere.

Related terms

What is DKIM? DomainKeys Identified Mail explained