DKIM glossary
What does a=rsa-sha256 mean in a DKIM signature?

By Samuel Chenard · CEO & Co-Founder, Palisade · Reviewed July 15, 2026
a=rsa-sha256 is the signing algorithm in a DKIM-Signature: an RSA key with SHA-256 hashing. It's the modern default. The older rsa-sha1 is deprecated and treated as insecure by today's receivers, and ed25519-sha256 exists but has only partial support — so RSA-SHA256 stays the safe choice.
a=rsa-sha256 at a glance | |
|---|---|
| Tag | a (signing algorithm) |
| Valid values | rsa-sha256 (standard) · ed25519-sha256 (RFC 8463) · rsa-sha1 (deprecated) |
| Default | No universal default in DNS; the signer chooses. rsa-sha256 is the accepted norm. |
| Where it goes | In the DKIM-Signature header, near v= and c=. |
How a=rsa-sha256 works
a= states how the message was signed: the key algorithm and the hash. rsa-sha256 — an RSA key with SHA-256 hashing — is the modern standard, and it's what you should see on essentially all current mail.
The older rsa-sha1 is deprecated. SHA-1 is broken for security use, and today's receivers treat rsa-sha1 signatures as insecure or simply fail them. If you find a sender still using it, that's a key and configuration to update, not a curiosity.
ed25519-sha256 (RFC 8463) is a newer option with smaller signatures, but receiver support is only partial. Because of that, most senders that adopt it publish an RSA key too and dual-sign — so rsa-sha256 remains the safe default you can rely on everywhere.
Correct record vs common mistake
Correct
DKIM-Signature: v=1; a=rsa-sha256; d=example.com; s=s1; ...The current standard: an RSA key with SHA-256 hashing, verified by essentially every modern receiver.
Common mistake
DKIM-Signature: v=1; a=rsa-sha1; d=example.com; s=s1; ...rsa-sha1 relies on the broken SHA-1 hash. Modern receivers treat it as insecure and many fail it outright — move the sender to rsa-sha256.
Troubleshooting a=rsa-sha256
| Issue | Likely cause | Fix |
|---|---|---|
| Receiver flags the signature as insecure | The sender still signs with rsa-sha1 | Reconfigure the sender to sign with rsa-sha256 and rotate to a modern key |
| ed25519 signatures failing at some receivers | Partial receiver support for ed25519-sha256 | Dual-sign: keep an rsa-sha256 signature alongside the ed25519 one |
| Weak key even with rsa-sha256 | SHA-256 is fine but the RSA key is only 1024-bit | Rotate to a 2048-bit RSA key while keeping a=rsa-sha256 |
See this on your own domain
Enter your domain — the check runs instantly on the next page. Free, no signup.
Why it matters for MSPs
A single legacy sender still signing with rsa-sha1 can drag a client's authentication results down and put mail at risk of being failed. Across a fleet, these stragglers hide in older appliances and forgotten integrations — worth sweeping for before you push any domain to reject.
Trusted by MSPs
“Palisade allowed our team to deploy DMARC on our domains in minutes instead of hours and making sure our clients are compliant with cutting edge security recommendations from Microsoft.”
Alvin Kalli — CSIO, MSP Corp

































Enforce it — don't just monitor it
Palisade surfaces weak or outdated signing — like a sender still on rsa-sha1 — from the report data, so you can upgrade it to rsa-sha256 before the domain is advanced to full enforcement.
Free 15-day trial · No credit card · Your own domain free forever (NFR)