DKIM: To each their own or one to rule them all?

Question

I have been handed over responsibility for an email gateway serving multiple domains and got into a bit of a philosophical debate with a colleague. In our setup the gateway is the instance adding DKIM signatures to all outgoing emails and I am told that we need a different DKIM key pair per domain, I don't object this request, but no-one seems to be able to explain why.

Here's my understanding of the DKIM process:

1. Private DKIM key (one for all or one per domain) is kept on the gateway

2. Public DKIM key is published in the domains DNS records

3. For each outgoing email the gateway will encrypt a random string with the private key and add it to the email header, alongside with the clear text string and the name (selector) of the DKIM entry in DNS.

4. The receiving email server…

   a, takes sending domain and DKIM selector from email header

   b, looks up the public key stored in DNS of sending domain

   c, uses the public DKIM key to decrypt the encrypted string in the email header

5. If the decrypted string matches the clear-text one, DKIM verification is successful

If the above is correct, why would I need domain individual DKIM keys? Why can't all domains hosted on the same server share the same public/private DKIM keys? In fact if DKIM is supposed to prove the validity of the sending server, wouldn't it even be more accurate to use the same key pair for all domains given that it is the same server for all of them?

From a technical point of view I think both concepts will work, with domain specific DKIM keys representing a little more work as the number of domains grows. I'd be happy to go with individual key pairs, but I'd like to understand why.

Any benefits/downsides of going either way? Anyone got an opinion?

Answer 1

I see value in the system being capable of using different DKIM keys for different domains in case the DKIM keys have to be revoked for one domain without affecting the other domains. This can be desirable if a signed message is sent to many new recipients as part of a replay/spam attack (see the sections 8.6 and 8.7 of the RFC). However, you can also revoke the DKIM key of a single domain when all domains start out with the same key – as long as your system is able to handle this. I see no benefit (but also no downside) in starting with/enforcing different DKIM keys per domain.

(One could make an argument for increased privacy, but the IP address of your server leaks through other message headers anyway (unless your setup is designed to avoid this). This means that one can tell that the same server handles the outgoing messages of several domains even if these domains use different DKIM keys.)