just to add to this, DKIM Key rotation is a thing.
DKIM Key Rotation: When, Why, and How
Just like passwords, DKIM keys should be rotated periodically. But unlike passwords, botched key rotation can silently break your email authentication for days.
Why Rotate DKIM Keys? (taken from the article above)
Key rotation limits the damage if a private key is compromised:
- Exposure limitation: If a key is stolen, the window of exploitation is limited to the rotation period
- Compliance: Some security frameworks require periodic key rotation
- Best practice: The M3AAWG (Messaging, Malware, and Mobile Anti-Abuse Working Group) recommends regular rotation
- Key upgrade: Rotation is required to upgrade from 1024-bit to 2048-bit keys