I wonder if I can simply use a 4096bit RSA key for DKIM (in DNS TXT Record).
Are there any downsides (neglecting computational effort)?
Maybe there are mail servers which can't handle a key this large?
Also: Is there any big mail provider which uses RSA keys larger than 2048bits?
Google, Yahoo and Microsoft all seem to use 2048bit keys.
Best Answer
From IETF RFC 4871 (emphasis added):