Forums
Home Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions
Community
Forums
Home Q&A Discussion groups Articles Ask a question Search
Learning Events Champions
Forums
Home Q&A Discussion groups Articles Ask a question Search
Learning Events Champions

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Do i need the DKIM TXT record if I have CNAMEs

Sam.Sen
Sam.Sen
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
February 10, 2026

Our statuspage account was set up many years ago, hence, I dont have the tribal knowledge behind this. We are using custom domain to send notices to our clients. Under the DNS configuration for our page, I do see 3 CNAMEs (all for sendgrid) and one DKIM TXT record. Our security team is advising us to upgrade the key associated w/ this TXT record (from 1024 to 2048).

After reading a few docs, I learned Atlassian is using 2048 if we utilize the CNAME values. With that, would i be able to delete the DKIM value from our DNS server? There's only one option for DKIM I see, i wasnt sure if i need to replace it for DKIM to work properly.

Answer
Watch
Like # people like this
373 views

2 answers

1 accepted

0 votes
Answer accepted
Scot Wilson
Scot Wilson
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
May 3, 2026

Hi Sam.Sen,
Scot from Statuspage Support team here!

We use two different providers to send out notifications to our customers (Sendgrid and Mailgun) to provide failover and load-balancing we using a custom email address. If you remove the TXT DKIM record, you'll default to only using our Sendgrid provider and any outage on their systems will prevent us sending email notifications.

Our Engineering team is considering the changes required for supporting 2048 keys for Mailgun, but since some DNS providers do not support record lengths required for 2048 bit keys, additional engineering work is required, and will not happen in the short term.

So, you can remove the DKIM TXT record to make sure you're only using 2048 bit keys, but you're entirely dependant on the availability of Sendgrid. Alternatively, you can use 1024 bit for Mailgun and Statuspage will be able to send notifications via Mailgun and Sendgrid.

I'd advise you to talk to your Security team if they feel that losing the availability of Mailgun is worth the value of encoding at 2048 bits, and if the content of the notifications needs that level of security (especially if you're a Public Statuspage already providing that information publicly).

Hope that helps,
Scot

Reply
0 votes
Birendra Pratap Singh
Birendra Pratap Singh
Banned
May 3, 2026

Paste the email headers from a recent Statuspage notification. You don’t need the whole message body—just the headers.
How to get them (quick paths)
Gmail: open email → ⋮ (top right) → Show original
Outlook (web): open email → ⋯ → View → View message source
Outlook (desktop): File → Properties → Internet headers
What I’ll look for
Specifically this line (or similar):

DKIM-Signature: v=1; a=rsa-sha256; d=yourdomain.com; s=selector;
From that I’ll:
Identify the selector (s=)
Check whether it resolves via:
CNAME → SendGrid (2048-bit) ✅ modern setup
TXT record (1024-bit) ⚠️ legacy
After that
I’ll give you a precise yes/no on:
whether it’s safe to delete the TXT record
whether anything needs to be rotated or replaced

Reply

Suggest an answer

Log in or Sign up to answer
Statuspage
Statuspage
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Champions
    Copyright © 2026 Atlassian
    Privacy Policy Notice at Collection Terms Security