diff --git a/default.nix b/default.nix
index 374631b..3d13758 100644
--- a/default.nix
+++ b/default.nix
@@ -976,9 +976,9 @@ in
 
     dkimKeyBits = mkOption {
       type = types.int;
-      default = 1024;
+      default = 2048;
       description = ''
-        How many bits in generated DKIM keys. RFC6376 advises minimum 1024-bit keys.
+        How many bits in generated DKIM keys. RFC8301 suggests a minimum RSA key length of 2048 bit.
 
         If you have already deployed a key with a different number of bits than specified
         here, then you should use a different selector ({option}`mailserver.dkimSelector`). In order to get
diff --git a/docs/release-notes.rst b/docs/release-notes.rst
index d4877e4..7a48dd4 100644
--- a/docs/release-notes.rst
+++ b/docs/release-notes.rst
@@ -7,9 +7,15 @@ NixOS 25.11
 - The ``systemName`` and ``systemDomain`` options have been introduced to have
   reusable configurations for automated reports (DMARC, TLSRPT). They come with
   reasonable defaults, but it is suggested to check and change them as needed.
+- The default key length for new DKIM RSA keys was increased to 2048 bits as
+  recommended in `RFC 8301 3.2`_.
+  We recommend rotating existing keys, as the RFC advises that signatures from
+  1024 bit keys should not be considered valid any longer.
 - DMARC reports are now sent with the ``noreply-dmarc`` localpart from the
   system domain.
 
+.. _RFC 8301 3.2: https://www.rfc-editor.org/rfc/rfc8301#section-3.2
+
 NixOS 25.05
 -----------