Last updated: July 2026

In short: At dogado, DKIM is enabled fully automatically for your domain as long as you use their internal name servers and mail servers. This guide explains the exact prerequisites and why setup on external name servers is not supported.

Prerequisites

  • An active dogado hosting plan (Mail Hosting, Web Hosting, or WordPress Hosting)
  • Using the official dogado name servers for your domain (cns1.cloudpit.de, cns2.cloudpit.com, cns3.cloudpit.io)
  • Using dogado’s mail gateways (mx03.secure-mailgate.com, mx04.secure-mailgate.com)

What is DKIM?

DKIM (DomainKeys Identified Mail) attaches a cryptographic digital signature to every outgoing email. Receiving mail servers verify this signature against the public key published in your domain’s DNS to ensure the message originated from your infrastructure and arrived unmodified.

As dogado emphasizes regarding strict provider enforcement: Seit dem 01.02.2024 werden bei Google und GMX/WEB.de/IONOS alle E-Mails, die nicht über eine gültige DKIM-Signatur (DKIM-Alignment) verfügen, als Spam klassifiziert und in den Spam-Ordner verschoben bzw. abgelehnt (“Since February 1, 2024, Google and GMX/WEB.de/IONOS classify all emails without valid DKIM alignment as spam and route them to the junk folder or reject them”).

While SPF authorizes servers to transmit messages, DKIM guarantees the integrity of the message itself. Together with DMARC, SPF and DKIM form the foundation of modern email authentication.

The starting point at dogado: Fully automatic setup

At dogado, DKIM configuration requires zero manual effort: Der DKIM-Eintrag wird ausschließlich automatisch erstellt, wenn die folgenden Anforderungen im Mail-Hosting, Web-Hosting und WordPress-Hosting erfüllt sind (“The DKIM record is created exclusively automatically when the following requirements across mail, web, and WordPress hosting are met”).

You do not need to generate cryptographic keys or manually add TXT records in CloudPit or oneHome. The platform generates your keys in the background, publishes the public key inside your DNS zone automatically, and signs outgoing mail from your mailboxes.

Step-by-step guide

1. Confirm that dogado name servers are active

The fundamental prerequisite for automatic DKIM signing is pointing your domain to dogado’s name servers: Die Einrichtung eines DKIM-Eintrags ist nur möglich, wenn Sie für die betreffende Domain die Nameserver von dogado nutzen (“Setting up a DKIM record is only possible if you use dogado’s name servers for the respective domain”).

Check via terminal or your customer portal that your domain uses the CloudPit name servers:

cns1.cloudpit.de
cns2.cloudpit.com
cns3.cloudpit.io

In addition, your domain’s MX records must point to dogado’s central mail gateways:

mx03.secure-mailgate.com
mx04.secure-mailgate.com

2. Wait for automatic creation (up to 48 hours)

Once your domain uses dogado’s name servers and MX records, background automation initiates key generation. This process takes some time: according to official docs, after fulfilling all requirements kann es jedoch noch bis zu 48 Stunden dauern, bis der DKIM-Eintrag automatisch erstellt wird (“it can take up to 48 hours until the DKIM record is created automatically”).

3. What about external name servers?

If your email is hosted at dogado but your domain’s DNS zone is managed by an external provider (like Cloudflare or another registrar), there is a strict technical limitation: Die Erstellung von DKIM-Einträgen für externe Nameservern ist leider nicht möglich (“Unfortunately, creating DKIM records for external name servers is not possible”).

In this scenario, dogado does not provide external CNAME or TXT record values for third-party DNS control panels. To transmit email through dogado with valid DKIM alignment, you must transfer your domain’s name servers to dogado.

Verify the result

To check whether automatic activation has completed and verify that your outgoing messages carry valid DKIM signatures, audit your domain using the free MXAudit scanner. MXAudit verifies SPF, DKIM, and DMARC alignment simultaneously.

Common mistakes

Requesting DKIM for external name servers. If you use third-party DNS servers and try to obtain DKIM keys from dogado support or inside the control panel, setup will fail because automatic generation is supported exclusively on internal name servers (cns1.cloudpit.de etc.).

Testing too soon after domain migration. Because dogado’s background automation takes up to 48 hours, testing right after updating name servers or creating mailboxes often reports temporary verification errors. Allow the full propagation window.

Adding manual TXT entries in the control panel. Do not create self-generated DKIM TXT records inside CloudPit or oneHome. The mail gateways will not use them for outgoing signatures, and custom entries can disrupt platform automation.

Further reading