Last updated: July 2026
In short: DKIM attaches a cryptographic digital signature to your outgoing emails to verify their authenticity. You enable this signature by publishing your public key as a TXT record under the corresponding selector subdomain inside webgo’s DNS management table.
Prerequisites
- A webgo web hosting or email plan with an active domain
- Access to the webgo customer portal (
https://login.webgo.de) or Webspace-Admin - A terminal or the free MXAudit scanner for verification
What is DKIM?
DKIM (DomainKeys Identified Mail) provides cryptographic authentication for email. When your webgo mail server sends a message, it attaches an invisible digital signature to the email header. The receiving mail server queries your domain’s DNS for the public key to confirm that the email is genuine and was not altered during transmission.
As webgo’s technical support explains regarding resource records and email deliverability:
Der TXT-Eintrag erlaubt das Speichern von beliebigen Textinformationen. Häufig wird er verwendet, um Domains bei Diensten zu verifizieren oder das E-Mail-Verhalten zu verbessern (SPF, DKIM, DMARC).
Used alongside SPF and DMARC, DKIM ensures that your messages land smoothly in recipient inboxes without being flagged as spam or spoofing attempts.
The starting point at webgo
To send DKIM-signed email, you obtain your public key string and selector from the webgo Webspace-Admin dashboard. The private key remains securely stored on webgo’s mail servers, while the public key must be published as a TXT record inside your DNS zone (Der TXT-Eintrag erlaubt das Speichern von beliebigen Textinformationen. Häufig wird er verwendet, um Domains bei Diensten zu verifizieren oder das E-Mail-Verhalten zu verbessern (SPF, DKIM, DMARC).).
This record is placed under a dedicated selector subdomain namespace, typically structured as selector._domainkey.
Step-by-step guide
1. Retrieve your DKIM public key
Log in to the webgo customer portal and open the webgo Webspace-Admin. Navigate to your email domain settings or email security section. Copy the displayed DKIM selector (such as default or webgo) along with the full public key string.
2. Open DNS management at webgo
Switch to DNS-Verwaltung (DNS management inside your customer portal or directly inside Webspace-Admin under Domain / DNS) (Der TXT-Eintrag erlaubt das Speichern von beliebigen Textinformationen. Häufig wird er verwendet, um Domains bei Diensten zu verifizieren oder das E-Mail-Verhalten zu verbessern (SPF, DKIM, DMARC).).
3. Add the TXT record for your DKIM selector
Add a new record inside your DNS management table:
- Select TXT as the record type.
- In the Subdomain / Host field, enter your selector followed by the domainkey suffix (for example,
default._domainkey). - In the text value box, paste the copied public key string (usually starting with
v=DKIM1; k=rsa; p=...). - Save your new DNS entry.
The components of the DKIM record
| Component | Meaning |
|---|---|
Selector (default._domainkey) | Dedicated DNS subdomain namespace queried by receiving servers to fetch your public key |
v=DKIM1 | Identifies the protocol version of the DKIM record |
k=rsa | Specifies the cryptographic algorithm (commonly RSA or Ed25519) |
p=... | The public key itself, encoded as a long Base64 character string |
Verification
Once you save the record in webgo’s DNS settings, immediately test your configuration using the free MXAudit scanner — check whether your DKIM record resolves properly and has valid syntax.
You can also use your terminal to confirm that nameservers are serving your public key:
dig TXT default._domainkey.example.com +short
The output should display your full DKIM public key string starting with v=DKIM1;.
Common mistakes
- Omitting
._domainkeyfrom the selector: If you enter only the selector name (likedefault) without the mandatory._domainkeysuffix when adding your TXT record, querying servers will look in the wrong namespace and authentication will fail (Der TXT-Eintrag erlaubt das Speichern von beliebigen Textinformationen. Häufig wird er verwendet, um Domains bei Diensten zu verifizieren oder das E-Mail-Verhalten zu verbessern (SPF, DKIM, DMARC).). - Corrupting the Base64 key string: A single missing character, truncated line, or stray whitespace within the
p=...parameter renders the cryptographic check invalid. - Updating webgo settings when using external nameservers: If your domain points to Cloudflare or third-party nameservers, updating DNS entries in the webgo customer portal has no effect. Add your TXT record directly where your nameservers reside.
Further reading
- webgo Hilfe — Was ist ein Resource Record (RR Typ)? (retrieved: July 17, 2026)
- RFC 6376 — DomainKeys Identified Mail (DKIM) Signatures
