Last updated: July 2026

In short: DKIM attaches a cryptographic digital signature to your outgoing emails to verify their authenticity. You enable this signature by publishing your public key as a TXT record under the corresponding selector subdomain inside webgo’s DNS management table.

Prerequisites

  • A webgo web hosting or email plan with an active domain
  • Access to the webgo customer portal (https://login.webgo.de) or Webspace-Admin
  • A terminal or the free MXAudit scanner for verification

What is DKIM?

DKIM (DomainKeys Identified Mail) provides cryptographic authentication for email. When your webgo mail server sends a message, it attaches an invisible digital signature to the email header. The receiving mail server queries your domain’s DNS for the public key to confirm that the email is genuine and was not altered during transmission.

As webgo’s technical support explains regarding resource records and email deliverability: Der TXT-Eintrag erlaubt das Speichern von beliebigen Textinformationen. Häufig wird er verwendet, um Domains bei Diensten zu verifizieren oder das E-Mail-Verhalten zu verbessern (SPF, DKIM, DMARC).

Used alongside SPF and DMARC, DKIM ensures that your messages land smoothly in recipient inboxes without being flagged as spam or spoofing attempts.

The starting point at webgo

To send DKIM-signed email, you obtain your public key string and selector from the webgo Webspace-Admin dashboard. The private key remains securely stored on webgo’s mail servers, while the public key must be published as a TXT record inside your DNS zone (Der TXT-Eintrag erlaubt das Speichern von beliebigen Textinformationen. Häufig wird er verwendet, um Domains bei Diensten zu verifizieren oder das E-Mail-Verhalten zu verbessern (SPF, DKIM, DMARC).).

This record is placed under a dedicated selector subdomain namespace, typically structured as selector._domainkey.

Step-by-step guide

1. Retrieve your DKIM public key

Log in to the webgo customer portal and open the webgo Webspace-Admin. Navigate to your email domain settings or email security section. Copy the displayed DKIM selector (such as default or webgo) along with the full public key string.

2. Open DNS management at webgo

Switch to DNS-Verwaltung (DNS management inside your customer portal or directly inside Webspace-Admin under Domain / DNS) (Der TXT-Eintrag erlaubt das Speichern von beliebigen Textinformationen. Häufig wird er verwendet, um Domains bei Diensten zu verifizieren oder das E-Mail-Verhalten zu verbessern (SPF, DKIM, DMARC).).

3. Add the TXT record for your DKIM selector

Add a new record inside your DNS management table:

  1. Select TXT as the record type.
  2. In the Subdomain / Host field, enter your selector followed by the domainkey suffix (for example, default._domainkey).
  3. In the text value box, paste the copied public key string (usually starting with v=DKIM1; k=rsa; p=...).
  4. Save your new DNS entry.

The components of the DKIM record

ComponentMeaning
Selector (default._domainkey)Dedicated DNS subdomain namespace queried by receiving servers to fetch your public key
v=DKIM1Identifies the protocol version of the DKIM record
k=rsaSpecifies the cryptographic algorithm (commonly RSA or Ed25519)
p=...The public key itself, encoded as a long Base64 character string

Verification

Once you save the record in webgo’s DNS settings, immediately test your configuration using the free MXAudit scanner — check whether your DKIM record resolves properly and has valid syntax.

You can also use your terminal to confirm that nameservers are serving your public key:

dig TXT default._domainkey.example.com +short

The output should display your full DKIM public key string starting with v=DKIM1;.

Common mistakes

  • Omitting ._domainkey from the selector: If you enter only the selector name (like default) without the mandatory ._domainkey suffix when adding your TXT record, querying servers will look in the wrong namespace and authentication will fail (Der TXT-Eintrag erlaubt das Speichern von beliebigen Textinformationen. Häufig wird er verwendet, um Domains bei Diensten zu verifizieren oder das E-Mail-Verhalten zu verbessern (SPF, DKIM, DMARC).).
  • Corrupting the Base64 key string: A single missing character, truncated line, or stray whitespace within the p=... parameter renders the cryptographic check invalid.
  • Updating webgo settings when using external nameservers: If your domain points to Cloudflare or third-party nameservers, updating DNS entries in the webgo customer portal has no effect. Add your TXT record directly where your nameservers reside.

Further reading