diff --git a/chatmaild/src/chatmaild/config.py b/chatmaild/src/chatmaild/config.py
index 03802df9..a20e41de 100644
--- a/chatmaild/src/chatmaild/config.py
+++ b/chatmaild/src/chatmaild/config.py
@@ -1,4 +1,5 @@
 import iniconfig
+import datetime
 
 
 def read_config(inipath):
@@ -24,6 +25,7 @@ class Config:
         self.privacy_mail = params.get("privacy_mail")
         self.privacy_pdo = params.get("privacy_pdo")
         self.privacy_supervisor = params.get("privacy_supervisor")
+        self.dkim_selector = params.get("dkim_selector")
 
     def _getbytefile(self):
         return open(self._inipath, "rb")
@@ -34,7 +36,12 @@ def write_initial_config(inipath, mail_domain):
 
     inidir = files(__package__).joinpath("ini")
     content = (
-        inidir.joinpath("chatmail.ini.f").read_text().format(mail_domain=mail_domain)
+        inidir.joinpath("chatmail.ini.f")
+        .read_text()
+        .format(
+            mail_domain=mail_domain,
+            dkim_selector=str(datetime.datetime.now().strftime("%Y%m%d%H%M")),
+        )
     )
     if mail_domain.endswith(".testrun.org"):
         override_inipath = inidir.joinpath("override-testrun.ini")
diff --git a/chatmaild/src/chatmaild/ini/chatmail.ini.f b/chatmaild/src/chatmaild/ini/chatmail.ini.f
index 5ea5aa70..b6170d8c 100644
--- a/chatmaild/src/chatmaild/ini/chatmail.ini.f
+++ b/chatmaild/src/chatmaild/ini/chatmail.ini.f
@@ -35,6 +35,8 @@ passthrough_senders =
 # list of e-mail recipients for which to accept outbound un-encrypted mails
 passthrough_recipients = xstore@testrun.org groupsbot@hispanilandia.net
 
+dkim_selector = {dkim_selector}
+
 #
 # Deployment Details
 #
diff --git a/cmdeploy/src/cmdeploy/__init__.py b/cmdeploy/src/cmdeploy/__init__.py
index 92712da0..c1bd7d0e 100644
--- a/cmdeploy/src/cmdeploy/__init__.py
+++ b/cmdeploy/src/cmdeploy/__init__.py
@@ -495,7 +495,7 @@ def deploy_chatmail(config_path: Path) -> None:
     nginx_need_restart = _configure_nginx(mail_domain)
 
     remove_opendkim()
-    rspamd_need_restart = _configure_rspamd("dkim", mail_domain)
+    rspamd_need_restart = _configure_rspamd(config.dkim_selector, mail_domain)
 
     systemd.service(
         name="Start and enable rspamd",
diff --git a/cmdeploy/src/cmdeploy/dns.py b/cmdeploy/src/cmdeploy/dns.py
index 657592dd..64a71bb3 100644
--- a/cmdeploy/src/cmdeploy/dns.py
+++ b/cmdeploy/src/cmdeploy/dns.py
@@ -51,6 +51,7 @@ def show_dns(args, out) -> int:
     """Check existing DNS records, optionally write them to zone file, return exit code 0 or 1."""
     template = importlib.resources.files(__package__).joinpath("chatmail.zone.f")
     mail_domain = args.config.mail_domain
+    dkim_selector = args.config.dkim_selector
     ssh = f"ssh root@{mail_domain}"
     dns = DNS(out, mail_domain)
 
@@ -61,8 +62,8 @@ def show_dns(args, out) -> int:
                 continue
             line = line.replace("\t", " ")
             lines.append(line)
-        lines[0] = f"dkim._domainkey.{mail_domain}. IN TXT " + lines[0].strip(
-            "dkim._domainkey IN TXT "
+        lines[0] = f"{dkim_selector}._domainkey.{mail_domain}. IN TXT " + lines[0].strip(
+            f"{dkim_selector}._domainkey IN TXT "
         )
         return "\n".join(lines)
 
@@ -73,7 +74,7 @@ def show_dns(args, out) -> int:
         print("Please run `cmdeploy run` first.")
         return 1
     dkim_entry = read_dkim_entries(
-        out.shell_output(f"{ssh} -- cat /var/lib/rspamd/dkim/{mail_domain}.dkim.zone")
+        out.shell_output(f"{ssh} -- cat /var/lib/rspamd/dkim/{mail_domain}.{dkim_selector}.zone")
     )
 
     ipv6 = dns.get_ipv6()