Back to Community Threads
How to remove second duplicate DKIM certificate added by mistake
Problem reported by ALEKSEY ANISIMOV - 5/25/2026 at 10:05 PM
Resolved
hi guys ! quick one hopefully

I was adding a DKIM and must have double clicked or something, first one went through OK and is indeed working (yay)

but the second one is now showing there as Pending - how do I remove it now? cannot see any other controls rather than Disable, which I guess will remove it all 
Employee Replied
5/27/2026 at 11:59 AM
Employee Post Marked As Resolution
Unfortunately there isn’t currently a way to manually remove a DKIM selector that’s stuck in a Pending state.

As long as your active selector is working correctly, the pending one is generally harmless and can be ignored.

I would not recommend using Disable unless you want to disable DKIM signing entirely for the domain.
ALEKSEY ANISIMOV Replied
5/27/2026 at 5:51 PM
thank you very much indeed Caden ! no worries yep, I'll leave it be then

and out of curiosity actually - so is this a valid use case then right?

I thought typically you would only have one DKIM on your domain, or in some cases more than 1 is needed? 
D
Douglas Foster Replied
5/30/2026 at 4:37 AM
You only need one at a time, and that is all that SmarterMail will apply.

   I would go ahead and deploy the new key in DNS and then activate it, just to resolve the pending status.

Rolling over keys is considered good security practice, in case bad guys decide to crack your keys by brute force.  Just like changing passwords.    How often is anyone's guess 

After rollover plus 39 days, you should remove the DNS key for the old signature.  Nobody should need it for validation at that point,  and removing it is needed to complete the purpose of key rollover.
ALEKSEY ANISIMOV Replied
5/30/2026 at 5:48 AM
thank you Douglas ! indeed - good to learn something new ! 

also read that just now - https://dmarcly.com/blog/can-i-have-multiple-dkim-records-on-my-domain - makes sense now, cheers 
Andrew Barker Replied
6/8/2026 at 7:41 AM
Employee Post
When you have a pending DKIM key, SmarterMail will periodically do a DNS lookup for the pending record. Once it is able to do a successful lookup, the active key will be removed and the pending key will be marked as active. If the DKIM key is stuck in pending longer than you would expect for DNS propagation, I would double check the new DNS record to make sure it matches the pending key in SmarterMail.

Andrew Barker
Lead Software Developer
SmarterTools Inc.
www.smartertools.com 
Back to Community Threads

Reply to Thread

Enter the verification text
Related Knowledge Base Articles
Key Feature and Version Milestones in SmarterMailSmarterMail
Email Clients and SmarterMail Language SettingsSmarterMail > Desktop and Mobile Synchronization
Automated SSL certificate Issues.SmarterMail > Troubleshooting
Google Safe Browsing Warning and SmarterMailSmarterMail > Troubleshooting
Configure an Alternative Linux Web Server for SmarterMailSmarterMail > Server Configuration and Management