diff --git a/README.md b/README.md
index ec74e8e..f945e69 100644
--- a/README.md
+++ b/README.md
@@ -163,12 +163,12 @@ You can get that signature using the `!pm dkim` command:
 <details>
 <summary>!pm dkim</summary>
 
-DKIM signature is: `v=DKIM1; k=ed25519; p=OcVzOwAONDfgbJX/5vwzlXOs9gUDO0YKlXHaDnBJtXw=`.
+DKIM signature is: `v=DKIM1; k=rsa; p=MIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEAxJVqmBHhK9FY93q1o3WEaP2GKMh/3LNMyvi1uSjOKxIyfWv685KxX1EUrbHakQRCTtUM7efKEsXsXBh+DQru2TE32yFpL9afA5BbHj3KePGFY8KJ2m0sQxbQcvn2KjJC0IQ15mk0rninPhtphU/2zLsd6e7Rl1m3L+9Osk320GbfDgSKjRPcSiwVMbLJpSOP0H0F3cIu+c1fHZHfmWy0O+us42C3HTLTlD779LTnQnKlAOQD/+DYYqz6TGGxEwUG2BRQ8O8w7/wXEkg/6a/MxNtPnc59g29CpqRsDkuYiR3UIpqzLDoqHlaoKNbYy34R+4aIjfNpmZyR5kIumws+3MJtJt9UhBTMloqd8lZDPaPmX2NEDqbcSTkHMQrphk+EWSCc7OvbKRaXZ0SyJLpLjxRwKrpeO0JAI0ZpnAFS11uBEe9GSS8uzIIFNYVD1vHloAFKvUJEhyuVyz9/SyqTnArN3ZTiC5cqD1MB86q5QPrKqZfp1dAnv7xAJThL0AP/AgMBAAE=`.
 You need to add it to your DNS records (if not already):
 Add new DNS record with type = `TXT`, key (subdomain/from): `postmoogle._domainkey` and value (to):
 
 ```
-v=DKIM1; k=ed25519; p=OcVzOwAONDfgbJX/5vwzlXOs9gUDO0YKlXHaDnBJtXw=
+v=DKIM1; k=rsa; p=MIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEAxJVqmBHhK9FY93q1o3WEaP2GKMh/3LNMyvi1uSjOKxIyfWv685KxX1EUrbHakQRCTtUM7efKEsXsXBh+DQru2TE32yFpL9afA5BbHj3KePGFY8KJ2m0sQxbQcvn2KjJC0IQ15mk0rninPhtphU/2zLsd6e7Rl1m3L+9Osk320GbfDgSKjRPcSiwVMbLJpSOP0H0F3cIu+c1fHZHfmWy0O+us42C3HTLTlD779LTnQnKlAOQD/+DYYqz6TGGxEwUG2BRQ8O8w7/wXEkg/6a/MxNtPnc59g29CpqRsDkuYiR3UIpqzLDoqHlaoKNbYy34R+4aIjfNpmZyR5kIumws+3MJtJt9UhBTMloqd8lZDPaPmX2NEDqbcSTkHMQrphk+EWSCc7OvbKRaXZ0SyJLpLjxRwKrpeO0JAI0ZpnAFS11uBEe9GSS8uzIIFNYVD1vHloAFKvUJEhyuVyz9/SyqTnArN3ZTiC5cqD1MB86q5QPrKqZfp1dAnv7xAJThL0AP/AgMBAAE=
 ```
 
 Without that record other email servers may reject your emails as spam, kupo.
@@ -193,7 +193,7 @@ $ dig TXT postmoogle._domainkey.example.com
 ;postmoogle._domainkey.example.com.	IN	TXT
 
 ;; ANSWER SECTION:
-postmoogle._domainkey.example.com. 600	IN TXT  "v=DKIM1; k=ed25519; p=OcVzOwAONDfgbJX/5vwzlXOs9gUDO0YKlXHaDnBJtXw="
+postmoogle._domainkey.example.com. 600	IN TXT  "v=DKIM1; k=rsa; p=MIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEAxJVqmBHhK9FY93q1o3WEaP2GKMh/3LNMyvi1uSjOKxIyfWv685KxX1EUrbHakQRCTtUM7efKEsXsXBh+DQru2TE32yFpL9afA5BbHj3KePGFY8KJ2m0sQxbQcvn2KjJC0IQ15mk0rninPhtphU/2zLsd6e7Rl1m3L+9Osk320GbfDgSKjRPcSiwVMbLJpSOP0H0F3cIu+c1fHZHfmWy0O+us42C3HTLTlD779LTnQnKlAOQD/+DYYqz6TGGxEwUG2BRQ8O8w7/wXEkg/6a/MxNtPnc59g29CpqRsDkuYiR3UIpqzLDoqHlaoKNbYy34R+4aIjfNpmZyR5kIumws+3MJtJt9UhBTMloqd8lZDPaPmX2NEDqbcSTkHMQrphk+EWSCc7OvbKRaXZ0SyJLpLjxRwKrpeO0JAI0ZpnAFS11uBEe9GSS8uzIIFNYVD1vHloAFKvUJEhyuVyz9/SyqTnArN3ZTiC5cqD1MB86q5QPrKqZfp1dAnv7xAJThL0AP/AgMBAAE="
 
 ;; Query time: 90 msec
 ;; SERVER: 1.1.1.1#53(1.1.1.1) (UDP)
diff --git a/bot/command.go b/bot/command.go
index f45301f..bf4acb4 100644
--- a/bot/command.go
+++ b/bot/command.go
@@ -170,7 +170,7 @@ func (b *Bot) handleCommand(ctx context.Context, evt *event.Event, commandSlice
 	case commandSend:
 		b.runSend(ctx)
 	case commandDKIM:
-		b.runDKIM(ctx)
+		b.runDKIM(ctx, commandSlice)
 	case commandUsers:
 		b.runUsers(ctx, commandSlice)
 	case commandDelete:
diff --git a/bot/command_admin.go b/bot/command_admin.go
index c5a9f6c..22f9e63 100644
--- a/bot/command_admin.go
+++ b/bot/command_admin.go
@@ -132,9 +132,14 @@ func (b *Bot) runUsers(ctx context.Context, commandSlice []string) {
 	b.SendNotice(ctx, evt.RoomID, "allowed users updated")
 }
 
-func (b *Bot) runDKIM(ctx context.Context) {
+func (b *Bot) runDKIM(ctx context.Context, commandSlice []string) {
 	evt := eventFromContext(ctx)
 	cfg := b.getBotSettings()
+	if len(commandSlice) > 1 && commandSlice[1] == "reset" {
+		cfg.Set(botOptionDKIMPrivateKey, "")
+		cfg.Set(botOptionDKIMSignature, "")
+	}
+
 	signature := cfg.DKIMSignature()
 	if signature == "" {
 		var private string
@@ -157,6 +162,7 @@ func (b *Bot) runDKIM(ctx context.Context) {
 		"DKIM signature is: `%s`.\n"+
 			"You need to add it to your DNS records (if not already):\n"+
 			"Add new DNS record with type = `TXT`, key (subdomain/from): `postmoogle._domainkey` and value (to):\n ```\n%s\n```\n"+
-			"Without that record other email servers may reject your emails as spam, kupo.",
-		signature, signature))
+			"Without that record other email servers may reject your emails as spam, kupo.\n"+
+			"To reset the signature, send `%s dkim reset`",
+		signature, signature, b.prefix))
 }
diff --git a/go.mod b/go.mod
index 68631fa..ac9c322 100644
--- a/go.mod
+++ b/go.mod
@@ -12,7 +12,7 @@ require (
 	github.com/mattn/go-sqlite3 v1.14.14
 	gitlab.com/etke.cc/go/env v1.0.0
 	gitlab.com/etke.cc/go/logger v1.1.0
-	gitlab.com/etke.cc/go/secgen v1.1.0
+	gitlab.com/etke.cc/go/secgen v1.1.1
 	gitlab.com/etke.cc/linkpearl v0.0.0-20220831124140-598117f26c77
 	golang.org/x/net v0.0.0-20220826154423-83b083e8dc8b
 	maunium.net/go/mautrix v0.12.0
diff --git a/go.sum b/go.sum
index b8768be..b2de36c 100644
--- a/go.sum
+++ b/go.sum
@@ -86,8 +86,8 @@ gitlab.com/etke.cc/go/env v1.0.0 h1:J98BwzOuELnjsVPFvz5wa79L7IoRV9CmrS41xLYXtSw=
 gitlab.com/etke.cc/go/env v1.0.0/go.mod h1:e1l4RM5MA1sc0R1w/RBDAESWRwgo5cOG9gx8BKUn2C4=
 gitlab.com/etke.cc/go/logger v1.1.0 h1:Yngp/DDLmJ0jJNLvLXrfan5Gi5QV+r7z6kCczTv8t4U=
 gitlab.com/etke.cc/go/logger v1.1.0/go.mod h1:8Vw5HFXlZQ5XeqvUs5zan+GnhrQyYtm/xe+yj8H/0zk=
-gitlab.com/etke.cc/go/secgen v1.1.0 h1:KFjFEXNlSPtY19ichNL+lQF2Q0vP3/9O2rVGZzVrqq0=
-gitlab.com/etke.cc/go/secgen v1.1.0/go.mod h1:3pJqRGeWApzx7qXjABqz2o2SMCNpKSZao/gXVdasqE8=
+gitlab.com/etke.cc/go/secgen v1.1.1 h1:RmKOki725HIhWJHzPtAc9X4YvBneczndchpMgoDkE8w=
+gitlab.com/etke.cc/go/secgen v1.1.1/go.mod h1:3pJqRGeWApzx7qXjABqz2o2SMCNpKSZao/gXVdasqE8=
 gitlab.com/etke.cc/linkpearl v0.0.0-20220831124140-598117f26c77 h1:O9t4Sw/nu0JDUX+3KYjaqBi887opyNZ0imE+i2sV+q8=
 gitlab.com/etke.cc/linkpearl v0.0.0-20220831124140-598117f26c77/go.mod h1:CqwzwxVogKG6gDWTPTen3NyWbTESg42jxoTfXXwDGKQ=
 golang.org/x/crypto v0.0.0-20220518034528-6f7dac969898/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
