diff --git a/TODO.md b/TODO.md
index cd870263..d4bfc990 100644
--- a/TODO.md
+++ b/TODO.md
@@ -2,6 +2,7 @@
 
 # New
 
+* Use same DKIM PEM file for all mail domains.
 * How to enable per-recipient policy lookup in Amavisd (@lookup_sql_dsn).
 * How to enable DNSBL in Postfix.
 * ~~ How to sign DKIM signature on sent emails for new mail domain. mention how
diff --git a/howto/1-sign.dkim.signature.for.new.domain.md b/howto/1-sign.dkim.signature.for.new.domain.md
index 1fb838d7..8a39cc10 100644
--- a/howto/1-sign.dkim.signature.for.new.domain.md
+++ b/howto/1-sign.dkim.signature.for.new.domain.md
@@ -11,6 +11,44 @@ Let's say your first mail domain added during iRedMail installation is
 `mydomain.com`, and new mail domain is `newdomain.com`, please follow below
 steps to enable DKIM signing for outgoing emails of this domain.
 
+## Use existing DKIM key for new mail domain
+
+if you already have a working DKIM and valid DKIM DNS record, it's ok to
+use this existing DKIM key. This way, you don't need to ask your customer
+who owns this new domain to add DKIM DNS record.
+
+* Find below setting in Amavisd config file `amavisd.conf`:
+
+```
+dkim_key('mydomain.com', "dkim", "/var/lib/dkim/mydomain.com.pem");
+
+@dkim_signature_options_bysender_maps = ( {
+    ...
+    "mydomain.com"  => { d => "mydomain.com", a => 'rsa-sha256', ttl => 10*24*3600 },
+    ...
+});
+```
+
+Add one line in `@dkim_signature_options_bysender_maps`, after `"mydomain.com"`
+line like below:
+
+```
+@dkim_signature_options_bysender_maps = ( {
+    ...
+    "mydomain.com"  => { d => "mydomain.com", a => 'rsa-sha256', ttl => 10*24*3600 },
+    "newdomain.com"  => { d => "mydomain.com", a => 'rsa-sha256', ttl => 10*24*3600 },
+    ...
+});
+```
+
+* Restart Amavisd service.
+
+## Generate new DKIM key for new mail domain
+
+If you or your customer prefer to use their own DKIM key, you can generate
+a new DKIM key and ask your customer to add DKIM DNS record. Refer to our
+tutorial to [add DKIM DNS record](setup_dns.html#dkim-record-for-your-mail-domain-name).
+
 * Generate new DKIM key for new domain.
 
 ```shell
@@ -52,7 +90,9 @@ Add one line after `"mydomain.com"` line like below:
 
 * Restart Amavisd service.
 
-## Use one DKIM key for all mail domains
+Again, don't forget to ask your customer to add DKIM DNS record.
+
+## Use one DKIM key for all mail domains without updating Amavisd config file
 
 For compatibility with dkim_milter the signing domain can include a '*'
 as a wildcard - this is not recommended as this way amavisd could produce
diff --git a/html/sign.dkim.signature.for.new.domain.html b/html/sign.dkim.signature.for.new.domain.html
index 03059e55..fa57b603 100644
--- a/html/sign.dkim.signature.for.new.domain.html
+++ b/html/sign.dkim.signature.for.new.domain.html
@@ -21,6 +21,39 @@ should update Amavisd config file to sign DKIM signature for it.</p>
 <p>Let's say your first mail domain added during iRedMail installation is
 <code>mydomain.com</code>, and new mail domain is <code>newdomain.com</code>, please follow below
 steps to enable DKIM signing for outgoing emails of this domain.</p>
+<h2 id="use-existing-dkim-key-for-new-mail-domain">Use existing DKIM key for new mail domain</h2>
+<p>if you already have a working DKIM and valid DKIM DNS record, it's ok to
+use this existing DKIM key. This way, you don't need to ask your customer
+who owns this new domain to add DKIM DNS record.</p>
+<ul>
+<li>Find below setting in Amavisd config file <code>amavisd.conf</code>:</li>
+</ul>
+<pre><code>dkim_key('mydomain.com', &quot;dkim&quot;, &quot;/var/lib/dkim/mydomain.com.pem&quot;);
+
+@dkim_signature_options_bysender_maps = ( {
+    ...
+    &quot;mydomain.com&quot;  =&gt; { d =&gt; &quot;mydomain.com&quot;, a =&gt; 'rsa-sha256', ttl =&gt; 10*24*3600 },
+    ...
+});
+</code></pre>
+
+<p>Add one line in <code>@dkim_signature_options_bysender_maps</code>, after <code>"mydomain.com"</code>
+line like below:</p>
+<pre><code>@dkim_signature_options_bysender_maps = ( {
+    ...
+    &quot;mydomain.com&quot;  =&gt; { d =&gt; &quot;mydomain.com&quot;, a =&gt; 'rsa-sha256', ttl =&gt; 10*24*3600 },
+    &quot;newdomain.com&quot;  =&gt; { d =&gt; &quot;mydomain.com&quot;, a =&gt; 'rsa-sha256', ttl =&gt; 10*24*3600 },
+    ...
+});
+</code></pre>
+
+<ul>
+<li>Restart Amavisd service.</li>
+</ul>
+<h2 id="generate-new-dkim-key-for-new-mail-domain">Generate new DKIM key for new mail domain</h2>
+<p>If you or your customer prefer to use their own DKIM key, you can generate
+a new DKIM key and ask your customer to add DKIM DNS record. Refer to our
+tutorial to <a href="setup_dns.html#dkim-record-for-your-mail-domain-name">add DKIM DNS record</a>.</p>
 <ul>
 <li>Generate new DKIM key for new domain.</li>
 </ul>
@@ -59,7 +92,8 @@ steps to enable DKIM signing for outgoing emails of this domain.</p>
 <ul>
 <li>Restart Amavisd service.</li>
 </ul>
-<h2 id="use-one-dkim-key-for-all-mail-domains">Use one DKIM key for all mail domains</h2>
+<p>Again, don't forget to ask your customer to add DKIM DNS record.</p>
+<h2 id="use-one-dkim-key-for-all-mail-domains-without-updating-amavisd-config-file">Use one DKIM key for all mail domains without updating Amavisd config file</h2>
 <p>For compatibility with dkim_milter the signing domain can include a '*'
 as a wildcard - this is not recommended as this way amavisd could produce
 signatures which have no corresponding public key published in DNS.
