diff --git a/nixos/modules/mail.nix b/nixos/modules/mail.nix
index 67e5877..0ba0f07 100644
--- a/nixos/modules/mail.nix
+++ b/nixos/modules/mail.nix
@@ -254,6 +254,15 @@ in {
           in
             map signatureTemplate (["lists.mathebau.de"] ++ (map ({domain, ...}: domain) cfg.domains));
 
+          # Sign *our* outgoing mails with the configured signatures.
+          auth.dkim.sign = [
+            {
+              "if" = "is_local_domain('', sender_domain) || sender_domain == 'lists.mathebau.de'";
+              "then" = "['rsa-' + sender_domain, 'ed25519-' + sender_domain]";
+            }
+            {"else" = false;}
+          ];
+
           authentication.fallback-admin = {
             user = "admin";
             # see passwd on azathoth for plaintext or machine secret in encoded format for HTTP Basic AUTH