diff --git a/src/internal/controller/zitadelcluster_controller.go b/src/internal/controller/zitadelcluster_controller.go
index 141d009..1cec4b6 100644
--- a/src/internal/controller/zitadelcluster_controller.go
+++ b/src/internal/controller/zitadelcluster_controller.go
@@ -510,18 +510,32 @@ func (r *ZitadelClusterReconciler) reconcileDefaultInstance(ctx context.Context,
 }
 
 func (r *ZitadelClusterReconciler) reconcileSMTPConfig(ctx context.Context, zitadel *zitadelv1alpha1.ZitadelCluster) (ctrl.Result, error) {
-	adminClient, err := zitadelClient.NewAdminClient(ctx, zitadel, *r.RefResolver)
+	privateKeyData, err := r.RefResolver.SecretKeyRef(ctx, corev1.SecretKeySelector{LocalObjectReference: corev1.LocalObjectReference{Name: systemapiaccount.SystemAPIAccountName(zitadel)}, Key: systemapiaccount.Key}, zitadel.Namespace)
 	if err != nil {
 		return ctrl.Result{}, err
 	}
-	_, err = adminClient.AddInstanceTrustedDomain(ctx, &adm.AddInstanceTrustedDomainRequest{
-		Domain: strings.Split(zitadel.Spec.SMTPConfig.SenderAddress, "@")[1],
+	ztdClient, err := system.NewClient(ctx, GetIssuer(zitadel), GetAPI(zitadel), system.JWTProfileFromKey([]byte(privateKeyData), masterkey.OwnerName), system.WithInsecure())
+	if err != nil {
+		return ctrl.Result{}, fmt.Errorf("Error creating sytem client: %v", err)
+	}
+	defer ztdClient.Connection.Close()
+
+	_, err = ztdClient.AddDomain(ctx, &pb.AddDomainRequest{
+		Domain:     strings.Split(zitadel.Spec.SMTPConfig.SenderAddress, "@")[1],
+		InstanceId: zitadel.Status.DefaultInstanceId,
 	})
 	if err != nil {
 		if !strings.Contains(err.Error(), "AlreadyExists") {
 			return ctrl.Result{}, fmt.Errorf("Could add smtp trusted domain: %v", err)
 		}
 	}
+
+	adminClient, err := zitadelClient.NewAdminClient(ctx, zitadel, *r.RefResolver)
+	if err != nil {
+		return ctrl.Result{}, err
+	}
+	defer adminClient.Connection.Close()
+
 	resp, err := adminClient.GetEmailProvider(ctx, &adm.GetEmailProviderRequest{})
 	if err != nil {
 		if strings.Contains(err.Error(), "not found") {