SuperTool
SuperTool Monitoring Delivery Center
Pricing Tools Delivery Center Monitoring Products Blog Support

Providers

A - E
F - L
M - S
T - Z

Amazon SES

Supports SPF Supports DKIM

DKIM & SPF Setup for Amazon SES

 

SPF Setup for Amazon SES

To set up or edit your SPF record, you will need to add: include:amazonses.com

Edit existing SPF record

  1. Log in to your DNS hosting provider
  2. Look for a TXT containing v=spf1
  3. In your existing SPF record, you will append include:amazonses.com
  4. For example, if your existing record looks like v=spf1; mx; ip4:1.2.3.4; you would add the above include as follows v=spf1; mx; ip4:1.2.3.4; include:amazonses.com

Create a new SPF record

  1. Follow the instructions from our How to Create a New SPF Record Guide.
  2. In the Value field, enter: v=spf1 include:amazonses.com ~all and Save the TXT record.

Records for Subdomains

If you are creating a record for a subdomain, you will want to make sure that you specify the sub part of the domain in the Host/Name/Alias field for most DNS providers.

  1. Enter the sub part of the domain, for example if the subdomain is mail.mxtoolbox.com you would want to enter mail into that field.
 

SPF and DMARC Alignment

By default, Amazon SES will set you up for sending using one of their domains for the return-path address. This domain will NOT pass SPF Alignment. At this time, this provider does NOT provide any mechanism that will allow SPF Alignment to pass. You need to enable DKIM for this provider to ensure your email will pass DMARC Compliance.

How to Set Up/Modify DKIM for Amazon SES

DomainKeys Identified Mail (DKIM) is a protocol that enables a company to take responsibility for sent messages that can be verified by mailbox providers. Basically, DKIM allows the outbound domain to digitally sign email to provide legitimacy for the receiver. Below is a guide on how to use DKIM with Amazon SES (Easy DKIM) to ensure that recipient email systems trust messages sent from your custom domain.

Designed to prevent spoofing attacks, DKIM works in tandem with SPF to attain DMARC compliancy. DKIM lets a company add a digital signature to emails in the message header, which allows recipient systems to use the signature as a validation point to determine if incoming mail is legitimate.

You can use the Amazon SES console to configure Easy DKIM settings and to enable/disable automatic DKIM signing for your email messages. To set up Easy DKIM, you must be able to edit your domain’s DNS records.

To implement Easy DKIM for the Amazon SES platform via a new domain, follow these steps:

  • Go to your verified domain list in Amazon SES console

  • Click Verify a New Domain

  • Enter your domain name, select Generate DKIM Settings, click Verify This Domain

  • Complete domain verification by updating your domain’s DNS settings with the TXT record information from the Domain Verification Record in the Verify a New Domain box

  • Set up DKIM by updating your domain’s DNS settings with the CNAME record information from box

  • Enable DKIM signing for your custom domain in Amazon SES; DKIM Verification Status for that domain will change from “in progress” to “success”

An example of enabling DKIM signing for your custom domain is as follows:

New-DkimSigningConfig -DomainName yourdomain.com -Enabled $true

As a user of this outbound email provider, Amazon SES customers are afforded DKIM signing because it supports this mechanism. By utilizing Amazon’s self-service portal, you can manually set up DKIM at your convenience via CNAME records mentioned above This Amazon SES product provides beneficial components (e.g., DKIM signing, self-service set up with CNAME records) that result in a streamlined process.

DKIM/SPF Setup Highlights

The below sections highlight notable characteristics of setting up DKIM and SPF for this provider as well as highlighting advanced settings if offered by this Outbound Email Source.

SPF

SPF Include Tag Required

This outbound email provider uses an include mechanism to add this provider's IP space to your SPF. To get fully set up with SPF for this provider, you will need to take the provided “include” domain and add it to your SPF record. An example of an SPF record without an include tag is compared to one with the tag added below (the include tags added are denoted in bold).

 

Initial SPF Record:

HOST TEXT
yourdomain.com v=spf1 ~all

 

SPF record include added:

HOST TEXT
yourdomain.com v=spf1 include:sender.net include:new3rdparty.com ~all

 

DKIM

Supports DKIM Signing

Yes, this outbound email provider supports DKIM signing.

DKIM Setup via CNAME

This specific email provider relies on a CNAME record (or multiple records) for DKIM set up. Below is an example a typical  CNAME Record for setting up DKIM. The HOST section will typically contain a unique name followed by the domain name you are creating the record for (In the below "s1.domainkey" is the unique name followed by the domain of "yourdomain.com". The ADDRESS section will outline where mail receivers should look for a DKIM record for the domain. Both of these values are typically auto generated when you setup DKIM via an outbound email source.

HOST ADDRESS
s1.domainkey.yourdomain.com. s1.domainkey.uXXX.wlXXX.sendgrid.net.

 

DKIM Setup Process: Self-Service Dashboard

This email provider offers a self-service dashboard where DKIM records will be setup for the account. To get DKIM setup for this provider you will login to your account at this provider and proceed to the DKIM setup area.

burritos@banana-pancakes.com braunstrowman@banana-pancakes.com finnbalor@banana-pancakes.com ricflair@banana-pancakes.com randysavage@banana-pancakes.com