How to Setup DKIM for Amazon SES?
DKIM is specified in RFC 6376, and it is used by a number of email service providers, including Google, Yahoo, and Microsoft.DKIM is designed to address some of the flaws in the existing email system, such as spoofing, phishing, and message tampering. It allows email senders to digitally sign their messages in a way that can be verified by email receivers. This allows receivers to verify that the message truly came from the sender, and has not been tampered with.
Simple DKIM factors to consider
When you use Easy DKIM to authenticate your email, the following rules apply:
- Only the domain that appears in your “From” address needs to be configured for Easy DKIM. For domains that you use in “Return-Path” or “Reply-to” addresses, Easy DKIM is not required to be configured.
- Numerous AWS Regions provide Amazon SES. To ensure that all of your email is DKIM-signed, you must finish the Easy DKIM setup process in each of the AWS Regions that you use to send email.
- Unless you configure Easy DKIM for certain subdomains, your Easy DKIM settings also apply to all of its subdomains when you verify a domain.
- Amazon SES applies Easy DKIM settings in the following manner if you configure Easy DKIM for a parent domain, a subdomain, and an email address:
The DKIM settings for a subdomain take precedence over the parent domain’s settings.
The DKIM settings for an email address take precedence over those for the parent domain and, if relevant, the subdomain.
Simple DKIM domain configuration
- Access the Amazon SES interface.
- Select Domains from the Identity Management section of the navigation pane.
- Select the domain for which you wish to configure Easy DKIM from the list of available domains.
Note: Check out the instructions at Verifying a domain with Amazon SES if you haven’t started the domain’s verification process yet.
- Select “Generate DKIM Settings” from the DKIM menu.
- The three CNAME records found in this section should be copied. To download a copy of the records to your computer instead, select Download Record Set as CSV.
- An illustration of the DKIM section can be seen in the image below.
- Include the CNAME records in your domain’s DNS settings.
- The DKIM Verification Status will then be changed to verified once completed.
You can use Skysnag’s free DKIM Checker to check the health of your DKIM record here
Enable DMARC for your domains to protect against spoofing. Sign up for a free trial today!
For more information on Amazon SES DKIM setup, you can refer to their reference documentation
Check your domain's DMARC security compliance
Enforce DMARC, SPF and DKIM in days - not months
Skysnag helps busy engineers enforce DMARC, responds to any misconfigurations for SPF or DKIM which increases email deliverability, and eliminates email spoofing and identity impersonation.