How to Set Up DKIM in Amazon SES?
To configure DKIM for Amazon SES, you have to modify the DNS settings of your domain. For Route 53 users, Amazon SES will take care of the process, but if you use another DNS provider, you need to follow some processes.
Here are rules that you need to abide by:
- You must set DKIM only for the domain that you use in the ‘From’ address and not for the one used in the ‘Return-Path’ or ‘Reply-to’ addresses.
- Amazon SES is available in multiple regions, and if you use more than one AWS region, you must set up DKIM for each one.
- Your DKIM settings also apply to all subdomains of your domain unless you exclusively set them up for subdomains.
Configuring DKIM for a Domain in Amazon SES
Setting up DKIM for your domain ensures that only authorized people send emails on your behalf while also letting you know if anyone tampered with email content in transit. Here’s what you need to follow to set it up in Amazon SES:
- Open the Amazon SES console.
- See the navigation pane, under which you will find ‘Identity Management,’ where you have to choose ‘Domains.’
- You will see a list of domains from which you need to choose the one for which you have to set up DKIM.
- Under DKIM, click on ‘Generate DKIM settings.’
- Copy the three CNAME records you will see in this section. You can also download the record set as CSV as an alternative. This way you can save a copy of your records to your computer.
- Lastly, add the copied or downloaded CNAME records to your DNS configuration for your domain.
Steps to Add the CNAME Records to DNS
If you use Route 53 on the same account as the one you use for sending emails using Amazon SES, choose ‘Use Route 53’ to update the DNS settings for your domain automatically.
If you use another DNS providers, then check out their official websites to see the process. Here, we are listing down documentation links for the common ones-
- GoDaddy- Add a CNAME Record
- Dreamhost- How do I Add Custom DNS Records?
- Cloudflare- How do I Add Custom CNAME Record?
- HostGator- Manage DNS Records with HostGator/eNom
- Namecheap- How do I Add TXT/SPF/DKIM/DMARC Records for My Domain?
- Names.co.uk- Changing Your Domain’s DNS Settings
- Wix: Adding or Updating CNAME Records in Your Wix Account
Please note that some DNS providers do not allow underscores (_) in record names, but the DKIM record name requires an underscore. If your provider restricts this, contact their customer support for help.
Configuring DKIM For an Email Address in Amazon SES
Follow this process to set up DKIM for an email address that’s already verified with Amazon SES. Please note that you can set DKIM only for those email addresses that belong to the domain you already own. This is because you have to change the DNS settings for the domain to configure DKIM.
- Open the Amazon SES console.
- See the navigation pane, under which you will find ‘Identity Management,’ where you have to choose ‘Email Addresses.’
- You will see a list of email addresses from which you need to choose the one for which you have to set up DKIM.
- Under DKIM, click on ‘Generate DKIM Settings.’
- Copy the three CNAME records you will see in this section. You can also download the record set as CSV as an alternative. This way you can save a copy of your records to your computer.
- Lastly, add the copied or downloaded CNAME records to your DNS configuration for your domain.
Image sourced from fastercapital.com
Managing DKIM Records For an Identity Using Console
You can manage DKIM records for your identities using two ways-
Web-Based Amazon SES Console
- Use your login credentials to sign in to your AWS Management Console and go to the Amazon SES console.
- Check the navigation pane. Under ‘Identity Management,’ you can choose the type of identity you want for your DKIM records.
- There will be a list of identities from which you choose the one you want to obtain the DKIM record for.
- Copy the three CNAME records you will find under the DKIM section.
Using AWS CLI
Type aws ses get-identity-dkim-attributes –identities “example.com” in the command line. Remember to replace ‘example.com’ with the identity for which you want to obtain the DKIM record. For this, you may mention an email address or domain. To set up DMARC in Amazon SES, please contact DMARCReport.
Disabling DKIM for an Identity
- Open the Amazon Management console and then the Amazon SES console in that.
- See the navigation pane, under which you will find ‘Identity Management,’ where you have to choose the type of identity for which you want to disable DKIM.
- You will see a list of identities from which you need to choose the one for which you have to disable DKIM.
- In the DKIM section, next to ‘DKIM: enabled,’ choose ‘disable.’
Alternatively, you can also disable DKIM for an identity using the AWS CLI by typing aws ses set-identity-dkim-enabled –identity example.com –no-dkim-enabled in the command line. Remember to replace ‘example.com’ with the identity for which you want to disable DKIM. For this, you may mention an email address or domain.
Enabling DKIM For an Identity
If you disable DKIM for an identity, you can re-enable it using the Amazon SES console-
- Open the Amazon Management console and then the Amazon SES console in that.
- See the navigation pane, under which you will find ‘Identity Management,’ where you have to choose the type of identity you want to enable DKIM for.
- You will see a list of identities from which you need to choose the one for which you have to enable DKIM.
- In the DKIM section, next to ‘DKIM: disabled,’ choose ‘enable.’
Alternatively, you can also enable DKIM for an identity using the AWS CLI by typing aws ses set-identity-dkim-enabled –identity example.com -dkim-enabled in the command line. Remember to replace ‘example.com’ with the identity you want to enable DKIM for. For this, you may mention an email address or domain.
All this process requires technical expertise, and if you need a helping hand, then we are here.