Learning to Configure SPF for Amazon SES
If you send emails from Amazon SES and see the ‘Via amazonses.com’ warning, then you need to set up SPF and DKIM. This warning basically indicates that the mailbox provider perceived that your emails were sent from Amazon SES and not your brand.
This blog guides you on setting SPF for Amazon SES so that there are no compliance issues and your business stays protected from the growing phishing and spoofing attacks.
However, please bear in mind that if you send emails from subdomain.amazonses.com, there is no need to set up SPF. In this case, Amazon takes care of email authentication using SPF and DKIM. If you want to set up DMARC for your domain, please contact with DMARCReport.com.
Step 1: Domain Verification With Amazon SES
It’s a simple 6-step process. Here’s what you need to do-
- Log in to the AWS Management Console.
- Go to the Amazon SES interface.
- In the navigation panel, select ‘Domains’ under ‘Identity Management.’
- Click ‘Verify a New Domain.’
- Enter your domain name and click ‘Verify this Domain.’
- Add the provided TXT record to your DNS configuration to verify the domain.
Step 2: DNS Record Configuration
After you are done verifying your domain, add an SPF record to your domain’s DNS settings. Follow these steps and get this done-
- Log in to your DNS provider’s management console.
- Go to the DNS management section.
- Add a new TXT record with:
- type: TXT
- Name: @ (or your domain name, depending on the DNS provider)
- Value: “v=spf1 include:amazonses.com ~all”
Step 3: Confirmation of the SPF Record
Check your domain’s DNS settings to ensure your SPF record has no configurational and syntactical errors.
- Use an SPF lookup tool like MXToolbox.
- Enter your domain name.
- Check the SPF record to ensure it includes ‘include.com.’
Step 4: Test Sending Emails
Finally, test sending emails from your domain using Amazon SES. Send a test email from an application or the SES console. Then, check the email headers of the received email for ‘Received-SPF: pass’ to ensure that SPF passes.
Setting up the MAIL FROM Domain
- Go to your Amazon SES console and select ‘Domains’ under ‘Identity Management.’
- Confirm that the parent domain of the MAIL FROM domain is in the list of validated domains.
- Select the MAIL FROM domain.
- In the ‘Set MAIL FROM Domain’ window, enter the subdomain you want to use.
- A new window will display the SPF and MX records for your domain’s DNS setup.
The following table demonstrates the format of these records-
| Name | Type | Value |
| subdomain.domain.com | mx | 10 feedback-smtp.region.amazonses.com |
| subdomain.domain.com | txt | v=spf1 include:amazonses.com -all |
- Lastly, publish an MX record in the DNS server of the unique MAIL FROM domain.
Final Words
SPF ensures that only authorized people send emails as representatives of your brand. This minimizes the chances for threat actors to exploit your email-sending domain to send fraudulent emails posing as one of your representatives.
If you use Amazon SES to send marketing, notification, and transactional emails, then the above guide will surely help you. However, we know how this process can be a bit complex to understand. So, if you feel like having a helping hand by your side, reach out to us!
