Setting up DMARC, SPF, DKIM with Amazon SES
In this article
Note: This article only applies if you have integrated Amazon SES with your EmailOctopus account.
SPF, DKIM, and DMARC control which servers can send as your domain (SPF), authenticate a message, proving that you sent it (DKIM), and instruct recipients what to do if one or both of those checks fail (DMARC)
HOW TO VERIFY YOUR DOMAINS
The instructions below are a walkthrough on how to add SPF, DKIM and DMARC to your Amazon SES account (which will then be picked up by EmailOctopus).
In this process there will be significant changes made to your DNS settings, we’d advise that you take great care and have sufficient technical knowledge to make these changes. It’s well worth familiarising yourself with how to make DNS changes before starting this guide. We also recommend keeping your DNS tab/window open, throughout the walkthrough.
VERIFY A NEW DOMAIN
First, we’ll need to log in to the AWS dashboard and navigate to the Verified Identities. Click on the orange 'Create Identity' button.
On the next page, check the box to add a domain, type down your domain address inside the text box, scroll down, and click the orange button labelled 'Create Identity'.
Scroll down to see all CNAME records that you have to add to your DNS entries (NOTE, values will be different than those in the screenshot below).
Upon returning to the Verified Identities screen your domain should be listed as 'Verification pending'.
You will need to apply the CNAME records to your DNS, you do not need to apply the Email Receiving Record. Instructions on how to do this for a few DNS providers are below. Often the DNS is hosted with the same company that provided your domain name.
CUSTOM MAIL FROM DOMAIN
Next up, you will need to set up a custom Mail From domain. This will allow Amazon SES to mark emails as “coming from” your domain rather than from Amazon.
- Click on your domain in the SES domain dashboard.
- Click on the Edit button in the upper-left corner of the 'Custom MAIL FROM domain' box.
- Check the box to 'Use a custom MAIL FROM domain' and type it below.
- Choose your preferred behaviour on MX failure.
- Click the button to 'Save changes'.
Scroll down to see the MX and TXT records you have to add to your domain DNS entries (NOTE, values will be different than those in the screenshot below).
- Setting up SPF-DMARC
- Go to https://dmarc.postmarkapp.com/ to create your free account. This account will receive the daily ISP reports, which will then be sent to you on a weekly basis.
- Enter your usual email address to receive your DMARC status reports
- Enter the subdomain, as set-up previously, in the send reports about this domain field.
Our example was e.emailoctopus.com
- Now you should see a screen similar to this:
- Copy the above DNS records into your DNS providers settings, and save them.