Amazon SES domain verification TXT DNS record

domain-name-system domainkeys amazon-ses txt-record
8,791

Your present TXT record looks strikingly similar to those of the DKIM Core specification, which is is a simplified subset of DKIM. I'm not quite sure how you could reach that result by following the instructions within Authenticating Email with DKIM, thus might misunderstand what you are trying to achieve, but here's how these records would look by simply following the steps documented within Setting Up Easy DKIM for a New Domain, i.e. that's what the Amazon SES automation backend configured for our respective Amazon Route 53 managed domain, and what you'll need to replicate yourself with an external registrar accordingly:

  • Domain Verification Record Set - Has nothing to to with DKIM actually, rather is the method for Verifying Domains, i.e. confirm that you own it and to prevent others from using it and enabling anyone with an email address at this domain to send via SES.

    TYPE: TXT
    NAME: _amazonses.example.com
    VALUE: "M2sXTycXkgZXXuMuWI8TczngaPIDDMToPefzGhZ3uYA="

    NOTE: the quotes are significant for TXT records, please check my answer to How to properly set up DNS SPF records? for details regarding this common pitfall.

  • DKIM Record Set - This are the actual DKIM related records, i.e. those which allow SES to handle DKIM signing automatically on your behalf.

    TYPE: CNAME
    NAME: TycXkgZXXuMuWI8TczngaPIDDMToPefzGhZ3u._domainkey.example.com.
    VALUE: TycXkgZXXuMuWI8TczngaPIDDMToPefzGhZ3u.dkim.amazonses.com

    [2 more CNAME records like this one ...]

    NOTE: I just partially copied the hash above, these will all be different when generated by SES.

Finally, To sign your messages using a DKIM signature, you must enable Easy DKIM for the appropriate verified sending identity, see step 8 within Setting Up Easy DKIM for a New Domain for details.

Share:
8,791

Related videos on Youtube

Skittles
Author by

Skittles

if [ problem -gt solution ]; then rm -rf / fi

Updated on September 18, 2022

Comments

  • Skittles
    Skittles almost 2 years

    I currently am trying to get my domain verified on Amazon's SES and running int a problem that google searches are not helping me get any closer to solving.

    According to SES, I have to create a TXT record in my DNS for the domain I'm trying to verify. Amazon gives you the following (value changed for security purposes);

     TYPE: TXT
 NAME: _amazonses.somedomain.com
VALUE: M2sXTycXkgZXXuMuWI8TczngaPIDDMToPefzGhZ3uYA=

    I have tried numerous entries in my registrar's DNS manager, but SES still fails to find what it's looking for. I am not a DNS guru, so, I have tried to construct the TXT record from very sparse examples, at best, to try to get this right.

    My present TXT record is this;

    "v=DKIM1 s=_domainkey d=_amazonses.somedomain.com p=M2sXTycXkgZXXuMuWI8TczngaPIDDMToPefzGhZ3uYA="

    Is this how you would make the TXT record properly? Am I doing something incorrect?

    Thanks

  • Skittles
    Skittles over 11 years
    Perhaps you misunderstood the essence of my post, Steffen. My TXT record format is what I am questioning here. I have tried to follow the instructions numerous times, but the problem I am having is not the instructions, but rather the way to construct the TXT record itself. MyDomain.com is the registrar of my domain and they recently changed their DNS management interface whereby the TXT records are not entered as NAME:VALUE pairs, but rather as one continuous string. Therefore, I got the CNAME parts correct as it allows for pairs. I need to know how to do this as a single string for TXT.
  • Steffen Opel
    Steffen Opel over 11 years
    @Skittles - How could I possibly have figured this essence from your post, after all you've left out exactly the key information of this being an issue with your specific registrar rather than with SES and/or TXT records in general? I'm not able to help you with this unusual DNS management setup (and I doubt someone else will) - if their support isn't able to explain how to create standard TXT records, I can only recommend switching your DNS to e.g. Amazon Route 53, which has a decent record management UI and API (I've never looked back myself ...).
  • Skittles
    Skittles over 11 years
    I have already undertaken the processes of switching my DNS management to Route 53. How could you have figured out the essence from my post? Let's see, "Is this how you would make the TXT record properly?" That question pretty much summarizes that all I was asking for was how to properly format a TXT record string. Obviously, you perceived it as a reason to shove the RTFM position at me rather than to offer me the basic level of assistance I was asking for.
  • Steffen Opel
    Steffen Opel over 11 years
    @Skittles - You response is quite inappropriate, I haven't stated RTFM anywhere in my post, rather tried to link to relevant information, as I always do. Have you even considered how much time it took me to assemble this post like so in order to help you? I've clearly stated how to properly format a standard TXT record - please reconsider: it is impossible to deduce the absence of the required Name field in your registrars DNS console from your sentence "Is this how you would make the TXT record properly?"! How should I figure that your registrar is hiding a crucial part?
  • Steffen Opel
    Steffen Opel over 11 years
    @Skittles - Also, I even assumed I might had misunderstood your issue in the first place and still tried to assemble relevant information; and I continued to do this by recommending Route 53 once the actual issue surfaced in your comment. The two things I tried to get across are simply a) your registrar has unusual deficits in his DNS console, which are hard to impossible to diagnose/address without further details from them, and b) you missed to state that problem in your question. The goal of the latter is simply to improve on that in the future for the benefit of all participants.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

What is wrong in my DKIM setup? I'm getting all fails
How to format and where to put the SPF TXT record?
How to query DNS for special **NAMED** TXT records
Entering multiple DNS TXT values as a single TXT entry, with each value in " marks, but separated by spaces
Adding a subdomain on Google Domains
What are the main differences between SRV records and TXT records?
How to include multiple spf domains with different mechanisms in a single spf TXT Record
Linux command to inspect TXT records of a domain
Adding both CNAME and TXT DNS records for one subdomain
How to include multiple domains in an spf TXT Record