Table of Contents
INTRO
I’m in the process of migrating our newsletter / mailing list from Mailchimp to EmailOctopus. That’ll be a different post, this post is about setting up SES and DNS so that we can send mail from our AWS account that is:
- DKIM signed & verified
- SPF verified
- Valid DMARC
In short, this setup should give you pretty good deliverability results as long as you’re not sending spam from a bad domain.
NOTES
- I’m not a DKIM/SPF/DMARC/EMAIL expert. This guide is only to share what works for me. There are no guarantees this will work with your set up.
- I use Route53 for my DNS so these instructions will assume the same.
- I use a custom domain, Route53, and Mailgun for email forwarding. Adding this SES stuff doesn’t affect it all if done correctly.
VERIFY A NEW DOMAIN
First we’ll need to log in to the AWS dashboard and navigate to the SES dash.
- Click on the Verify a New Domain button.
- Enter your domain name (domain.com)
- Tick Generate DKIM Settings
- Click Verify This Domain
DKIM
Generate DKIM DNS Entries
Apply Record Sets
Verification Emails
You should now be redirected to the SES dash and your domain should be listed as PENDING.
![Verification Status]()
Once Amazon has completed verifying your domain they’ll send you an email notifiying you of the success. In my experience this only takes about a minute or two.
![Verification Success]()
Once Amazon has completed the domain / DNS settings they’ll verify the DKIM settings as well. In my experience this take less than a minute once your site has been verified.
![DKIM Verification Success]()
CUSTOM MAIL FROM DOMAIN
Now it’s time to set up our Custom MAIL FROM Domain. Essentially, this allows SES to mark our emails as “coming from” our domain rather than from Amazon. From the SES dash:
SPF-DMARC
Ok, confession time. I’ve never done a lot of research into DMARC before and this project is no different. I skimmed the official docs as well as AWS docs and have a working solution. If anyone knows of better configs or known issues, I’m all ears.
UPDATE
Thanks to user inopinatus on Hacker News for suggesting https://dmarc.postmarkapp.com/ as a DMARC aggregator to prevent annoyingly noisy DMARC status reports being emailed to you daily from multiple ISPs.
WRAP-UP
That’s it for now. I’ll go over integrating EmailOctopus in the next post.