Amazon SESbeginner5 Min read time

How to Set Up SPF, DKIM for Amazon SES

Learn how to configure SPF & DKIM for Amazon SES correctly. Step-by-step DNS setup guide to improve email deliverability and prevent spoofing | Dmarclytics

This guide outlines the steps to configure Sender Policy Framework (SPF) and DomainKeys Identified Mail (DKIM) for your domain in Amazon SES, ensuring compliance with Domain-based Message Authentication, Reporting, and Conformance (DMARC) standards

Prerequisites:

  • A domain should have only one SPF record.​
  • Administrator access to Amazon SES.​
  • Administrator access to your DNS provider.

SPF Setup:

Identify existing SPF Record:
Check if your domain already has an SPF record by querying your DNS records here.​

Add or Modify SPF Record:

If no SPF record exists, create one with the following value:

Hostname:

@


Value:

V=spf1 include:amazonses.com ~all

If an SPF record exists, modify it to include Google’s SPF record:​

Existing SPF record:

V=spf1 include:example.com ~all

Updated SPF record:

V=spf1 include:example.com include:amazonses.com ~all

DKIM Setup:

Access Amazon SES:

Sign in to the AWS Management Console and open the Amazon SES console:
https://console.aws.amazon.com/ses/

Configure DKIM Settings:

  1. In the left navigation panel, under Configuration, select Identities.
  2. Locate the domain under Identities where the Identity type is set to Domain and select it.
    *If the domain is not listed, you may need to create or verify a domain first.
  3. Navigate to the Authentication tab and locate the DKIM settings section.
  4. Click Edit to modify the DKIM configuration.
  5. Under Advanced DKIM settings, select Easy DKIM.
  6. In the DKIM signing key length field, choose one of the following:
    RSA_2048_BIT (Recommended for stronger security, if supported by your DNS provider).
    RSA_1024_BIT (Use if your DNS provider does not support 2048-bit keys).
  7. In the DKIM signatures section, check the Enabled box.
  8. Click Save changes.

Once Easy DKIM is enabled, you must complete the verification process with your DNS provider by adding the required DNS records.

More Information:

For additional details on email authentication and DKIM setup, please visit the Amazon Support Page:
Amazon SES DKIM Authentication Guide

Verification:

Use tools like dmarclytics.io to verify your SPF and DKIM configurations.

Support:

For assistance, contact us via live chat or submit a support ticket.

By following these steps, your domain will be properly configured for DMARC compliance, improving email security and deliverability.

Need hands-on help?

Our team can walk you through this setup live β€” free on every plan.

Talk to Support →← All Articles