Documentation

Add DKIM Records to Improve Deliverability

DomainKeys Identified Mail (DKIM) is an authentication method that verifies that the email actually came from the domain that sent it. When an email is sent out with DKIM, it contains a DKIM signature hash which is then verified against the DNS records for that domain.

Amazon SES passes DKIM authentication out of the box because it will send outgoing mail with a DKIM signature that traces back to Amazon’s servers. This will result in the email displaying a “via amazonses.com” message next to the “From” email address in some email clients. However, this may not be ideal as you may not want or need your recipient to know what you’re using as your email provider.

Set Up DKIM

Luckily Amazon makes it easy to set up custom DKIM records which will get rid of that “via amazonses.com” message and potentially improve deliverability as well.

To get the necessary DNS records you need to add, log into the AWS SES console and navigate to the “Domains” page and select the domain you want to add DKIM for.

Then scroll down to the “DKIM” section and click “Generate DKIM Settings”:

DKIM settings

This will generate several CNAME records. Log into your DNS provider and add them so that Amazon can complete the DKIM verification (this can take up to 72 hours). Once complete, for any new emails sent your recipients will no longer see the “via “amazonses.com” message and email providers will be less likely to mark your emails as spam.