How to setup SPF and DKIM for Amazon SES

This guide outlines the steps to configure Sender Policy Framework (SPF) and DomainKeys Identified Mail (DKIM) for your domain in Amazon SES, ensuring compliance with Domain-based Message Authentication, Reporting, and Conformance (DMARC) standards

Prerequisites:

  • A domain should have only one SPF record.​

  • Administrator access to Amazon SES.​

  • Administrator access to your DNS provider.

SPF Setup:

Identify existing SPF Record:
Check if your domain already has an SPF record by querying your DNS records here.​

Add or Modify SPF Record:

If no SPF record exists, create one with the following value:

Codev=spf1 include:amazonses.com ~all

If an SPF record exists, modify it to include Google’s SPF record:​

Existing SPF record:

Codev=spf1 include:example.com ~all

Updated SPF record:

Codev=spf1 include:example.com include:amazonses.com ~all
DKIM Setup:
Access Amazon SES:

Sign in to the AWS Management Console and open the Amazon SES console:
https://console.aws.amazon.com/ses/

Configure DKIM Settings:

  1. In the left navigation panel, under Configuration, select Identities.

  2. Locate the domain under Identities where the Identity type is set to Domain and select it.
    *If the domain is not listed, you may need to create or verify a domain first.

  3. Navigate to the Authentication tab and locate the DKIM settings section.

  4. Click Edit to modify the DKIM configuration.

  5. Under Advanced DKIM settings, select Easy DKIM.

  6. In the DKIM signing key length field, choose one of the following:
    RSA_2048_BIT (Recommended for stronger security, if supported by your DNS provider).
    RSA_1024_BIT (Use if your DNS provider does not support 2048-bit keys).

  7. In the DKIM signatures section, check the Enabled box.

  8. Click Save changes.

Once Easy DKIM is enabled, you must complete the verification process with your DNS provider by adding the required DNS records.

More Information:

For additional details on email authentication and DKIM setup, please visit the Amazon Support Page:
Amazon SES DKIM Authentication Guide

Verification:

Use tools like dmarclytics.io to verify your SPF and DKIM configurations.

Support:

For assistance, contact us via live chat or submit a support ticket.

By following these steps, your domain will be properly configured for DMARC compliance, improving email security and deliverability.

DMARC is now mandatory for bulk email senders.

Check If Your Domain
Is Safe from Spoofing

Enter Domain

We’ll run a quick DMARC check and show you your policy and status.

Share If You Like!

Secure Your Domain Free for 14 Days

100% DMARC, SPF, DKIM compliance

Improve deliverability, pass Google & Yahoo DMARC checks

Start 14-Days Free Trail

Start 14-Days Free Trail

Book Demo

Book Demo

Tools

Aggregate Report

Email Spam Testing

SPF Checker

DKIM Checker

DMARC Checker

IP Blocklist Check

Support

Privacy Policy

Term & Service

Contact Us

Careers

Company

About Us

Data Centre Location

Features

Blog

Knowledge Base

@2025 All Rights Reserved

Facebook

Twitter

Linkedin