Select Page

Amazon WorkMail – Signing Messages with DKIM & Modifying MAIL FROM Domain

Amazon WorkMail – Signing Messages with DKIM & Modifying MAIL FROM Domain

During my last Amazon WorkMail blog post, I noticed that my messages were being received as being signed by AmazonSES rather than my own, custom domain.email result As a customer looking to have a “professional brand”, the last thing I want is a recipient being hesitant of opening my email due to a warning in their email client. As an example, this is the result of the default setting when sending an email from the account created in the blog post referenced above – notice the “via amazonses.com” and signed-by “amazonses.com”.

If you weren’t aware, Amazon WorkMail utilizes the AWS SES services to send outbound email and, by default, mail flowing through this service will signed with the DKIM signature associated with the domain amazonses.com. However, AWS makes it simple to modify this to enable DKIM signed for your own domain. Similar to adding your domain to WorkMail, AWS requires you to verify ownership by creating specific DNS records. Below is a quick step-by-step process to enable DKIM signing for your domain.

  • In the AWS console, open SES service and choose Domains on the left.

domains

 

 

 

 

  • Select your domain and expand the Verification section. Ensure that the domain has been Verified by creating the DNS record as shown.

verification

 

 

 

 

 

 

  • Expand the DKIM section. Ensure that you have created the DNS records as shown. After creating the records, Verify them by clicking the option to retry verification. Once the records have been verified, you can enable DKIM signing by clicking the ‘enable’ link.

DKIM

 

 

 

 

 

 

 

 

  • Last but not least, expand the MAIL FROM domain section. Complete the information requested. As with the other sections, you’ll have to create and verify additional DNS records before messages will utilize your domain to send mail from.

mail from

 

 

 

 

 

 

 

 

  • Now that DKIM signing has been enabled, email with your domain which flows through Amazon SES will now be signed with your own domain rather than amazonses.com. Below is a screenshot which shows a message being signed by my domain rather than via amazonses.com

bryankrausen

 

 

About The Author

Bryan Krausen

Bryan Krausen is currently working as a Technical Architect with experience in a vast number of platforms. Bryan has been active within the VMware vExpert community for several years and is the leader of the Louisville VMware User Group (VMUG) and Louisville AWS User Group.

Leave a reply

Your email address will not be published.