Dmarc issue on external hosting using AWS SES

Hi there, we are using Amazon SES as email service for a Magento webshop on an external hosting (non Amazon). When I add a DMARC dns record to the domain, emails are not arriving at for example Gmail etc. When sending it to a mail test service, i get the following error:

Running Identifier Alignment verification
--------------------------------------------
SPF domain does not align with RFC5322.From domain (amazonses.com != example.co.uk). Alignment mode: relaxed.
DKIM domain does not align with RFC5322.From domain (amazonses.com != example.co.uk). Alignment mode: relaxed.

 Finalizing DMARC
-------------------
SPF auth result is pass, but the SPF domain is not in alignment. DMARC SPF result is fail.
DKIM auth result is pass, but the DKIM domain is not in alignment. DMARC DKIM result is fail.

Because at least the SPF or DKIM check has to produce a pass result and have their domain be in alignment, the DMARC result is fail.

In this message I've replaced the actual domain name with example.co.uk. With having example.co.uk as domain, what steps do I need to take to fix this?

Max Clements EXPERT
6 days ago
Can you provide your dmarc record? Have you enabled DKIM on SES?

Topics

Front-End Web & Mobile Business Applications

Tags

Amazon Simple Email Service

Language

English

SebDev

asked 6 days ago98 views

1 Answer

Newest
Most votes
Most comments

Accepted Answer

Use SPF or DKIM to authenticate your email identity and comply with DMARC. If you’re sending email from a domain that’s not verified, your email will fail DMARC. So, verify your domain.

Set up a custom MAIL FROM domain: Make sure the Mail From value is a subdomain of your verified domain to pass SPF alignment and DMARC validation.

Look at this repost entry https://repost.aws/knowledge-center/amazon-ses-send-email-failure-dmarc

EXPERT

Giovanni Lauria

answered 5 days ago

EXPERT

A_J

reviewed 5 days ago

SebDev
a day ago
Thanks for the answer. Domain was already verified but there was no DMARC yet at our SES account. So went through the process in DKIM settings with Easy DKIM. Now all good!

Relevant content

SES DMARC Google fail
ZenYu
asked 6 years ago
DMARC policy violation using Amazon SES
Accepted Answer
DevHub
asked 2 years ago
DMARC policy violation using Amazon SES
Accepted Answer
DevHub
asked 2 years ago
SES | DMARC Policy Issue
AnujG
asked 3 months ago
How can I use Amazon SES to receive inbound emails, and then store those emails on Amazon S3?
AWS OFFICIALUpdated a year ago
What do I do if my Amazon SES emails fail DMARC validation for SPF alignment or DKIM alignment?
AWS OFFICIALUpdated 2 years ago
Why are the emails that I send using Amazon SES failing with the error message "Email rejected per DMARC policy"?
AWS OFFICIALUpdated 2 years ago
How do I use Amazon SES as the SMTP host to send emails from Amazon MWAA DAG tasks?
AWS OFFICIALUpdated 2 months ago
Amazon SES launches Mail Manager to help manage complex inbound and outbound email workloads
EXPERT
AWS PMM User
published 2 months ago
Amazon Simple Email Service (SES) introduces new email routing and archiving features
EXPERT
AWS PMM User
published a month ago