0

According to the docs, AWS SES has some requirements on what is an allowable MAIL FROM domain:

The subdomain you use for your MAIL FROM domain has to meet the following requirements:

The MAIL FROM domain has to be a subdomain of the verified identity (email address or domain) that you send email from. For example, mail.example.com is a valid MAIL FROM domain for the domain example.com.

The MAIL FROM domain shouldn't be a domain that you send email from. If you have to use the MAIL FROM domain in a From address, either disable email feedback forwarding and receive your bounces through Amazon SNS notifications, or ensure that your MAIL FROM domain is not the destination for feedback forwarding. To determine the destination of email forwarding feedback, see Email feedback forwarding destination.

The MAIL FROM domain shouldn't be a domain that you use to receive email.

What is the reason for these requirements? Is this a general rule for all email services or just an AWS SES thing? In particular, I currently have my DNS SPF/DKIM/DMARC records set up so that I can send from both AWS SES and Google Workspace (formerly G Suite). For example, my current outbound emails from Google Workspace would have a "MAIL FROM" header of admin@mydomain.com which is the identical value for the "From" header. Does this cause problems?

user2959071
  • 3
  • 2

3 Answers3

0

This is a normal setup for both transactional and marketing email, and other providers who handle such email will also have similar requirements. The point is primarily to isolate email reputation for this stream of mail from that of your domain. People will mark your email as spam despite having knowingly signed up to receive it, and you really do not want this to affect email for your domain name.

Michael Hampton
  • 244,070
  • 43
  • 506
  • 972
0
  1. You can achieve SPF Alignment (Mail From: domain matching From: address), thus passing DMARC SPF checks. (If followed the "relaxed alignment" mode)
  2. Third-Party services like AmazonSES, SendGrid, etc. follow the same step of having their users set up a subdomain for Return-Path (not used for sending emails), while your From: address is your actual sending domain. This is used for Bounce Management. You will still be able to see your Bounce percentage in these portals, and those services will keep justifying your reputation and imply rules based on your bounce rate.
  3. Win-Win situation in both cases.
Jacob
  • 46
  • 2
0

Does it mean that specifically for SES, if I use a MAIL FROM setup, the mails that I send from that domain will be considered sent from "mail_from_subdomain.domain.com" and the reputation will be assigned to the subdomain and I don't have to do any other config changes for this. For eg : adding spf/dmarc/dkim for subdomain and actually have a sending mail id called myname@mail_from_subdomain.domain.com

maindola
  • 1
  • This does not provide an answer to the question. Once you have sufficient [reputation](https://serverfault.com/help/whats-reputation) you will be able to [comment on any post](https://serverfault.com/help/privileges/comment); instead, [provide answers that don't require clarification from the asker](https://meta.stackexchange.com/questions/214173/why-do-i-need-50-reputation-to-comment-what-can-i-do-instead). - [From Review](/review/late-answers/517267) – Dave M Apr 07 '22 at 20:58