I've been trying to figure out how to set up DNS for the domain that we use to distribute emails via AWS SES API.
Taking domain like example.com I have verified DKIM by using 3 generated CNAME records.
I then enabled MAIL FROM Doman, where I was only able to generate subdomain mail.example.com with the following records:
MX
name: mail
value: 10 feedback-smtp.eu-west-2.amazonses.com.
TXT
name: mail
value: "v=spf1 include:amazonses.com ~all"
I also have a TXT record for DMARK as:
name: _dmark
value: "v=DMARC1; p=quarantine; fo=1; pct=25; rua=mailto:dmarcreports@example.com ruf=mailto:dmarcreports@example.com"
For sender email address I use mail@example.com which uses all the same verification.
My DMARC policy specifies relaxed alignment for DKIM as the From header uses email address with plain domain mail@example.com while MAIL FROM subdomain mail.example.com
All emails at the moment bounce back and I'm not entirely sure why.
Also - when previewing the bounced message - From shows as From: MAILER-DAEMON@eu-west-2.amazonses.com rather than verified sub-domain mail.example.com - not entirely sure how long does it take for changes to take effect, but everything has been verified a couple of hours ago and it's still failing.
I have the sending email mail@example.com set up with Gsuite - so it also has a set of standard Gmail MX records.
Question
Should I instead remove the SPF TXT record for mail.example.com and instead create one which will include subdomain as well as amazonses.com?:
TXT
name:
value: "v=spf1 include:mail.example.com include:amazonses.com ~all"
Anything else that could be done to make it all work? I learn as I go with it so perhaps I miss something obvious, but any help would be much appreciated.
