Reputation: 29477
AWS SES Identity "pending verification" for DKIM config
Brand new to AWS & Simple Email Service (SES) and have an app that needs to generate some email using SES. All I'm trying to do is set things up so that my app's service user (called, say, myapp-dev) has Access & Secret Keys that have permission to use SES APIs for generating emails. Furthermore I need these SES-generated emails to be sent from either [email protected] which is not a valid email address, as well as [email protected] which is a valid email address. This is because some SES emails will be alerts/notifications that end users should not respond to, and other emails will be emails that they may very well want/need to reply to.
I've already created a myapp-dev user that has AmazonSESFullAccess permissions.
Not knowing any better, I then went to the SES dashboard and clicked Manage Identities and started creating a new "SES Identity". I'm not sure if I need to do this or not (given my needs) or whether my myapp-dev user is ready to use the SES APIs as-is. Adding this new SES identity, it asked me to enter my domain and gave me the option to generate DKIM configurations for that domain. I read up quickly on DKIM and it sounds like its a way to authenticate that emails did in fact come from my domain, so it sounds like its something I'd like leverage. So I generated DKIM configs and now SES says that my new identity has a status of "pending verification".
- Main concern is bolded above: with
AmazonSESFullAccesspermission, is mymyapp-devuser ready to rock n' roll? Or will SES APIs fail/refuse to send emails until my SES identity (for my domain) is "verified"? - What do I actually need to do to change the SES identity from "pending" to "verified"? I did see a note that I needed to modify TXT and CNAME DNS records to configure DKIM with my domain, is that it? Or do I need to do something else?
Thank in advance for any and all clarification!
Upvotes: 3
Views: 12382
Answers (2)
Reputation: 10878
Found an alternate answer in this thread:
https://forums.aws.amazon.com/thread.jspa?threadID=125362
Here's what might have happened: Some domain name providers will automatically add example.com on to the end of the name/host field. So if you enter _xx.example.com, they'll "silently" change it to _xx.example.com.example.com
This is currently the case with namecheap, as I've painfully learned.....
It turned out this was my issue. Make sure to double check!
Upvotes: 9
Reputation: 937
You need to wait for dns verification, can take a while.
You also need to take the Sandbox into account and open a ticket to move out from it. https://docs.aws.amazon.com/ses/latest/DeveloperGuide/request-production-access.html
To help protect our customers from fraud and abuse and to help you establish your trustworthiness to ISPs and email recipients, we do not immediately grant unlimited Amazon SES usage to new users. New users are initially placed in the Amazon SES sandbox. In the sandbox, you have full access to all Amazon SES email-sending methods and features so that you can test and evaluate the service; however, the following restrictions are in effect:
You can only send mail to the Amazon SES mailbox simulator and to verified email addresses and domains.
You can only send mail from verified email addresses and domains.
You can send a maximum of 200 messages per 24-hour period.
Amazon SES can accept a maximum of one message from your account per second.
Upvotes: 4
Related Questions
- Email address is not verified (AWS SES)
- Why is Amazon SES DKIM signature marked as perm_fail?
- AWS SES Email Verification RequestId status
- DKIM verification fails on AWS SES and Cloudflare
- Amazon SES email security
- AWS SES verified emails
- Amazon ses giving email address unverified. when it is already verified
- AWS SES SendRawEmail with via amazonses.com warning
- Does the AWS SES SMTP server automatically sign emails with DKIM?
- AWS SES Verified mail but still getting an error 554