Select Language:
If you’ve noticed a “High Impact” warning in the SES Virtual Email Assistant related to your your-alias.awsapps.com domain, you’re not alone. This warning can cause some confusion, but understanding it can help you fix email delivery issues effectively.
AWS automatically creates a subdomain like company.awsapps.com when you set up Amazon WorkMail. The important thing to know is that AWS controls the main awsapps.com domain, so you can’t add DNS records like DMARC, SPF, or DKIM directly to it. The warning appears because this subdomain doesn’t have a DMARC policy set up, which SES Advisor flags as a potential issue. However, if you’re sending emails from your custom domain, such as @yourdomain.com, this warning is mostly just informational. It usually doesn’t impact your actual email delivery.
Many times, emails get rejected by organizations that have strict security rules. If your custom domain passes tests like MXToolbox but still faces rejections, the problem often comes down to DMARC alignment. To pass DMARC checks, your email must meet certain conditions:
– SPF Alignment: The domain in the “From” address and the “Return-Path” must match.
– DKIM Alignment: The domain in the “From” address and the domain used to sign the email should be the same.
By default, SES uses a subdomain of amazonses.com for the Return-Path, which can cause alignment issues, especially with security-sensitive recipients. Setting up a custom MAIL FROM domain can help fix this problem.
To improve your email deliverability:
1. Set Up a Custom MAIL FROM Domain:
– Go to the SES Console and select “Identities.”
– Choose your domain instead of the default awsapps one.
– Under the “Custom MAIL FROM” tab, specify your own domain like mail.yourdomain.com.
– This ensures that your “From” address and SPF record match, increasing deliverability.
2. Verify DKIM Settings:
– Make sure your DNS has the correct CNAME records for DKIM.
– Use the Easy DKIM option provided by SES to simplify this process.
3. Ignore the “High Impact” Warning from SES Advisor:
– You can safely overlook this warning because you can’t change the DNS for awsapps.com.
– As long as your custom domain is properly configured and verified, your emails should reach inboxes without problems.
– Remember, your WorkMail users should send emails only from the @yourdomain.com address, not the default @youralias.awsapps.com.
Following these steps will help your emails reach the inboxes of even the most security-conscious organizations, ensuring your communication remains smooth and reliable.
ChatGPT
Perplexity
Gemini AI
Grok AI
