Ensures DomainKeys Identified Mail (DKIM) is enabled for domains and addresses in SES.
DKIM is a security feature that allows recipients of an email to veriy that the sender domain has authorized the message and that it has not been spoofed.
Follow the appropriate remediation steps below to resolve the issue.
Log into the AWS Management Console.
Select the “Services” option and search for SES.
Scroll down the left navigation panel and choose “Domains/Email Addresses” under “Identity Management”.
Select the identity either “Domains/Email Addresses” which needs to be verified and click on the “View Details” button at the top.
Scroll down the selected identity configuration page and click on the “DKIM”. If “DKIM is not enabled for this email address” message is shown when the “DKIM” is not enabled for selected “Identity”. An email message that is sent using DKIM includes a DKIM-Signature header field that contains a cryptographically signed representation of the message.
Repeat step number 2 - 5 to verify other identities either “Domains/Email Addresses”.
Navigate to “SES” and choose the identity either “Domains/Email Addresses” which needs to be enabled with “DKIM” and click on the “View Details” button at the top.
Scroll down the selected identity configuration page click “DKIM” tab to expand and click on the “Generate DKIM Settings” button.
Copy and paste the generated “CNAME” on the registered identity DNS zone file with the CNAME record information. Once the status is verified click on the “Enable” next to “DKIM” to enable the “DKIM” services. Verification process of these settings may take up to 72 hours.
Repeat steps number 7 - 9 to enable DKIM for all domains and addresses in all regions used to send email through SES.