Recent Searches

No recent searches

    Popular Articles

      Articles
      View all
        Topics
        View all
          Tickets
          View all
            no results

            Sorry! nothing found for

            Amazon SES DKIM failing Authentication and Alignment

            Created by Abderrahim Ibnou el kadi, Modified on Fri, 26 Sep at 4:38 PM by Abderrahim Ibnou el kadi


            Synopsis: 

            DKIM fails (authentication and Alignment)  when using Amazon SES

            An issue has been observed in Amazon Simple Email Service (SES) where all messages sent from it with your domain and received by Proofpoint are failing DKIM Authentication and Alignment.


            Resolution:
            To fix this issue we need to make sure we use the DKIM key that is generated by Proofpoint and follow the steps as displayed below.


            In Proofpoint Portal


            • Login to your Proofpoint portal, navigate to Account Management > Domains
            • Create a new DKIM key on the Proofpoint portal and make sure to COPY the Selector name, Public Key, and the PRIVATE KEY in a notepad
            • Create a new TXT record ,On your DNS registrar, and populate it with the correct DKIM info, Selector name, and Public Key
            • After a few minutes, log in to your Proofpoint Portal and validate the DKIM key
            • Make sure to disable "Re-write URLs that are located in DKIM signed messages  " under Malicious Content > URL Defense
            In the Amazon SES Portal


            Fixing the DKIM Authentication:

            1. Download and SAVE the record set for existing 03 CNAME records for a backup in case you need them back
            2. Delete these default DKIM keys as they will conflict with the custom BYODKIM you will create.
            3. Create your own DKIM using your own Private key:
            • In the Amazon SES dashboard, Configuration > Identities
            • Select the domain in question and click on it
            • Download the record set for existing 03 CNAME records (mentioned in STEP 1) for a backup in case you need them back
            • Click on the EDIT button in the Domain Keys Identified Mail (DKIM)
            • Choose “Provide DKIM authentication token (BYODKIM)” 
            • Copy and paste the Private key from your server where you have created your DKIM (remember the notepad above)
            • Copy and paste the selector name without the (._domainkey.yourdomain.com ) as it is will be added automatically
            • Make sure the “Enable” is checked
            • SAVE the changes

            This will take a few minutes to verify. Once verified, you will notice that your messages from Amazon SES will now pass the DKIM authentication but will still fail the DKIM alignment. To fix the DKIM alignments, you will need to proceed with the next step.


            Fixing the DKIM Alignment:


            a.    In the Amazon SES dashboard, Configuration > Identities

            b.    Select the domain in question and click on it or edit it


            c.    Scroll down the page, click on the Edit button in the section “Custom Mail FROM domain

            d.    Check “User a custom MAIL FROM domain

            e.    In the “MAIL FROM domain” field, enter “mail

            f.    Under the “Behavior on MX failure” section, check “Use default MAIL FROM domain

            g.    Click on the “SAVE changes” button




            Preview
            0 of 0