4

I currently am trying to get my domain verified on Amazon's SES and running int a problem that google searches are not helping me get any closer to solving.

According to SES, I have to create a TXT record in my DNS for the domain I'm trying to verify. Amazon gives you the following (value changed for security purposes);

 TYPE: TXT
 NAME: _amazonses.somedomain.com
VALUE: M2sXTycXkgZXXuMuWI8TczngaPIDDMToPefzGhZ3uYA=

I have tried numerous entries in my registrar's DNS manager, but SES still fails to find what it's looking for. I am not a DNS guru, so, I have tried to construct the TXT record from very sparse examples, at best, to try to get this right.

My present TXT record is this;

"v=DKIM1 s=_domainkey d=_amazonses.somedomain.com p=M2sXTycXkgZXXuMuWI8TczngaPIDDMToPefzGhZ3uYA="

Is this how you would make the TXT record properly? Am I doing something incorrect?

Thanks

Skittles
  • 411
  • 7
  • 15
  • Did you ever figure this out? I'm trying to do the same and the DNS config for this host only has a single text box where you enter the entire TXT record. No name/value pair. What did you end up using? – Josh M. Apr 12 '14 at 20:35
  • Well, in terms of this particular issue, I believe that my DNS registrar was the ultimate culprit. I was able to resolve it using Amazon Route53, but with the added expense of being charged for DNS lookups. On a different note though, I recently configured DKIM for our start up business and that wen painlessly. The DNS registrar we used for that was GoDaddy. So, if you're having problems, I would inquire with your registrar first and if that still fails, try transferring your domain to another registrar like GD and give that a go. Best of luck. – Skittles Apr 12 '14 at 20:54

1 Answers1

5

Your present TXT record looks strikingly similar to those of the DKIM Core specification, which is is a simplified subset of DKIM. I'm not quite sure how you could reach that result by following the instructions within Authenticating Email with DKIM, thus might misunderstand what you are trying to achieve, but here's how these records would look by simply following the steps documented within Setting Up Easy DKIM for a New Domain, i.e. that's what the Amazon SES automation backend configured for our respective Amazon Route 53 managed domain, and what you'll need to replicate yourself with an external registrar accordingly:

  • Domain Verification Record Set - Has nothing to to with DKIM actually, rather is the method for Verifying Domains, i.e. confirm that you own it and to prevent others from using it and enabling anyone with an email address at this domain to send via SES.

    TYPE: TXT
    NAME: _amazonses.example.com
    VALUE: "M2sXTycXkgZXXuMuWI8TczngaPIDDMToPefzGhZ3uYA="

    NOTE: the quotes are significant for TXT records, please check my answer to How to properly set up DNS SPF records? for details regarding this common pitfall.

  • DKIM Record Set - This are the actual DKIM related records, i.e. those which allow SES to handle DKIM signing automatically on your behalf.

    TYPE: CNAME
    NAME: TycXkgZXXuMuWI8TczngaPIDDMToPefzGhZ3u._domainkey.example.com.
    VALUE: TycXkgZXXuMuWI8TczngaPIDDMToPefzGhZ3u.dkim.amazonses.com

    [2 more CNAME records like this one ...]

    NOTE: I just partially copied the hash above, these will all be different when generated by SES.

Finally, To sign your messages using a DKIM signature, you must enable Easy DKIM for the appropriate verified sending identity, see step 8 within Setting Up Easy DKIM for a New Domain for details.

Community
  • 1
Steffen Opel
  • 5,560
  • 35
  • 55
  • 1
    Perhaps you misunderstood the essence of my post, Steffen. My TXT record format is what I am questioning here. I have tried to follow the instructions numerous times, but the problem I am having is not the instructions, but rather the way to construct the TXT record itself. MyDomain.com is the registrar of my domain and they recently changed their DNS management interface whereby the TXT records are not entered as NAME:VALUE pairs, but rather as one continuous string. Therefore, I got the CNAME parts correct as it allows for pairs. I need to know how to do this as a single string for TXT. – Skittles Dec 09 '12 at 17:22
  • @Skittles - How could I possibly have figured this essence from your post, after all you've left out exactly the key information of this being an issue with your specific registrar rather than with SES and/or `TXT` records in general? I'm not able to help you with this unusual DNS management setup (and I doubt someone else will) - if their support isn't able to explain how to create standard `TXT` records, I can only recommend switching your DNS to e.g. [Amazon Route 53](http://aws.amazon.com/route53/), which has a decent record management UI *and* API (I've never looked back myself ...). – Steffen Opel Dec 09 '12 at 17:41
  • I have already undertaken the processes of switching my DNS management to Route 53. How could you have figured out the essence from my post? Let's see, "Is this how you would make the TXT record properly?" That question pretty much summarizes that all I was asking for was how to properly format a TXT record string. Obviously, you perceived it as a reason to shove the RTFM position at me rather than to offer me the basic level of assistance I was asking for. – Skittles Dec 09 '12 at 18:22
  • 1
    @Skittles - You response is quite inappropriate, I haven't stated RTFM anywhere in my post, rather tried to link to relevant information, as I always do. Have you even considered how much time it took me to assemble this post like so in order to help *you*? I've clearly stated how to properly format a _standard_ `TXT` record - please reconsider: it is impossible to deduce the absence of the required _Name_ field in your registrars DNS console from your sentence "Is this how you would make the TXT record properly?"! How should I figure that your registrar is hiding a crucial part? – Steffen Opel Dec 09 '12 at 18:35
  • @Skittles - Also, I even assumed I might had misunderstood your issue in the first place and still tried to assemble relevant information; and I continued to do this by recommending Route 53 once the actual issue surfaced in your comment. The two things I tried to get across are simply a) your registrar has unusual deficits in his DNS console, which are hard to impossible to diagnose/address without further details from them, and b) you missed to state that problem in your question. The goal of the latter is simply to improve on that in the future for the benefit of all participants. – Steffen Opel Dec 09 '12 at 18:56
  • I'm not contesting the work you put into trying to be thorough and, in fact, am quite appreciative thereof. I am merely stating that given the TXT record I provided, that anyone that knows DNS would be able to simply look at that string and respond accordingly with what the string SHOULD be constructed as. That's all I was seeking. Nonetheless, I will accept your answer. – Skittles Dec 09 '12 at 19:23