DKIM Should Be Verified
More Info:
The DomainKeys Identified Mail (DKIM) be verified in your SES configuration.Risk Level
HighAddress
SecurityCompliance Standards
CBPTriage and Remediation
Remediation
Using Console
Using Console
To remediate the misconfiguration of DKIM not being verified in AWS SES using the AWS console, follow these steps:
-
Sign in to the AWS Management Console:
- Go to the AWS SES console at https://console.aws.amazon.com/ses/.
-
Navigate to the Identity Management section:
- In the AWS SES console, on the left-hand side, click on “Identity Management” and then click on “Email addresses”.
-
Select the domain for which DKIM needs to be verified:
- Click on the domain for which you want to verify DKIM.
-
Verify DKIM for the selected domain:
- Under the “Domain details” section, find the “Domain authentication” tab.
- Click on the “Verify a new DKIM” button.
- You will be provided with a set of CNAME records that you need to add to your domain’s DNS settings.
-
Add DKIM CNAME records to your DNS settings:
- Login to your domain registrar or DNS hosting provider where your domain is hosted.
- Add the CNAME records provided by AWS SES to your DNS settings.
- It may take some time for the DNS changes to propagate.
-
Verify DKIM after adding CNAME records:
- Go back to the AWS SES console.
- Click on the “Verify this record set” button to confirm that the CNAME records have been added correctly.
- Once verified, the DKIM status for your domain should show as “Verified”.
-
Monitor DKIM status:
- Regularly check the DKIM status in the AWS SES console to ensure that it remains verified.
- If there are any issues, follow the instructions provided in the console to troubleshoot and resolve them.
Using CLI
Using CLI
To remediate the misconfiguration of DKIM not being verified in AWS SES using AWS CLI, follow these steps:Replace Replace Replace
- List your verified domains by running the following command:
- Identify the domain for which you want to enable DKIM verification.
- Verify the domain by running the following command:
example.com with your actual domain name.- After verifying the domain, you will receive a set of CNAME records that you need to add to your DNS configuration. These records are used to verify the ownership of the domain.
- Add the CNAME records to your DNS configuration with the values provided by AWS SES.
- Once the DNS changes have propagated, you can enable DKIM verification for the domain by running the following command:
example.com with your actual domain name.- Verify that DKIM verification is enabled for the domain by running the following command:
example.com with your actual domain name.By following these steps, you can remediate the misconfiguration of DKIM not being verified in AWS SES using AWS CLI.Using Python
Using Python
To remediate the misconfiguration of DKIM not being verified for AWS SES using Python, follow these steps:
- Install the AWS SDK for Python (Boto3) by running the following command:
- Create a Python script with the following code snippet to enable DKIM verification for your AWS SES domain:
-
Replace
your_domain_here.comwith your actual SES domain in the code snippet. - Run the Python script using the command line or your preferred Python IDE.
-
Verify that DKIM has been successfully enabled for your SES domain by checking the response from the
verify_domain_dkimAPI call.