This article will show you how to set up a sending identity so that Amazon SES generates a public-private key pair and automatically adds a DKIM signature to every message that you send from that identity and how to add the DKIM keys to Authenticate.
The first steps towards authorizing Amazon SES for your domain need to be done in Authenticate.
a. From the Senders section, click on + ADD SENDER FOR [your domain].
b. Choose Amazon SES from the Service Name drop-down, and click ADD.
Note: Amazon SES can authenticate using either SPF or DKIM (or both). In the majority of cases, only DKIM is used.
To set up Easy DKIM for a domain
The procedure in this section shows you how to set up Easy DKIM for your domain. If you setup Easy DKIM for your domain, then you can start sending email from that domain, even if you haven't completed the procedure to verify a domain.
1. Open the Amazon SES console at https://console.aws.amazon.com/ses/.
2. In the navigation pane, under Identity Management, choose Domains.
3. In the list of domains, choose the domain that you want to set up Easy DKIM for.
Note: If you haven't started the verification process for the domain yet, see the procedures at Verifying a domain with Amazon SES.
4. Under DKIM, choose Generate DKIM Settings.
5. Copy the three CNAME records that appear in this section. Alternatively, you can choose Download Record Set as CSV to save a copy of the records to your computer.
The following image shows an example of the DKIM section.
6. Add the CNAME records in Authenticate platform as seen below.
Note: Here's a detailed guide on how to publish and manage DKIM keys in Authenticate: DKIM Key Management in Authenticate
7. Once the DKIM keys are published in Authenticate, the DKIM Verification Status will change to: verified
Amazon SES usually detects changes to your DNS configuration within 72 hours.