Amazon SES requires special configuration actions outside of Authenticate. Please follow these steps to complete configuration for Amazon SES, and then return to your automation-guided task list in Authenticate.

This article will show you how to set up a sending identity so that Amazon SES generates a public-private key pair and automatically adds a DKIM signature to every message that you send from that identity and how to add the DKIM keys to Authenticate.

The first steps towards authorizing Amazon SES for your domain need to be done in Authenticate.

1. Make sure you have added Amazon SES as an Approved Sender in Authenticate for the domain you are configuring it for.

Note: If Amazon SES has not been approved, please do so now by following the steps below: 

a. From the Senders section, click on + ADD SENDER FOR [your domain].

b. Choose Amazon SES from the Service Name drop-down, and click ADD.

Note: Amazon SES can authenticate using either SPF or DKIM (or both). In the majority of cases, only DKIM is used.

To set up Easy DKIM for a domain

The procedure in this section shows you how to set up Easy DKIM for your domain. If you setup Easy DKIM for your domain, then you can start sending email from that domain, even if you haven't completed the procedure to verify a domain.

1. Open the Amazon SES console at

2. In the navigation pane, under Identity Management, choose Domains.

3. In the list of domains, choose the domain that you want to set up Easy DKIM for.

Note: If you haven't started the verification process for the domain yet, see the procedures at Verifying a domain with Amazon SES. 

4. Under DKIM, choose Generate DKIM Settings.

5. Copy the three CNAME records that appear in this section. Alternatively, you can choose Download Record Set as CSV to save a copy of the records to your computer.

The following image shows an example of the DKIM section.

6. Add the CNAME records in Authenticate platform as seen below.

Note: Here's a detailed guide on how to publish and manage DKIM keys in Authenticate: DKIM Key Management in Authenticate

7. Once the DKIM keys are published in Authenticate, the DKIM Verification Status will change to: verified

Amazon SES usually detects changes to your DNS configuration within 72 hours.