This article will show you how to set up a sending identity so that Amazon SES generates a public-private key pair and automatically adds a DKIM signature to every message that you send from that identity.

The procedure in this section shows you how to set up Easy DKIM for your domain. If you setup Easy DKIM for your domain, then you can start sending email from that domain, even if you haven't completed the procedure to verify a domain.

To set up Easy DKIM for a domain

1. Open the Amazon SES console at

2. In the navigation pane, under Identity Management, choose Domains.

3. In the list of domains, choose the domain that you want to set up Easy DKIM for.

Note: If you haven't started the verification process for the domain yet, see the procedures at Verifying a domain with Amazon SES.

4. Under DKIM, choose Generate DKIM Settings.

5. Copy the three CNAME records that appear in this section. Alternatively, you can choose Download Record Set as CSV to save a copy of the records to your computer.

The following image shows an example of the DKIM section.

6. Add the CNAME records to the Valimail Enforce platform.

    Go to your domain's Configuration page in Valimail Enforce and publish the newly created DKIM key.

    a. Click on Add a DKIM key and fill in the info from the newly created Amazon SES keys (one key at a time). Also, make sure you choose the Associated service that the key/s represents.

Note: The selector field needs to contains just the selector of the key, which is everything that exists before the, this case: (hirjd4exampled5477y22yd23ettobiho) is just the formula you use to dig for the key and see if it was published properly.

The CNAME target needs to contains the full value of the DKIM key, in this case: (

7. After you fill in all the DKIM info in the screen above, click on Add.

8. Once the DKIM keys are published, the DKIM Verification Status will change to: verified

Amazon SES usually detects changes to your DNS configuration within 72 hours.