Menu
Amazon Simple Email Service
Developer Guide

Setting a MAIL FROM Domain with Amazon SES

This topic contains an overview of the custom MAIL FROM setup process, and then walks you through the procedure using the Amazon SES console.

Note

You can use the same MAIL FROM address in multiple AWS regions. For more information, see Regions and Amazon SES.

Overview of the Setup Process

Setting up a MAIL FROM domain for a verified identity consists of the following three steps:

  1. You use the Amazon SES console or API to configure the identity to use a MAIL FROM domain that you specify.

  2. You publish an MX record to the DNS server of the MAIL FROM domain. Amazon SES provides you with this record during the setup process. For example, if you are configuring identity example.com to use the MAIL FROM domain bounce.example.com in the US West (Oregon) region, Amazon SES will provide you with the following MX record settings:

    Name Type Value

    bounce.example.com

    MX

    10 feedback-smtp.us-west-2.amazonses.com

    The endpoint in the record value depends on the AWS region. For a list of feedback endpoints for all AWS regions, see Custom MAIL FROM Domains.

  3. (Optional) If you want your emails to pass Sender Policy Framework (SPF) checks, you must publish an SPF record to the DNS server of the custom MAIL FROM domain. Amazon SES provides you with this record during the setup process. The SPF record for MAIL FROM domain bounce.example.com would have the following settings:

    Name Type Value

    bounce.example.com

    TXT

    "v=spf1 include:amazonses.com -all"

    For further details on setting up SPF records, see Authenticating Email with SPF in Amazon SES.

Setup Procedure Details

The following procedures show how to use the Amazon SES console to configure a verified email address or domain to send emails using a specified MAIL FROM domain. If you want to use the Amazon SES API instead, see the SetIdentityMailFromDomain API in the Amazon Simple Email Service API Reference.

To configure a verified email address to use a specified MAIL FROM domain

  1. Go to your verified email address list in the Amazon SES console, or follow these instructions to navigate to it:

    1. Sign in to the AWS Management Console and open the Amazon SES console at https://console.aws.amazon.com/ses/.

    2. In the navigation pane, under Identity Management, choose Email Addresses.

  2. In the verified email address list, confirm that the status of the email address for which you want to set the MAIL FROM domain is verified. If the status is failure, choose retry and then click the link within the verification email you receive in your email client. Otherwise, choose the email address and continue this procedure.

  3. In the details pane of the verified email address, expand MAIL FROM Domain.

  4. Choose Set MAIL FROM Domain.

  5. In the Set MAIL FROM Domain dialog box, type the name of the MAIL FROM domain that you want to use. Note that this must be a subdomain of the domain of the verified email address.

  6. Later in this procedure, you must publish an MX record to the DNS server of the custom MAIL FROM domain. Here, for Behavior if MX record not found, choose what you want Amazon SES to do if it cannot successfully read that record when you send an email. You have the following options:

    • Use default Amazon SES value—If the custom MAIL FROM domain's MX record is not set up correctly, Amazon SES will use the default MAIL FROM domain (amazonses.com or a subdomain of amazonses.com).

    • Reject message—If the custom MAIL FROM domain's MX record is not set up correctly, Amazon SES will return a MailFromDomainNotVerified error and not send the email.

  7. Choose Set MAIL FROM Domain.

  8. Next, you must publish an MX record to the DNS server of the custom MAIL FROM domain.

    Important

    To successfully set up a custom MAIL FROM domain with Amazon SES, you must publish exactly one MX record to the DNS server of your MAIL FROM domain. If the MAIL FROM domain has multiple MX records, the custom MAIL FROM setup with Amazon SES will fail.

    1. If Amazon Route 53 provides the DNS service for your MAIL FROM domain, and you are signed in to the AWS Management Console under the same account that you use for Amazon Route 53, then choose Publish Records Using Route 53 if you want to publish the MX record and/or SPF record from within the Amazon SES console.

    2. If your MAIL FROM domain does not use Amazon Route 53, then you must publish the displayed MX record to the MAIL FROM domain's DNS server yourself. The procedure for adding an MX record to your domain's DNS server depends on who provides your DNS service; please see the documentation for your DNS service. After Amazon SES detects the record, emails you send from this verified email address will use the specified MAIL FROM domain. Until then, Amazon SES will either use the default MAIL FROM domain or reject the message, depending on the preferences you specified earlier in this procedure. Amazon SES can take up to 72 hours to detect your MX record.

  9. (Optional) If you want Sender Policy Framework (SPF) checks to succeed, you must publish an SPF record to your MAIL FROM domain's DNS server to show receiving mail servers that you have authorized Amazon SES to send email on behalf of your domain. For more information, see Authenticating Email with SPF in Amazon SES.

To configure a verified domain to use a specified MAIL FROM domain

  1. Go to your verified domain list in the Amazon SES console, or follow these instructions to navigate to it:

    1. Sign in to the AWS Management Console and open the Amazon SES console at https://console.aws.amazon.com/ses/.

    2. In the navigation pane, under Identity Management, choose Domains.

  2. In the verified domain list, confirm that the status of the domain for which you want to set the MAIL FROM domain is verified. If the status is failure, choose retry and then add the displayed TXT record to your DNS server, as described in Amazon SES Domain Verification TXT Records. Otherwise, choose the domain and continue this procedure.

  3. In the details pane of the verified domain, expand MAIL FROM Domain.

  4. Choose Set MAIL FROM Domain.

  5. In the Set MAIL FROM Domain dialog box, type the name of the MAIL FROM domain that you want to use. Note that this must be a subdomain of the verified domain.

  6. Later in this procedure, you must publish an MX record to the verified domain's DNS server. Here, for Behavior if MX record not found, choose what you want Amazon SES to do if it cannot successfully read that record when you send an email. You have the following options:

    • Use default Amazon SES value—If the custom MAIL FROM domain's MX record is not set up correctly, Amazon SES will use the default MAIL FROM domain (amazonses.com or a subdomain of amazonses.com).

    • Reject message—If the custom MAIL FROM domain's MX record is not set up correctly, Amazon SES will return a MailFromDomainNotVerified error and not send the email.

  7. Choose Set MAIL FROM Domain.

  8. Next, you must publish an MX record to the DNS server of the custom MAIL FROM domain.

    Important

    To successfully set up a custom MAIL FROM domain with Amazon SES, you must publish exactly one MX record to the DNS server of your MAIL FROM domain. If the MAIL FROM domain has multiple MX records, the custom MAIL FROM setup with Amazon SES will fail.

    1. If Amazon Route 53 provides the DNS service for your MAIL FROM domain, and you are signed in to the AWS Management Console under the same account that you use for Amazon Route 53, then choose Publish Records Using Route 53 if you want to publish the MX record and/or SPF record from within the Amazon SES console.

    2. If your MAIL FROM domain does not use Amazon Route 53, then you must publish the displayed MX record to the MAIL FROM domain's DNS server yourself. The procedure for adding an MX record to your domain's DNS server depends on who provides your DNS service; please see the documentation for your DNS service. After Amazon SES detects the record, emails you send from this verified domain will use the specified MAIL FROM domain. Until then, Amazon SES will either use the default MAIL FROM domain or reject the message, depending on the preferences you specified earlier in this procedure. Amazon SES can take up to 72 hours to detect your MX record.

  9. (Optional) If you want Sender Policy Framework (SPF) checks to succeed, you must publish an SPF record to your MAIL FROM domain's DNS server to show receiving mail servers that you have authorized Amazon SES to send email on behalf of your domain. For more information, see Authenticating Email with SPF in Amazon SES.