|« PreviousNext »|
|Did this page help you? Yes | No | Tell us about it...|
Sender Policy Framework (SPF) provides a means for tracing an email message back to the system from which it was sent.
To be SPF-compliant, an email sender publishes one or more DNS records that establish the sending domain's identity. These DNS records are usually specified as TXT (text); they identify a set of hosts that are authorized to send email. After these DNS records are created and published, ISPs can authenticate a host by comparing its IP address with the set of IP addresses specified in the SPF record.
If you want to implement Domain-based Message Authentication, Reporting and Conformance (DMARC), you must enable DKIM. DMARC requires authentication via SPF and/or DKIM to verify your domain. SPF alone will not comply with DMARC because the "Mail From" domain of email sent through Amazon SES is amazonses.com (or a subdomain of that), which is different from your sending domain. Using DKIM enables DMARC to verify your sending domain. For information about how to set up DKIM with Amazon SES, see Authenticating Email with DKIM in Amazon SES.
If your "From" domain already has an SPF record, then you will need to add the following mechanism to it:
If you have an existing SPF record, then you must add this mechanism—otherwise, ISPs that examine "From:" headers might reject email that you send using Amazon SES.
If your "From" domain does not have an SPF record, we recommend that you add one to ensure that ISPs do not reject your email. The following is an example TXT record that you can publish to enable SPF:
"v=spf1 include:amazonses.com -all"
If you use "-all" as shown in the example above, ISPs may block email from IP addresses that are not listed in your SPF record. You therefore must add a record for every IP address that you send email from. As a debugging aid, you can use "~all" instead. When you use "~all", ISPs will typically accept email from IP addresses that are not listed. However, they may flag it. To maximize deliverability, use "-all" and add a record for each IP address.