Amazon Simple Email Service
Developer Guide (API Version 2010-12-01)

Verifying Domains in Amazon SES

Amazon SES requires that you verify your email address or domain, to confirm that you own it and to prevent others from using it. When you verify an entire domain, you are verifying all email addresses from that domain, so you don't need to verify email addresses from that domain individually. For example, if you verify the domain, you can send email from,, or any other user at

You can manage your verified domains by using the Amazon SES console or the Amazon SES API. For a complete description of API actions related to domain verification, go to the Amazon Simple Email Service API Reference. This section, which demonstrates the actions using the Amazon SES console, contains the following topics:

Important notes about domain verification are as follows:

  • Amazon SES has endpoints in multiple AWS regions, and domain verification applies to each AWS region separately. You must perform the entire domain verification procedure for each region in which you want to send from a given domain. If you want to verify the same domain in multiple regions and your DNS provider does not allow you to have multiple TXT records with the same name, see the workarounds in Common Domain Verification Problems.

  • If you verify a domain with Amazon SES, you can send from any subdomain of that domain without specifically verifying the subdomain. For example, if you verify, you do not need to verify or As specified in RFC 1034, each DNS label can have up to 63 characters and the whole domain name must not exceed a total length of 255 characters.

  • If you verify a domain, subdomain(s), and/or email address(es) that share a root domain, the verified identity settings (such as feedback notifications and Easy DKIM) apply at the most granular level you verified. That is:

    • Verified email address settings override verified domain settings.

    • Verified subdomain settings override verified domain settings, with lower-level subdomain settings overriding higher-level subdomain settings.

    For example, assume you verify,,, and These are the verified identity settings that will be used in the following scenarios:

    • Emails sent from (an address that is not specifically verified) will use the settings for

    • Emails sent from (an address that is specifically verified) will use the settings for

    • Emails sent from (an address that is not specifically verified) will use the settings for

  • Domain names are case-insensitive. If you verify, you can send from also.

  • You can verify as many as 1000 identities (domains and email addresses, in any combination) per AWS account.