Set up DomainKeys Identified Mail (DKIM) for your domain - Amazon Web Services (AWS) Tutorial

- [Instructor] The first thing that we want to do is add a domain name that we want to send email from into SES. Once you are logged into your AWS console, you'll need to switch to one of the AWS regions that SES runs out of either North Virginia, Oregon or Ireland. Don't worry if your other AWS services are in another region they can still access SES to send email. If you were in the United States and you're sending email to North American recipients pick either North Virginia or Oregon. If you're sending email to a large number of European customers, pick Ireland. In the upper right hand corner of the AWS console you can click to change your region and I'm going to change mine to North Virginia. Then I'll click the services pull down and type simple email service and click on the entry that auto fills. This is the SES console or the Simple Email Service console. You'll need to click on domains underneath identity management and click on verify new domain. I'm going to use a sample domain I have just so I can show you how to get through this first part of the SES setup. For the rest of the course, I'll us a sample company, KinetEco energy with a full WordPress site installed on it that's using its own domain but just for this first part we'll use simpleemailservice.org. You'll need to put in your own domain here and click the Generate DKIM settings box. DKIM stands for DomainKeys Identified Mail and it is a spam prevention technique where your outgoing email server signs your emails so that the receiving email servers can verify that you were really the sender. AWS says that these records are optional, but I would say that they're required. If you're going to send emails where you expect even a reasonable hope that your emails are delivered to your users without these messages being marked as spam, click on the verify this domain button. Amazon will now display some DNS records. You'll need to add to your domain. DNS stands for Domain Name System and it is essentially the phone book of the internet. It looks up domain names like simpleemailservice.org, and it returns pointers to IP addresses and other domains so that your domain name can link to various servers like email servers and web servers. The domain verification record is a TXT record that is required by AWS so they can prove that you own this domain name. A TXT record in your DNS zone file is a special type of record that includes additional information about domain that doesn't necessarily link to another domain or IP address. Think of it like a notes or comments field for your domain. The other set of records below that are the DKIM records. The DKIM records will be created as CNAME type records. CNAME is short for Canonical Name, and it's a DNS record that can point to another domain name record inside or outside of your current domain. In our case, these CNAME records will point outside of our domain to Amazon's SES servers. When you are adding your new CNAME records, make sure to include the period at the end of the server address for the Amazon AWS.com servers. This means that the CNAME record is fully qualified, which means that this value is the full domain name reference and it isn't a reference to another sub domain or record within our current domain. Depending on where you purchased your domain name, your domain registrar might have provided you with default DNS servers and you can usually make changes to your domain names records using a web based tool. If you purchased your domain name from a web hosting service, you can usually log into the control panel provided by your web hosting provider and modify your DNS records there. If you are unsure where to find your DNS settings for your domain, the first place to start would be with the company that charges you for your yearly or every other year domain registration fee. Read through their documentation or reach out to their support for additional help. For simpleemailservice.org, our DNS is hosted by Amazon's Route 53. I'm going to click close and I'm going to switch over to Route 53 by clicking on services, typing Route 53 and clicking on the entry that auto fills. Click on hosted zones and click on your domain. click Create Record Set. In name, your DNS editor might say host paste in the hostname to the TXT verification record. You can see that route 53 will automatically include simpleemailservice.org at the end of the host. So we only need to put in the first part which is _amazonses. click the type pull down and select TXT. In the value, paste in the verification record. Finally, click Create. You can see that the TXT record was created here. Let's do the same thing for the DKIM records. Create Record Set, paste in the first part of the DKIM record. So everything up until it says .simpleemailservice.org. Change the type to CNAME and paste the value of this record into the text box, be sure to include the period at the end of this. For route 53, it'll take this record with or without the period. But for safe measure, I always like putting the period at the end of this server addresses. And click Create. And I'll repeat the same process for the other two DKIM records. Now you can see that my three DKIM records have been created and my TXT verification record has also been created. Once the DNS server changes are submitted, it may take up to 72 hours before AWS can see the changes to your domain. But in most cases, it'll likely take less than an hour too. Now that I've already submitted the changes for simpleemailservice.org, We're going to go forward with the kinetecoenergy.com domain name, but we'll go over how to query your new domain records to verify that you entered them correctly.