Solved

Amazon SES (Simple Email System)

Posted on 2012-03-20
4
1,032 Views
Last Modified: 2012-03-22
Hello,

I am wanting to switch over to Amazon SES to deliver our distribution lists.  However, we have a from address that we send the emails from to the subscribers that have subscribed from that domain.  However, the actual email is being sent from an entirely different domain.  For example, the email is orders@abc.com but the email is being sent from def.com.

So looking at the guidelines they want the dns records to maintain both spf and sender id records.

My question is how to configure them so that this issue doesn't present a problem?  Which I found at http://www.openspf.org/SPF_vs_Sender_ID

********
If you have published an v=spf1 policy to protect the use of your domain in the MAIL FROM and HELO addresses, Sender ID implementations that apply your policy to PRA (per RFC 4406) will reject your mail if you use your domain in the "From" (or generally PRA) header field while sending from (MAIL FROM) another system.

Thanks,

Randal
0
Comment
Question by:sharingsunshine
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
4 Comments
 
LVL 21

Accepted Solution

by:
Papertrip earned 500 total points
ID: 37744696
You need to create an SPF record in DNS for abc.com to include the sending servers of def.com

Here is a link for Amazon SES

If only Amazon will be sending:
"v=spf1 include:amazonses.com -all"

If server 1.2.3.4 also needs to send:
"v=spf1 ip4:1.2.3.4 include:amazonses.com -all"

Your SPF record needs to contain all of the IP's that will be sending mail from abc.com and is a TXT record at the domain apex.  Keep in mind this applies to the envelope-from, not the body-from.  Most receiving servers do not check SPF against HELO and do not check Sender ID.
0
 

Author Comment

by:sharingsunshine
ID: 37744916
Thanks for the quick response.  Given the above scenario how will I include a Sender Id record that won't conflict.  I appreciate you saying most receiving servers don't check Sender Id but Amazon wants both records set up.

Also, please explain further this statement - is a TXT record at the domain apex.

What does domain apex mean?
0
 
LVL 21

Expert Comment

by:Papertrip
ID: 37744941
Given the above scenario how will I include a Sender Id record that won't conflict
It won't conflict, just add it alongside your SPF record
"spf2.0/pra include:amazonses.com -all"

Open in new window


Also, please explain further this statement - is a TXT record at the domain apex.
DNS resource record type is TXT and domain or zone apex is the "root" of your domain, in this case abc.com (your sending domain).  If you were to send from a subdomain of abc.com in the future it would need its own SPF record.
0
 

Author Closing Comment

by:sharingsunshine
ID: 37752816
Thanks for your help.
0

Featured Post

NFR key for Veeam Backup for Microsoft Office 365

Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article explains how a domain name may be inadvertently appended to all DNS queries. This exhibits as described below. (CODE)And / Or: (CODE) Cause This issue can occur in either of these two scenarios. EITHER 1. A Primary DNS S…
BIND is the most widely used Name Server. A Name Server is the one that translates a site name to it's IP address. There is a new bug in BIND (https://kb.isc.org/article/AA-01272), affecting all versions of BIND 9 from BIND 9.1.0 (inclusive) thro…
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
There's a multitude of different network monitoring solutions out there, and you're probably wondering what makes NetCrunch so special. It's completely agentless, but does let you create an agent, if you desire. It offers powerful scalability …

728 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question