Moving website assets to a new DNS host requires that you configure your domain records, but not all hosting providers are configured the same. Amazon SES DKIM supplied keys may need to be modified to successfully complete authentication when hosting on Namecheap.

After completing the easy DKIM setup with Amazon SES, the supplied keys must not include your domain in the record, Namecheap will add this for you. This is not immediately obvious and if you are having problems with DKIM authentication this would be the first thing to check.

When properly configured, the domain identity should be confirmed within 24 hours. If you are unable to verify your domain when hosting with Namecheap, the records supplied by Amazon SES may need to be modified, as described below:

Amazon SES Supplied Record
Type: CNAME Record
Name: aaibmnciccddzcvixfozf29hlpfwu43j._domainkey.yourdomain.tld
Value: aaibmnciccddzcvixfozf29hlpfwu43j.dkim.amazonses.com

Notice in the modified Namecheap record below, the domain and tld has been removed from the “Name” field after the word “domainkey.”

Modified Namecheap Record
Type: CNAME Record
Name: aaibmnciccddzcvixfozf29hlpfwu43j._domainkey
Value: aaibmnciccddzcvixfozf29hlpfwu43j.dkim.amazonses.com

Name value does not contain .yourdomain.tld

Why use DKIM?

DomainKeys Identified Mail (DKIM) is an email security standard designed to make sure that an email that claims to have come from a specific domain was indeed authorized by the owner of that domain.

The standard uses public-key cryptography to sign an email with a private key. Recipient servers can then use a public key published to a domain’s DNS to verify that parts of the email have not been modified during the transit.

When you set up Easy DKIM for a domain identity, Amazon SES automatically adds a 2048-bit DKIM key to every email that you send from that identity. You can configure Easy DKIM by using the Amazon SES console, or by using the API.

After you’ve created your domain identity with Easy DKIM, you must complete the verification process with DKIM authentication by copying the following generated CNAME records to publish to your domain’s DNS provider. Detection of these records may take anywhere from 24-72 hours.

What is Amazon SES?

Amazon SES is a cloud email service provider that can integrate into any application for bulk email sending. Businesses are able to keep customers up to date by sending automated emails, such as purchase or shipping notifications, order status updates, and policy change notices.

Routing email through a trusted provider such as Amazon SES helps improve the speed and delivery of company bulk email. This helps to ensure emails from a website or business reach their recipient without being caught up in spam filters.