Amazon SES DKIM verification got deleted

Radu C

New Member
Hi all,
I know it's not related to MailWizz, but I know many of you are using Amazon SES, that's why I am asking here.
I have added DKIM values to DNS for my domain and after they got approved, 4-5 days later I receive an email from Amazon SES saying that they can't find anymore my DKIM records.

That's what I see in my Amazon SES Domains page.
DKIM Verification Status: pending revocation

I use VestaCP on Linode VPS.

Has anyone encountered this problem before?

Thanks!
 

frm.mwz

Well-Known Member
Hi all,
I know it's not related to MailWizz, but I know many of you are using Amazon SES, that's why I am asking here.
I have added DKIM values to DNS for my domain and after they got approved, 4-5 days later I receive an email from Amazon SES saying that they can't find anymore my DKIM records.

That's what I see in my Amazon SES Domains page.
DKIM Verification Status: pending revocation

I use VestaCP on Linode VPS.

Has anyone encountered this problem before?

Thanks!

Have you followed all instructions and tested how their part and your part are supposed to work together?
 

Radu C

New Member
Have you followed all instructions and tested how their part and your part are supposed to work together?

That's the email I received from them:

Amazon SES detected that the CNAME records required for the DKIM setup of mydomain.com are no longer present in your DNS settings.
To protect your email deliverability, we have temporarily disabled DKIM signing for emails originating from
mydomain.com.
If the removal of the CNAME records was intentional, you do not need to take any additional action. In 5 days, mydomain.com will no longer be considered to be configured for the purpose of DKIM signing.
If it was unintentional, please restore the CNAME records to your DNS settings within 5 days. Once we confirm the presence of the CNAME records, we will re-enable DKIM signing.
Please note that the settings for individually verified email addresses override domain-level settings. For example, if you enable DKIM signing for a verified domain but disable DKIM signing for a verified email address in that domain, then emails from that email address will not be DKIM-signed.
For DKIM troubleshooting information, see http://docs.aws.amazon.com/ses/latest/DeveloperGuide/DKIM-problems.html .
Please note that this email only relates to the US East (N. Virginia) region.
Thank you for using Amazon SES!

Thing is, without touching anything (on server side and Amazon account), Amazon SES can't find my CNAME records...
 

frm.mwz

Well-Known Member
Thing is, without touching anything (on server side and Amazon account), Amazon SES can't find my CNAME records...
Not sure what you mean exactly.
It is possible though, that they could not reach your cname temporarily, or that there is some other error, so just go through the procedure of checking if all is in place and working. You can check cname and other dns stuff at e.g. www.whatsmydns.net
 

Radu C

New Member
Not sure what you mean exactly.
It is possible though, that they could not reach your cname temporarily, or that there is some other error, so just go through the procedure of checking if all is in place and working. You can check cname and other dns stuff at e.g. www.whatsmydns.net
I wanted to say that after Amazon SES initially confirmed my DKIM signature, few days later I received that email saying they can't find my CNAME records to validate the DKIM signature and they are going to remove it. After 4 days (which is today) I deleted the CNAME records and added them back. After 30min Amazon recognized them.
Strange....Not sure if it's a VestaCP bug or AmazonSES bug. But now it's working :)
 

frm.mwz

Well-Known Member
I wanted to say that after Amazon SES initially confirmed my DKIM signature, few days later I received that email saying they can't find my CNAME records to validate the DKIM signature and they are going to remove it. After 4 days (which is today) I deleted the CNAME records and added them back. After 30min Amazon recognized them.
Strange....Not sure if it's a VestaCP bug or AmazonSES bug. But now it's working :)
Sounds like a temporary error that hampered proper remote DKIM detection and triggered change in status. Have you asked them (or Google) how oft that happens? Seems this could happen with any third party smtp with such DKIM settings. Would be interesting to have stats for all of them re this and related failures. Please post if you find any!
 

Radu C

New Member
I checked forums and google and couldn't find much. At least nothing relevant...just few folks with the same problem which they solved in the end by re-adding the CNAME records. If I find out something new, I will post an update.
 
Top