By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post
About re:Post

HIGH importance DMARC warning for WorkMail domain that cannot be removed

0

Hello!

I'm experiencing an issue I cannot understand - I have a persistent HIGH importance DMARC configuration warning for my WorkMail domain (h......awsapps.com) that I cannot resolve.

Details:

  • I have successfully configured DMARC, SPF, and DKIM for my primary domain (h......ai)
  • All emails sent from both Amazon SES and WorkMail are now properly authenticating with my custom MAIL FROM domain (mail.h.....ai)
  • Email headers confirm that authentication is passing for SPF, DKIM, and DMARC
  • Despite this, I continue to see a HIGH importance warning in the SES console about DMARC configuration issues for h......awsapps.com

My understanding is that the h.......awsapps.com domain is automatically created and managed by WorkMail, and I cannot remove it. Since I'm only sending emails from my primary domain, this warning seems unnecessary but cannot be dismissed.

Questions:

  1. Is there a way to properly configure DMARC for the WorkMail domain without interfering with existing WorkMail functionality? Because AWS recommend only one custom mail record domain....
  2. If the domain is working as intended, is there a way to suppress this warning?
  3. Is this a known issue with WorkMail domains showing DMARC warnings even when not actively used for sending emails?

I guess I can just ignore it, but it's annoying and seems silly of AWS to show it, if it's not relevant or cannot be fixed.

Thank you for any help/advice.

Gareth.

Topics
Networking & Content DeliveryFront-End Web & MobileBusiness Applications
Tags
Amazon Route 53Amazon Simple Email ServiceAmazon WorkMail
Language
English
Gareth C
asked 12 days ago41 views
1 Answer
0
Accepted Answer

Hi Gareth,

Thank you for reporting this issue. Since you're not using the .awsapps.com domain which is not recommended you can safely ignore the warnings and it will not impact mail sent from your organization.

To further answer your questions:

  1. No you will not be able to properly configure DMARC as you don't have access to the domain records.
  2. The awsapps.com domain is added as a test domain and only intended for testing. DMARC is not required for testing.
  3. I will forward this to the server team to see if the warnings can be suppresses for the awsapps.com domain.

Kind regards, Robin

AWS
EXPERT
robinkaws
answered 11 days ago
profile pictureAWS
EXPERT
Jordan Sandri
reviewed 10 days ago
  • Gareth C
    11 days ago

    amazing - thanks Robin. It just led me on a bit of a wild goose chase for a bit. And yes, I assumed I could just ignore once I had tested my config. Thanks again, Gareth

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content