SPF if Amazon SES is used as relayhost

0

We operate several EC2 instances with changing public IPv4 addresses (instances are launched on demand). These instances use Amazon SES as their "relayhost" (postfix configuration). This all works perfectly fine with SMTP SASL auth and the email sender domain is a verified identity in SES. SES also adds DKIM records to all outgoing mails.

Assuming these EC2 instances are the only hosts generating emails using a specific sender domain, how should the SPF record of that domain look like? Is the following sufficient or do I have to also add the hosts as the servers that generate the emails?

v=spf1 include:amazonses.com -all

Yarpen
asked 6 months ago150 views
2 Answers
0
Accepted Answer

Since EC2 are using SES SMTP interface to send mail, specifying amazonses.com is sufficient as per documentation

I noticed you have implemented DKIM and SPF. If you have not, I suggest you implement DMARC as well.

As I understand, Yahoo and Gmail are mandating DMARC for mails beginning Feb 2024.

AWS
EXPERT
MikeLim
answered 6 months ago
profile pictureAWS
EXPERT
reviewed 6 months ago
0

Perfect answer and perfect reference to the documentation 👍 I must have missed that. Thanks @Mike_L.

Yes, we want to go all the way including BIMI. This includes SPF, DKIM and DMARC but I got stuck at SPF 🙈 Thanks for your clarification.

Yarpen
answered 6 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions