Amazon SES/ Cognito: Avoid email marked as Junk


We recently setup Amazon SES for sending transactional emails on Cognito for User signup and verification. We have confirmed an email from our domain as verified identify under SES and using that for sending emails.

The problem is that we see the email is still going to the Junk folder. The email content is basic HTML that includes username and temp password.

Here are my questions. Direct answers or user guides/blogs are appreciated!

  1. Do I need to set up DKIM/DMARC/SPF records for this email address? The problem is that the verified email is already setup using Microsoft365-based email server and has its own set of SPF/DKIM/DMARC records.
  2. Is it fine to have an additional record? and would it impact my sending normal emails using the same ID through Outlook?
  3. Does adding a custom FROM mail domain help? I am not sure if I will be allowed to have 2 MX records in my DNS settings.

Note, our reputation metric is currently very high and we have 0 bounces or complaints. Dedicated IP is not an option.


1 Answer

Hi DrSpill.

Here are answers to your questions:

  1. You should. That will cause the validations to pass.
  2. You can have multiple records for DKIM validation. DMARC and SPF are different, you can have only one of each, otherwise the validation will fail. For your SPF record you can include all the domains in the single record. On the DMARC record you can add all the email addresses into a single one, just remember to add mailto: on each of them.
  3. You shouldn't use multiple MX records, I believe with 1 and 2 addressed you'll be all set.

I hope this helps.

profile pictureAWS
answered a year ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions