DKIM Verification Stuck in "Pending" for domain

Question

Hi AWS Team,

I have configured DKIM for my domain in Amazon SES, but it has been stuck in "Verification Pending" for more than 48 hours.

- The three required DKIM CNAME records are correctly added in Route 53.
- Route 53 NS records match the domain's registered settings.
- DNS propagation tests (dig/nslookup/MXToolbox) show that DKIM CNAME records are not resolving globally.
- SES has not verified DKIM even after disabling and re-enabling it.

Could AWS manually verify DKIM for this domain?

Thanks.

re:Post Agent · Answer

I understand your frustration with the DKIM verification process being stuck in "Pending" status for your domain in Amazon SES. While AWS cannot manually verify DKIM for your domain, I can provide some insights and suggestions to help resolve this issue:

1. Time factor: Although you've waited for 48 hours, in some rare cases, it can take up to 72 hours for the DNS records to become visible to Amazon SES. I would recommend waiting for the full 72-hour period before taking further action.

2. DNS record configuration: You mentioned that the DKIM CNAME records are correctly added in Route 53, which is good. However, it's worth double-checking that the record names are exactly as specified by Amazon SES. Some DNS providers automatically append the domain name to records, which can cause issues. For example, if you created a record with the name "example._domainkey.example.com", make sure it hasn't been unintentionally changed to "example._domainkey.example.com.example.com".

3. DNS propagation: You noted that DNS propagation tests show that the DKIM CNAME records are not resolving globally. This could be the root cause of the verification delay. You may want to investigate why the records are not propagating correctly. Consider checking with Route 53 support to ensure there are no issues with your DNS configuration.

4. Disabling and re-enabling DKIM: While you've already tried this step, it's worth noting that if you disable and then re-enable DKIM, you'll need to republish the DNS records within the specified time frame. Make sure you've done this after re-enabling DKIM.

5. Verification process: Amazon SES will continue to search for the DKIM records in your DNS configuration for up to 72 hours. During this time, the status will remain as "Pending". If SES is unable to detect the records within this timeframe, the status will change to "Failed".

If after 72 hours the status is still "Pending" or changes to "Failed", you may need to restart the verification process from the beginning. This would involve removing the existing DKIM records and setting up DKIM again in Amazon SES.

Unfortunately, AWS cannot manually verify DKIM for your domain as this is an automated process to ensure security and proper configuration. If the issue persists after trying these steps and waiting the full 72 hours, I recommend contacting AWS Support for further assistance, as they may be able to provide more specific guidance based on your account and domain configuration.  
**Sources**  
[Troubleshooting DKIM problems in Amazon SES - Amazon Simple Email Service](https://docs.aws.amazon.com/ses/latest/DeveloperGuide/troubleshoot-dkim.html)  
[Troubleshooting DKIM problems in Amazon SES - Amazon Simple Email Service](https://docs.aws.amazon.com/ses/latest/dg/troubleshoot-dkim.html)  
[DkimAttributes - Amazon Simple Email Service](https://docs.aws.amazon.com/ses/latest/APIReference-V2/API_DkimAttributes.html)  
[DkimAttributes - Amazon Pinpoint Email Service](https://docs.aws.amazon.com/pinpoint-email/latest/APIReference/API_DkimAttributes.html)

Gary Mclean · Answer

It’s highly likely it’s a DNS issue.

Please use https://mxtoolbox.com/dkim.aspx to make sure your DNS is working.

If your unable to resolve via that site, you have a DNS issue.

DKIM Verification Stuck in "Pending" for domain

Add your answer

Relevant content