Skip to content
By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post
About re:Post

SES Domain & DKIM Verification Failing for gigasamples.com (us-east-1) Despite Correct Public DNS Records

0

Hello,

I am seeking help with a persistent domain verification issue in Amazon SES for the domain gigasamples.com in the us-east-1 region. For several weeks, the Identity status has been stuck as "Unverified" with the error: "The DNS record was found, but the value is not what's expected."

This issue is preventing DKIM from being verified, even though all required DNS records are correctly configured and publicly available.

Troubleshooting Already Performed:

I am using the Easy DKIM method, which uses three CNAME records for both domain and DKIM verification.

I have confirmed with my DNS provider (Cloudflare) that all three CNAME records are set to "DNS only" (not proxied).

I have deleted and recreated the SES domain identity and the corresponding DNS records more than six times over the past few weeks.

I have meticulously checked for typos, hidden characters, or extra spaces in the record names and values.

Definitive Proof of Correct DNS Configuration:

I have used external DNS lookup tools (Google's dig tool) to confirm that all three required CNAME records are resolving correctly across the public internet. The results show a perfect match for the values provided by the SES console.

The required records are:

Name: r7dyhxjg3cv3sj6lu6evbcxowyeurfwq._domainkey.gigasamples.com Value: r7dyhxjg3cv3sj6lu6evbcxowyeurfwq.dkim.amazonses.com

Name: h356ljfu3vojurxcd7kky3ovslrkqw6q._domainkey.gigasamples.com Value: h356ljfu3vojurxcd7kky3ovslrkqw6q.dkim.amazonses.com

Name: ghg5rnijlmqnqtrwo2oxzylkcn25y72r._domainkey.gigasamples.com Value: ghg5rnijlmqnqtrwo2oxzylkcn25y72r.dkim.amazonses.com

[Attach your three screenshots of the successful Google Dig lookups here]

Since the DNS records are demonstrably correct and publicly available, this appears to be an internal issue with the SES verification process.

Could an engineer please investigate why the SES system is failing to recognize these valid records and manually resolve the verification status for gigasamples.com?

Thank you.

Topics
Front-End Web & MobileBusiness ApplicationsNetworking & Content Delivery
Tags
Amazon Simple Email ServiceDomain Name System (DNS)
Language
English
asked a month ago36 views
1 Answer
0

I understand your frustration with the persistent domain verification issue in Amazon SES for gigasamples.com. Based on the information you've provided, here are some insights and potential solutions:

First, it's important to note that AWS cannot manually verify domains or DKIM for security reasons - this is an automated process to ensure proper configuration.

While you've confirmed that your CNAME records are correctly set up and publicly resolvable through DNS lookup tools, there are several additional factors that could be causing the verification failure:

  1. DNS Propagation Time: Although you've been trying for several weeks, in some cases DNS changes can take up to 72 hours to become fully visible to Amazon SES. This is less likely given the time frame, but worth mentioning.

  2. Record Format Issues: Some DNS providers automatically modify records in ways that can cause verification problems:

  • Converting to lowercase letters (SES requires exact matching)
  • Automatically appending the domain name to records
  • Not allowing underscores in DNS record names (required for DKIM)

  1. Nameserver Configuration: Ensure that the nameservers listed in your domain registration match those in your DNS provider. If there's a mismatch, your DNS changes won't be authoritative.

  2. Region-Specific Issues: SES identities are region-specific. Confirm you're creating and checking the identity in the same region (us-east-1).

  3. Cloudflare-Specific Issues: While you mentioned your records are set to "DNS only" (not proxied), Cloudflare sometimes handles DNS records differently than other providers. You might try temporarily using a different DNS provider to rule this out.

Additional troubleshooting steps:

  1. Try using a different DNS lookup tool like MXToolbox's DKIM Validator (https://mxtoolbox.com/dkim.aspx) to verify your DKIM records are resolving correctly.

  2. Check if there are any conflicting records or zones for your domain.

  3. If possible, try verifying a subdomain instead (e.g., mail.gigasamples.com) to see if that works.

If after trying these steps the issue persists, I recommend contacting AWS Support directly, as they can investigate account-specific issues that might be affecting the verification process.
Sources
DKIM Verification Stuck in "Pending" for domain | AWS re:Post
domain identity verification error | AWS re:Post
No CNAME propagation | AWS re:Post

answered a month ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Relevant content