SPF Alignment for Amazon SES


Hello everyone.

Emails sent from my website using Amazon SES wind up in Gmail’s junk folders. A spam testing tool reported: Your "from" address does not match your SPF "from" address. Your From domain is: mydomail.com Your SPF MailFrom domain is: us-east-2.amazonses.com

Screenshot of mail that was flagged as Spam by Gmail

Following instructions on how to rectify this, I created & verified an identity for my domain in the Amazon SES panel, published the 3 CNAME record entries in my Cloudflare DNS, then created a “Custom MAIL FROM domain” (mail.mydomain.com) and entered the supplied SPF record in the Cloudflare DNS. According to the instructions I’m following, that is all I need to do in order for my emails to appear as being mailed by mydomain.com

Amazon detected all DNS entries, but mydomain emails are still showing up as mailed-by us-east-2.amazonses.com and signed-by mydomain.com, as a result, going to spam.

Even the test email sent from AWS SES Panel to my personal Gmail account go to Spam folder

Is there something further I need to do? Regards. Marlon

2 Answers

I've just started using SES's Virtual Delivery Manager and I'm getting the 'MAIL FROM record is not aligned' error, which is effectively the same problem. Every email contains two 'from' addresses, 'envelope from' and 'header from.'

The 'header from' field usually contains the email address displayed to the recipient as the expected 'reply to' address.

The 'envelope from' field, often referred to as the 'MAIL FROM,' is a return path, which is the return address hidden in the email message header that instructs mail servers or inbox service providers (ISPs) where to return messages if they bounce. This address is used for email delivery.

In Amazon SES, emails typically come from <mail_id>@<region>.amazonses.com.

Once you've configured a 'Custom MAIL FROM domain' then the email will come from <mail_id>@<custom_mail_from_domain>.

Neither of the domains used in either of these configurations are the same as the 'header from' field domain. This means that I don't think I'll ever be able to resolve the 'MAIL FROM record is not aligned' error.

If you check your email using https://mxtoolbox.com/deliverability/, you should see that there are no issues if everything is configured correctly.

Bear in mind that each email provider uses different spam detection algorithms, so results will vary depending on which service you are sending emails too. Email is delivery isn't a yes/no, true/false game, it varies.

With SPF alignment for DMARC, the 'envelope from/MAIL FROM' field is used not the 'header from,' and with DMARC either SPF or DKIM needs to align for an email to pass the DMARC check.

answered 2 months ago

I solved the the 'MAIL FROM record is not aligned' error by changing the SPF and DKIM alignments in the DMARC record from strict (s) to relaxed (r), i.e. changed adkim=s;aspf=s to adkim=r;aspf=r.

answered 2 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions