By using AWS re:Post, you agree to the Terms of Use

Questions tagged with SaaS on AWS

Sort by most recent
  • 1
  • 12 / page

Browse through the questions and answers listed below or filter and sort to narrow down your results.

Triggering Bring Your Own DKIM (BYODKIM) validation

Hi there, I am using Amazon SES to allow customers to send emails from my SaaS application. Bring Your Own DKIM (BYODKIM) looks like a great solution because it requires a single DNS record for DKIM configuration and the fact that Amazon is used is not visible from DNS values. I followed the official tutorial to create a private and public key (https://docs.aws.amazon.com/ses/latest/dg/send-email-authentication-dkim-bring-your-own.html): ``` openssl genrsa -f4 -out private.key 2048 openssl rsa -in private.key -outform PEM -pubout -out public.key ``` Once done, I have created a new identity with BYODKIM in the dashboard. As a value, I have, again followed the docs: > You have to delete the first and last lines (-----BEGIN PRIVATE KEY----- and -----END PRIVATE KEY-----, respectively) of the generated private key. Additionally, you have to remove the line breaks in the generated private key. The resulting value is a string of characters with no spaces or line breaks. Then, I configured the DNS TXT record on Cloudflare with the value `p=yourPublicKey` where `yourPublicKey` is, again, as the docs says: > When you publish (add) your public key to your DNS provider, it must be formatted as follows: > You have to delete the first and last lines (-----BEGIN PUBLIC KEY----- and -----END PUBLIC KEY-----, respectively) of the generated public key. Additionally, you have to remove the line breaks in the generated public key. The resulting value is a string of characters with no spaces or line breaks. > You must include the p= prefix as shown in the Value column in the table above. A few hours have elapsed, and the DKIM configuration still appears as "Pending" in the dashboard. The TXT records is propagated since hours: I checked with `dig TXT myselector._domainkey.mydomain.com` from several locations. With CNAME records, validation seems to take some minutes at most. What is the expected time for BYODKIM? I mean, does the validation happens only once every X hours or days? Is there really no way to force trigger a check/validation via API for instance? Otherwise, my private or public key maybe have a wrong format. Does Amazon would have displayed a specific error if that's the case? BYODKIM is looking like a great solution for SaaS use cases, but if validation takes several hours or days, that's a kind of killer.
1
answers
1
votes
42
views
asked 3 months ago
  • 1
  • 12 / page