I'm trying to get DMARC working for the emails I send via Office 365 as well as Amazon SES. It's working for Office 365 because I setup the SPF and DKIM records in my DNS but it's failing for the emails I send via Amazon SES because of a domain alignment error (amazonses.com != mydomain.com). I understand that I need to create a custom MAIL FROM domain, but I'm running into a problem when adding the TXT and MX records to my DNS on Route 53.
The problem is that I use Office 365 for handling all our email, and I already have an MX record for mydomain-com.mail.protection.outlook.com. In Amazon's instructions for creating a custom MAIL FROM domain, it gives this warning:
To successfully set up a custom MAIL FROM domain with Amazon SES, you
must publish exactly one MX record to the DNS server of your MAIL FROM
domain. If the MAIL FROM domain has multiple MX records, the custom
MAIL FROM setup with Amazon SES will fail.
How should I add the new TXT and MX records for the custom MAIL FROM domain if I already have an MX record to allow Office 365 to handle my email?
Best Answer
In Amazon's instructions they're talking a subdomain, not the domain itself. So you'd setup a subdomain like for instance
aws.mydomain.com, which is then the domain from which our SES emails are sent from at least as far as any receiving mail servers are concerned.Note, the SMTP Mail From address that mail servers look at can be different to the From address that users see in their email client, as you can see if you dig into the headers of an email from Amazon. For example, an email might show as coming from
[email protected]in my email client, but the actual mail from address that the server sees is<random characters>@bounces.amazon.co.uk.So you're not adding MX records or SPF records to
mydomain.comwhere you already have it configured for 365, you're adding them toaws.mydomain.comwhich can have completely different records without impacting your root domain.