AWS Logo
Menu
Configure SES services with transcription to domain distribution list

Configure SES services with transcription to domain distribution list

"Configure SES services with transcription to domain distribution list" involves setting up Amazon Simple Email Service (SES) to send emails to a domain's distribution list while also enabling transcription services. This setup ensures that emails sent through SES are transcribed and delivered to the specified distribution list, allowing for efficient communication and record-keeping.

Published Jan 8, 2025
In Amazon SES, a verified identity is a domain or email address that you use to send or receive email. Before you can send an email using Amazon SES, you must create and verify each identity that you're going to use as a "From", "Source", "Sender", or "Return-Path" address. Verifying an identity with Amazon SES confirms that you own it and helps prevent unauthorized use. If your account is still in the Amazon SES sandbox, you also need to verify any email addresses which you plan on sending email to, unless you're sending to test inboxes provided by the Amazon SES mailbox simulator. For more information, see Using the mailbox simulator manually.
You can create an identity by using the Amazon SES console or the Amazon SES API. The identity verification process depends on which type of identity you choose to create.

Creating a domain identity description

By whitelisting the domain, you can change or add to future applications over sender email addresses. When you verify a domain identity, you can send email from any subdomain or email address of the verified domain without having to verify each one individually. For example, if you create and verify a domain identity called example.com, you don't need to create separate subdomain identities for a.example.com, a.b.example.com, nor separate email address identities for user@example.com, user@a.example.com, and so on. An email address identity that's using the inherited verification from its domain is limited to straightforward email sending. If you want to do more advanced sending, you'll have to also verify it explicitly as an email address identity. Advanced sending includes using the email address with configuration sets, policy authorizations for delegate sending, and configurations that override the domain settings.
When you create and verify domain and email address identities, consider the following:
· You can send email from any subdomain or email address of the verified domain without having to verify each one individually. For example, if you create and verify an identity for example.com, you don't need to create separate identities for a.example.com, a.b.example.com, user@example.com, user@a.example.com, and so on.
· As specified in RFC 1034, each DNS label can have up to 63 characters, and the whole domain name must not exceed a total length of 255 characters.
· If you verify a domain, subdomain, or email address that shares a root domain, the identity settings (such as feedback notifications) apply at the most granular level you verified.
· Verified email address identity settings override verified domain identity settings.
· Verified subdomain identity settings override verified domain identity settings, with lower-level subdomain settings overriding higher-level subdomain settings.
· For example, assume you verify user@a.b.example.com, a.b.example.com, b.example.com, and example.com. These are the verified identity settings that will be used in the following scenarios:
· Emails sent from user@example.com (an email address that isn’t specifically verified) will use the settings for example.com.
· Emails sent from user@a.b.example.com (an email address that is specifically verified) will use the settings for user@a.b.example.com.
· Emails sent from user@b.example.com (an email address that isn’t specifically verified) will use the settings for b.example.com.
· You can add labels to verified email addresses without performing additional verification steps. To add a label to an email address, add a plus sign (+) between the account name and the "at" sign (@), followed by a text label. For example, if you already verified sender@example.com, you can use sender+myLabel@example.com as the "From" or "Return-Path" address for your emails. You can use this feature to implement Variable Envelope Return Path (VERP). Then you can use VERP to detect and remove undeliverable email addresses from your mailing lists.
· Domain names are case-insensitive. If you verify example.com, you can send from EXAMPLE.com also.
· Email addresses are case sensitive. If you verify sender@EXAMPLE.com, you can't send email from sender@example.com unless you verify sender@example.com as well.

Steps to create a domain identity

1. Sign into the AWS Management Console and open the Amazon SES console at https://console.aws.amazon.com/ses/.
2. In the navigation pane, under Configuration, choose Verified identities.
3. Choose Create identity.
4. Under Identity details, select Domain as the type of identity you want to create. You must have access to the domain’s DNS settings to complete the domain verification process.
5. Enter the name of the domain or subdomain in the Domain field.
Tip:
If your domain is www.example.com, enter example.com as your domain. Don't include the "www." part because the domain verification process won't succeed if you do.
6. Optional) If you want to Assign a default configuration set, select the check box.
For Default configuration set, select the existing configuration set that you want to assign to your identity. If you haven’t created any configuration sets yet, see Using configuration sets in Amazon SES.
Tip:
Amazon SES only defaults to the assigned configuration set when no other set is specified at the time of sending. If a configuration set is specified, Amazon SES applies the specified set in place of the default set.
7. (Optional) If you want to Use a custom MAIL FROM domain, select the check box and complete the following steps. For more information, see Using a custom MAIL FROM domain.
· For MAIL FROM domain, enter the subdomain that you want to use as the MAIL FROM domain. This must be a subdomain of the domain identity that you’re verifying. The MAIL FROM domain shouldn't be a domain from which you send email.
· For Behavior on MX failure, indicate which action Amazon SES should take if it can’t find the required MX record at the time of sending. Choose one of the following options:
· Use default MAIL FROM domain - If the custom MAIL FROM domain's MX record is not set up correctly, Amazon SES will use a subdomain of amazonses.com. The subdomain varies based on the AWS Region in which you use Amazon SES.
· Reject message - If the custom MAIL FROM domain's MX record is not set up correctly, Amazon SES will return a MailFromDomainNotVerified**** error. If you choose this option, emails that you attempt to send from this domain are automatically rejected.
· For Publish DNS records to Route53, if your domain is hosted through Amazon Route 53, you have the option to let SES publish the associated TXT and MX records at the time of creation by leaving Enabled checked. If you'd rather publish these records later, clear the Enabled checkbox. (You can come back later to publish the records to Route 53 by editing the identity - see Editing an existing identity in Amazon SES.)
8. (Optional) To configure customized DKIM-based verification outside of the SES default setting which uses Easy DKIM with a 2048 bit singing length, under Verifying your domain, expand Advanced DKIM settings and choose the type of DKIM you want to configure:
Easy DKIM:
  • In the Identity type field, choose Easy DKIM.
  • In the DKIM signing key length field, choose either RSA_2048_BIT or RSA_1024_BIT.
  • For Publish DNS records to Route53, if your domain is hosted through Amazon Route 53, you have the option to let SES publish the associated CNAME records at the time of creation by leaving Enabled checked. If you'd rather publish these records later, clear the Enabled checkbox. (You can come back later to publish the records to Route 53 by editing the identity - see Editing an existing identity in Amazon SES.)
Provide DKIM authentication token (BYODKIM):
  • Ensure you've already generated a public-private key pair and have added the public key to your DNS host provider. For more information, see Provide your own DKIM authentication token (BYODKIM) in Amazon SES.
  • In the Identity type field, choose Provide DKIM authentication token (BYODKIM).
  • For Private key, paste the private key you generated from your public-private key pair. The private key must use at least 1024-bit RSA encryption and up to 2048-bit, and must be encoded using base64 (PEM) encoding.
  • For Selector name, enter the name of the selector to be specified in your domain’s DNS settings.
Tip:
delete the first and last lines (-----BEGIN PRIVATE KEY----- and -----END PRIVATE KEY-----, respectively.
9. Ensure that the Enabled box is checked in the DKIM signatures field.
10. (Optional) Add one or more Tags to your domain identity by including a tag key and an optional value for the key:
  • Choose Add new tag and enter the Key. You can optionally add a Value for the tag.
  • Repeat for additional tags not to exceed 50 or choose Remove to remove tags.
11. Choose Create identity.
Now that you’ve created and configured your domain identity with DKIM, you must complete the verification process with your DNS provider.
This process requires confirming that you own the domain and the email related to the domain. For using external domain or using a domain configured with Easy DKIM, follow these steps:
From the Publish DNS records table, copy the three CNAME records that appear in this section to be published (added) to your DNS provider. Alternatively, you can choose Download .csv record set to save a copy of the records to your computer.

 

Comments