Feature request: The ability to check for a DMARC record in the custom MAIL FROM domain

Hi There

If you are using a custom MAIL FROM domain then SES will use the DMARC record for the custom domain. Please check for a misconfiguration of your SPF, DKIM, and DMARC records. Ensure that those DNS records are in your MAIL FROM subdomain.

For example, if your custom MAIL FROM subdomain is mail.example.com, the DMARC record should be published as a TXT record for _dmarc.mail.example.com.

Hi Matt, thanks for your reply, it looks like SES Deliverability Manager is not recognizing a number of DNS subdomain records, I will be raising a ticket with support whats happening (or not happening in this case). Kind regards Meint

Hi Matt, I raised a ticket with support and this is the response I got back:

"SES VDM advisor recommendations are general recommendations for any domain registered with SES. For your domain “example.com” SPF records have been configured only for the subdomain “secure.example.com” as part of Custom Mail setup. The SPF record for parent domain doesn’t include amazonses.com. Hence VDM will only consider SPF record published for sub domain and not the parent domain. Since SPF checks consider the Mail From Domain and not the From domain and in this case Mail From domain’s “secure.example.com” SPF records are successfully passed, you can ignore the VDM recommendation."

There are no misconfigurations in SPF, DKIM and DMARC as checked by SES support. So it looks like VDM does not carry out the check on the MAIL FROM subdomain? Happy to carry on the conversation via a more private channel where I can share concrete examples.