Jump to content


Photo

Amazon SES


  • Please log in to reply
2 replies to this topic

#1 James

James
  • Members
  • 30 posts

Posted 05 July 2018 - 07:59 AM

Morning,

 

I did a few searches here for amazon ses but I only found people asking it to be removed from zero hour intent.

 

We have some legitimate email getting blocked coming from randomnumber@amazonses.com that we need to allow and I was wondering how others handle these.

 

Do you whitelist the domain? I'm not sure I want to do that. Curious what others are doing.

 

Thanks



#2 Paladin IT taff

Paladin IT taff
  • Members
  • 5 posts

Posted 21 October 2018 - 01:53 AM

James,

 

Did you ever figure this out?  We ended up whitelisting the entire amazonses.com domain, which is not ideal.  

 

Nelson M



#3 Chris Olesch

Chris Olesch
  • Members
  • 1 posts

Posted 11 December 2018 - 05:50 PM

James,

 

I too am looking for a good solution to this. After reading what amazon says, it looks to boil down to this: "If you want to comply with DMARC using SPF, you have to set up Amazon SES to use your own MAIL FROM domain and publish an SPF record." See the AWS SES FAQ for more info.

 

 

I'm currently testing my solution:

Content Rule to whitelist if found in the header: (?i)(\w|^)(DKIM-Signature\:)[^"]+d=(zerto\.com|myworkboard\.com|adobe\.com|amazon\.com)

 

Regex101.com Verified to match the following examples:

DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/simple; s=eaxkvsyelrnxjh4cicqyjjmtjpetuwjx; d=amazon.com

or

DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/simple; s=a5rqqfynqptdeegy7zn55uol6nemnabp; d=myworkboard.com;

or

DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/simple; s=fdvdxe5ofj4v47yx4t4275clv7bhlfrz; d=zerto.com;

or

DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/simple; s=u2eo3bxsv5kuml2bgbuudbwzuawyzw55; d=adobe.com;

 

 

 

Chris O.