Amazon Simple Email Service (SES) | Authentication, Validation, and Configuration Flashcards
Can I encrypt email messages that I receive?
Authentication, Validation, and Configuration
Amazon Simple Email Service (SES) | Customer Engagement
Amazon SES integrates with AWS Key Management Service (KMS) to optionally encrypt the mail that it writes to your Amazon S3 bucket. You can either use the default Amazon SES KMS master key in your account for encryption, which does not require additional setup, or you can set up a new master KMS key that grants the Amazon SES service principal permission to generate data keys. Amazon SES uses client-side encryption to encrypt your mail prior to writing it to Amazon S3. This means that it is necessary for you to decrypt the content on your side after retrieving the mail from Amazon S3. The AWS Java SDK and AWS Ruby SDK provide a client that is able to handle the decryption for you.
Do I need to set up reverse DNS records in order to use Amazon SES?
Authentication, Validation, and Configuration
Amazon Simple Email Service (SES) | Customer Engagement
Amazon SES users do not need to set up reverse DNS records. Amazon Web Services manages the IP addresses used by Amazon SES, and provides reverse DNS records for these addresses.
Does Amazon SES support Sender Policy Framework (SPF)?
Authentication, Validation, and Configuration
Amazon Simple Email Service (SES) | Customer Engagement
Amazon SES supports SPF. You may or may not need to publish an SPF record, depending on the ways in which you are using Amazon SES to send email.
If you do not need to comply with Domain-based Message Authentication, Reporting and Conformance (DMARC) using SPF, you do not need to publish an SPF record to pass SPF authentication because by default, Amazon SES sends your emails from a MAIL FROM domain is owned by Amazon.
If you want to comply with DMARC using SPF, you must set up Amazon SES to use your own MAIL FROM domain and publish an SPF record.
Does Amazon SES support Domain Keys Identified Mail (DKIM)?
Authentication, Validation, and Configuration
Amazon Simple Email Service (SES) | Customer Engagement
Amazon SES supports DKIM. If you have enabled and configured Easy DKIM, Amazon SES will sign outgoing messages using DKIM on your behalf. If you prefer, you can also DKIM-sign your email yourself. To ensure maximum deliverability, there are a few DKIM headers that you should not sign. For more information, see Manual DKIM Signing in Amazon SES in the Amazon SES Developer Guide.
Can emails from Amazon SES comply with DMARC?
Authentication, Validation, and Configuration
Amazon Simple Email Service (SES) | Customer Engagement
With Amazon SES, your emails can comply with DMARC through SPF, DKIM, or both.
Does Amazon SES send email over an encrypted connection using Transport Layer Security (TLS)?
Authentication, Validation, and Configuration
Amazon Simple Email Service (SES) | Customer Engagement
If the receiving mail server advertises the STARTTLS extension, Amazon SES will attempt to upgrade the connection to a TLS connection. If that fails, Amazon SES will send the email as plain text.