I want to remove company.in
domain from the list of verified domains but want to continue sending emails using do-not-reply@company.in
DKIM enabled+verified email identity. To achieve this, I have followed this guide which is pretty straightforward but haven't been successful in the sense that the domain gets removed from the list only for some days(~4) only to show up again in the list of verified domains somehow.
What could be the cause of this auto-magical verification and corresponding fix?
After corresponding with AWS premium support:
Started off by checking your verified identities in the "ap-south-1 - BOM" region of SES and I saw the following 2 identities:
After pulling out CloudTrail logs for DeleteIdentity API in the region "ap-south-1" for the last 90 days. I could see a single API call on "2021-08-31" for the domain "company.in" (exactly as mentioned by you). Also, checking the VerifyDomainIdentity API in the CloudTrail logs for the past 90 days, I was not able to see any.
This confirmed that I deleted the domain successfully on "2021-08-31" and it got re-verified itself on "2021-09-02", 3 days after.
I did a DNS query on your domain "company.in" and was able to identify that Route-53 is the DNS provider. On checking your domain's DNS configuration in Route-53, I was able to see the following 3 DKIM CNAME records published:
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx._domainkey.company.in xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.dkim.amazonses.com
yyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyy._domainkey.company.in yyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyy.dkim.amazonses.com
zzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzz._domainkey.company.in zzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzz.dkim.amazonses.com
Now, coming to the reason for this strange behavior, I would like you to know that if there is a verified email identity of the same domain that was removed, and it has DKIM enabled+verified, then the domain will be automatically added to the verified identities even if you manually remove it. Reason being, one can only have DKIM for domains they own and adding the DKIM record proves ownership, a criteria to verify your domain(s) in SES. Therefore, SES assumes that you are the domain owner due to the DKIM CNAME records published in your domain's DNS records and thus, automatically adds the domain to your SES verified domains.
To mitigate this, there are 2 options:
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.