Blue Matador checks the verification status and DKIM settings for all of your verified SES domains for potential issues.
A verification status of Failed or TemporaryFailure indicates that SES could not verify the domain. Verification can fail in a few ways.
If your DNS provider does not allow underscores in TXT record names, you can omit “amazonses from the TXT record name
If you need to verify the domain multiple times on different AWS accounts, you may have an issue because you can not have multiple TXT records with the same name. There are two workarounds:
Verification can fail if your DNS provider appended the domain name to the end of the TXT record name. For example a name of _amazonses.example.com may result in duplicated domain name, e.g. _amazonses.example.com.example.com
If a domain has been successfully verified, it is recommended to enable and configure DomainKeys Identified Mail (DKIM). DKIM helps ISPs verify that messages are legitimate and have not been tampered with.
If your DKIM verification status is Failed or TemporaryFailure, check your DNS settings with your DNS provider to ensure the appropriate CNAME records are configured.
Amazon makes configuring up DKIM painless if you are using Route53. Even if you do not use Route53, setting up DKIM just requires the addition of some CNAME records with your DNS provider to verify the domain.