Blue Matador checks the verification status and DKIM settings for all of your verified SES domains for potential issues.

    Verification Status

    A verification status of Failed or TemporaryFailure indicates that SES could not verify the domain. Verification can fail in a few ways.

    If your DNS provider does not allow underscores in TXT record names, you can omit “amazonses from the TXT record name

    If you need to verify the domain multiple times on different AWS accounts, you may have an issue because you can not have multiple TXT records with the same name. There are two workarounds:

    • If your DNS provider supports it, enter multiple values for the TXT record. This is supported by Route53.
    • If you only need to verify the same domain exactly twice, you can create one record with a name containing _amazonses and one without it.

    Verification can fail if your DNS provider appended the domain name to the end of the TXT record name.  For example a name of may result in duplicated domain name, e.g.


    DKIM Verification

    If a domain has been successfully verified, it is recommended to enable and configure DomainKeys Identified Mail (DKIM). DKIM helps ISPs verify that messages are legitimate and have not been tampered with.

    If your DKIM verification status is Failed or TemporaryFailure, check your DNS settings with your DNS provider to ensure the appropriate CNAME records are configured.

    Amazon makes configuring up DKIM painless if you are using Route53. Even if you do not use Route53, setting up DKIM just requires the addition of some CNAME records with your DNS provider to verify the domain.