Amazon Route 53 is a cloud Domain Name System (DNS) web service designed to give developers and businesses a reliable way to route end users to Internet applications. Setting up email authentication protocols, and specifically, AWS DMARC record, helps you protect your email infrastructure and avoid phishing and spoofing attacks.
Check SPF, DKIM, and DMARC
Before you add a new DNS record and start configuring email authentication protocols, you need to first check if the DNS already contains the given records. It’s easy to do by using our DNS lookup tools:
Alternatively, you can use our Domain Scanner to get a bird’s eye view of your domain.
How to Add SPF Record to AWS’s DNS-Route 53
Here’s a step-by-step guide to how to add an SPF record to AWS’s DNS-Route 53.
Step 1. Log into Your Amazon Route 53 Account
To start your AWS’s DNS-Route 53 SPF record setup you need to log into your Amazon Route 53 account.
Step 2. Head to the DNS Management
Head to your Route 53 Dashboard section and navigate to the DNS management (Hosted zone).
Step 3. Click on Your Domain
Once you click on the DNS management (Hosted zone) section, then click on your domain, as shown in the screenshot.
Step 4. Create a Record
Now click on “Create record,” as shown below.
Step 5. Add Your SPF Record Type and Value
Make sure to add your SPF Record type and Value and leave the Record name part empty because, as you can see, your domain is already in place.
For demonstration purposes, we allowed Zoho’s SPF in our DNS zone.
| Record Type | Record Name | Value |
|---|---|---|
| TXT Record | Leave It Empty | v=spf1 include:zoho.com ~all |
Step 6. Add the IPs in the Same Current SPF record
Add the IPs in the same SPF record if you’re using sources that only have an IP address.
| Record Type | Record Name | Value |
|---|---|---|
| TXT Record | Leave It Empty | v=spf1 ip4:169.148.146.23/32 include:zoho.com ~all |
Step 7. Finish your Amazon Route 53 SPF Setup
And finally, to finish your Amazon Route 53 SPF setup, Click “Create records”.
Note: You’re not allowed to use multiple SPF records, as it can result in authentication failure. The solution is to include all of them in your SPF. This is done via the include: mechanism.
How to Add DKIM Record to AWS’s DNS-Route 53
Before we dive into adding DKIM to your Amazon Route 53, it is essential to understand that each email service provider (ESP) has their own DKIM Private/Public Keys. Before you do anything else, go to your account and retrieve the record details (type, name, and value).
We’ll be showing Amazon Route 53 DKIM implementation with a sample record from Zoho Mail.
Step 1. Select Create a Record
First, click “Create record” as shown in the screenshot below.
Step 2. Add your DKIM Record Type, Record Name, and Value
Then you’ll need to add the information you retrieved from Zoho–DKIM Record Type, Record Name, and Value, as shown below.
| Record Type | Record Name | Value |
|---|---|---|
| TXT Record | zmail._domainkey | v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC+BeYApQiIf2makHXZzj/vmRNOkmQXqVu4aKYcNqj5ANGbJNYGROfo63TTlu2KUWootMQ1nHiiKfFODPO6LjUwn3zpmRv7ONmcm40QOysLrv5cGk+l9letBM7DnVqrvHsMOMHVv1q87fy1n4DuqDM/cVKMqaAExyY+yAKZfUfuRQIDAQAB |
Step 3. Finish Your Amazon Route 53 DKIM Setup
To finalize your Amazon Route 53 DKIM setup, click “Create records.” Once this is done, you can test the setup to make sure it is working properly.
How to Add DMARC Record to AWS’s DNS-Route 53
AWS Route 53 DMARC record setup is a similar process to what we’ve already been through.
Step 1. Generate DMARC Record
First, let’s generate the DMARC Record. There are two ways to do so:
- Directly from EasyDMARC’s platform after signing up and adding your domain
- By using EasyDMARC’s DMARC Record Generator tool
Step 2. Add Your DMARC Record to Amazon Route 53
After generating DMARC Record, go to your AmazonRoute 53 account and click ”Create record.”
Step 3. Add your DMARC Record Type, Record Name, and Value
Add your DMARC Record Type, Record Name, and Value to the corresponding fields, as mentioned in the screenshot below.
| Record Type | Record Name | Value |
|---|---|---|
| TXT Record | _dmarc | v=DMARC1;p=none;rua=mailto:[email protected];ruf=mailto:[email protected];fo=1; |
We recommend starting your DMARC Journey in Monitoring mode (p=none). That will help you gather reports, identify, and authenticate legitimate email servers used in your organization. After you work through the source configurations and feel confident that nothing slipped the cracks, enforcing the policy to higher levels (Quarantine and Reject).
Hagop Khatchoian | Technical & Implementation Services, Team Lead
Automate and Simplify your DMARC Journey
Achieve Peace of Mind
Step 4. Finish Your Amazon Route 53 DMARC Setup
Click “Create records” to finish your Amazon Route 53 DMARC setup.
How Can EasyDMARC Help?
EasyDMARC is a powerful and easy-to-use tool that helps businesses protect their domain from malicious activity. It helps you monitor, analyze, and protect your domain from phishing, spoofing, and other malicious activities.
Signing up with EasyDMARC is the best way to automate and simplify your email authentication.
We’re glad you joined EasyDMARC newsletter! Get ready for valuable email security knowledge every week.
You’re already subscribed to EasyDMARC newsletter. Continue learning more about email security with us