How to Add SPF, DKIM, and DMARC Record to AWS’s DNS-Route 53 | EasyDMARC

How to Add SPF, DKIM, and DMARC Record to AWS’s DNS-Route 53

5 Min Read
How to Add SPF DKIM DMARC Record to AWSs DNS Route 53

Amazon Route 53 is a cloud Domain Name System (DNS) web service designed to give developers and businesses a reliable way to route end users to Internet applications. Setting up email authentication protocols, and specifically, AWS DMARC record, helps you protect your email infrastructure and avoid phishing and spoofing attacks.

Check SPF, DKIM, and DMARC

Before you add a new DNS record and start configuring email authentication protocols, you need to first check if the DNS already contains the given records. It’s easy to do by using our DNS lookup tools:

Alternatively, you can use our Domain Scanner to get a bird’s eye view of your domain.

How to Add SPF Record to AWS’s DNS-Route 53

Here’s a step-by-step guide to how to add an SPF record to AWS’s DNS-Route 53.

Step 1. Log into Your Amazon Route 53 Account

To start your AWS’s DNS-Route 53 SPF record setup you need to log into your Amazon Route 53 account.

Step 2. Head to the DNS Management 

Head to your Route 53 Dashboard section and navigate to the DNS management (Hosted zone).

Step 3. Click on Your Domain

Once you click on the DNS management (Hosted zone) section, then click on your domain, as shown in the screenshot.

Step 4. Create a Record

 Now click on “Create record,”  as shown below.

Step 5. Add Your SPF Record Type and Value 

Make sure to add your SPF Record type and Value and leave the Record name part empty because, as you can see, your domain is already in place.

For demonstration purposes, we allowed Zoho’s SPF in our DNS zone.

Record TypeRecord NameValue
TXT RecordLeave It Emptyv=spf1 ~all
SPF record details

Step 6. Add the IPs in the Same Current SPF record

Add the IPs in the same SPF record if you’re using sources that only have an IP address.

Record TypeRecord NameValue
TXT RecordLeave It Emptyv=spf1 ip4: ~all
SPF record details

Step 7. Finish your Amazon Route 53 SPF Setup

And finally, to finish your Amazon Route 53 SPF setup, Click “Create records”.

Note: You’re not allowed to use multiple SPF records, as it can result in authentication failure. The solution is to include all of them in your SPF. This is done via the include: mechanism.

How to Add DKIM Record to AWS’s DNS-Route 53

Before we dive into adding DKIM to your Amazon Route 53, it is essential to understand that each email service provider (ESP) has their own DKIM Private/Public Keys. Before you do anything else, go to your account and retrieve the record details (type, name, and value).

We’ll be showing Amazon Route 53 DKIM implementation with a sample record from Zoho Mail.

Step 1. Select Create a Record

First, click “Create record” as shown in the screenshot below.

Step 2. Add your DKIM Record Type, Record Name, and Value

Then you’ll need to add the information you retrieved from Zoho–DKIM Record Type, Record Name, and Value, as shown below.

Record TypeRecord NameValue
TXT Recordzmail._domainkeyv=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC+BeYApQiIf2makHXZzj/vmRNOkmQXqVu4aKYcNqj5ANGbJNYGROfo63TTlu2KUWootMQ1nHiiKfFODPO6LjUwn3zpmRv7ONmcm40QOysLrv5cGk+l9letBM7DnVqrvHsMOMHVv1q87fy1n4DuqDM/cVKMqaAExyY+yAKZfUfuRQIDAQAB
DKIM record details taken from Zoho Mail

Step 3. Finish Your Amazon Route 53 DKIM Setup

To finalize your Amazon Route 53 DKIM setup, click “Create records.” Once this is done, you can test the setup to make sure it is working properly.

How to Add DMARC Record to AWS’s DNS-Route 53

AWS Route 53 DMARC record setup is a similar process to what we’ve already been through.

Step 1. Generate DMARC Record

First, let’s generate the DMARC Record. There are two ways to do so:

  1. Directly from EasyDMARC’s platform after signing up and adding your domain
  2. By using EasyDMARC’s DMARC Record Generator tool

Step 2. Add Your DMARC Record to Amazon Route 53

After generating DMARC Record, go to your AmazonRoute 53 account and click ”Create record.”

Step 3. Add your DMARC Record Type, Record Name, and Value

Add your DMARC Record Type, Record Name, and Value to the corresponding fields, as mentioned in the screenshot below.

Record TypeRecord NameValue
TXT Record_dmarcv=DMARC1;p=none;rua=mailto:[email protected];ruf=mailto:[email protected];fo=1;
DMARC record details

We recommend starting your DMARC Journey in Monitoring mode (p=none). That will help you gather reports, identify, and authenticate legitimate email servers used in your organization. After you work through the source configurations and feel confident that nothing slipped the cracks, enforcing the policy to higher levels (Quarantine and Reject).

Hagop Khatchoian | Technical & Implementation Services, Team Lead

Automate and Simplify your DMARC Journey

Achieve Peace of Mind

Step 4. Finish Your Amazon Route 53 DMARC Setup

Click “Create records” to finish your Amazon Route 53 DMARC setup.

How Can EasyDMARC Help?

EasyDMARC is a powerful and easy-to-use tool that helps businesses protect their domain from malicious activity. It helps you monitor, analyze, and protect your domain from phishing, spoofing, and other malicious activities.

Signing up with EasyDMARC is the best way to automate and simplify your email authentication.

Various authors from EasyDMARC teams have contributed to our blog during company's lifetime. This author brings everyone together.


Inline Feedbacks
View all comments

succees We’re glad you joined EasyDMARC newsletter! Get ready for valuable email security knowledge every week.

succees You’re already subscribed to EasyDMARC newsletter. Continue learning more about email security with us