Amazon Simple Email Service

2024/12/10 - Amazon Simple Email Service - 3 updated api methods

Changes  Introduces support for creating DEED (Deterministic Easy-DKIM) identities.

CreateEmailIdentity (updated) Link ¶
Changes (request, response)
Request
{'DkimSigningAttributes': {'DomainSigningAttributesOrigin': 'AWS_SES | '
                                                            'EXTERNAL | '
                                                            'AWS_SES_AF_SOUTH_1 '
                                                            '| '
                                                            'AWS_SES_EU_NORTH_1 '
                                                            '| '
                                                            'AWS_SES_AP_SOUTH_1 '
                                                            '| '
                                                            'AWS_SES_EU_WEST_3 '
                                                            '| '
                                                            'AWS_SES_EU_WEST_2 '
                                                            '| '
                                                            'AWS_SES_EU_SOUTH_1 '
                                                            '| '
                                                            'AWS_SES_EU_WEST_1 '
                                                            '| '
                                                            'AWS_SES_AP_NORTHEAST_3 '
                                                            '| '
                                                            'AWS_SES_AP_NORTHEAST_2 '
                                                            '| '
                                                            'AWS_SES_ME_SOUTH_1 '
                                                            '| '
                                                            'AWS_SES_AP_NORTHEAST_1 '
                                                            '| '
                                                            'AWS_SES_IL_CENTRAL_1 '
                                                            '| '
                                                            'AWS_SES_SA_EAST_1 '
                                                            '| '
                                                            'AWS_SES_CA_CENTRAL_1 '
                                                            '| '
                                                            'AWS_SES_AP_SOUTHEAST_1 '
                                                            '| '
                                                            'AWS_SES_AP_SOUTHEAST_2 '
                                                            '| '
                                                            'AWS_SES_AP_SOUTHEAST_3 '
                                                            '| '
                                                            'AWS_SES_EU_CENTRAL_1 '
                                                            '| '
                                                            'AWS_SES_US_EAST_1 '
                                                            '| '
                                                            'AWS_SES_US_EAST_2 '
                                                            '| '
                                                            'AWS_SES_US_WEST_1 '
                                                            '| '
                                                            'AWS_SES_US_WEST_2'}}
Response
{'DkimAttributes': {'SigningAttributesOrigin': {'AWS_SES_AF_SOUTH_1',
                                                'AWS_SES_AP_NORTHEAST_1',
                                                'AWS_SES_AP_NORTHEAST_2',
                                                'AWS_SES_AP_NORTHEAST_3',
                                                'AWS_SES_AP_SOUTHEAST_1',
                                                'AWS_SES_AP_SOUTHEAST_2',
                                                'AWS_SES_AP_SOUTHEAST_3',
                                                'AWS_SES_AP_SOUTH_1',
                                                'AWS_SES_CA_CENTRAL_1',
                                                'AWS_SES_EU_CENTRAL_1',
                                                'AWS_SES_EU_NORTH_1',
                                                'AWS_SES_EU_SOUTH_1',
                                                'AWS_SES_EU_WEST_1',
                                                'AWS_SES_EU_WEST_2',
                                                'AWS_SES_EU_WEST_3',
                                                'AWS_SES_IL_CENTRAL_1',
                                                'AWS_SES_ME_SOUTH_1',
                                                'AWS_SES_SA_EAST_1',
                                                'AWS_SES_US_EAST_1',
                                                'AWS_SES_US_EAST_2',
                                                'AWS_SES_US_WEST_1',
                                                'AWS_SES_US_WEST_2'}}}

Starts the process of verifying an email identity. An identity is an email address or domain that you use when you send email. Before you can use an identity to send email, you first have to verify it. By verifying an identity, you demonstrate that you're the owner of the identity, and that you've given Amazon SES API v2 permission to send email from the identity.

When you verify an email address, Amazon SES sends an email to the address. Your email address is verified as soon as you follow the link in the verification email.

When you verify a domain without specifying the DkimSigningAttributes object, this operation provides a set of DKIM tokens. You can convert these tokens into CNAME records, which you then add to the DNS configuration for your domain. Your domain is verified when Amazon SES detects these records in the DNS configuration for your domain. This verification method is known as Easy DKIM.

Alternatively, you can perform the verification process by providing your own public-private key pair. This verification method is known as Bring Your Own DKIM (BYODKIM). To use BYODKIM, your call to the CreateEmailIdentity operation has to include the DkimSigningAttributes object. When you specify this object, you provide a selector (a component of the DNS record name that identifies the public key to use for DKIM authentication) and a private key.

When you verify a domain, this operation provides a set of DKIM tokens, which you can convert into CNAME tokens. You add these CNAME tokens to the DNS configuration for your domain. Your domain is verified when Amazon SES detects these records in the DNS configuration for your domain. For some DNS providers, it can take 72 hours or more to complete the domain verification process.

Additionally, you can associate an existing configuration set with the email identity that you're verifying.

See also: AWS API Documentation

Request Syntax

client.create_email_identity(
    EmailIdentity='string',
    Tags=[
        {
            'Key': 'string',
            'Value': 'string'
        },
    ],
    DkimSigningAttributes={
        'DomainSigningSelector': 'string',
        'DomainSigningPrivateKey': 'string',
        'NextSigningKeyLength': 'RSA_1024_BIT'|'RSA_2048_BIT',
        'DomainSigningAttributesOrigin': 'AWS_SES'|'EXTERNAL'|'AWS_SES_AF_SOUTH_1'|'AWS_SES_EU_NORTH_1'|'AWS_SES_AP_SOUTH_1'|'AWS_SES_EU_WEST_3'|'AWS_SES_EU_WEST_2'|'AWS_SES_EU_SOUTH_1'|'AWS_SES_EU_WEST_1'|'AWS_SES_AP_NORTHEAST_3'|'AWS_SES_AP_NORTHEAST_2'|'AWS_SES_ME_SOUTH_1'|'AWS_SES_AP_NORTHEAST_1'|'AWS_SES_IL_CENTRAL_1'|'AWS_SES_SA_EAST_1'|'AWS_SES_CA_CENTRAL_1'|'AWS_SES_AP_SOUTHEAST_1'|'AWS_SES_AP_SOUTHEAST_2'|'AWS_SES_AP_SOUTHEAST_3'|'AWS_SES_EU_CENTRAL_1'|'AWS_SES_US_EAST_1'|'AWS_SES_US_EAST_2'|'AWS_SES_US_WEST_1'|'AWS_SES_US_WEST_2'
    },
    ConfigurationSetName='string'
)
type EmailIdentity:

string

param EmailIdentity:

[REQUIRED]

The email address or domain to verify.

type Tags:

list

param Tags:

An array of objects that define the tags (keys and values) to associate with the email identity.

  • (dict) --

    An object that defines the tags that are associated with a resource. A tag is a label that you optionally define and associate with a resource. Tags can help you categorize and manage resources in different ways, such as by purpose, owner, environment, or other criteria. A resource can have as many as 50 tags.

    Each tag consists of a required tag key and an associated tag value, both of which you define. A tag key is a general label that acts as a category for a more specific tag value. A tag value acts as a descriptor within a tag key. A tag key can contain as many as 128 characters. A tag value can contain as many as 256 characters. The characters can be Unicode letters, digits, white space, or one of the following symbols: _ . : / = + -. The following additional restrictions apply to tags:

    • Tag keys and values are case sensitive.

    • For each associated resource, each tag key must be unique and it can have only one value.

    • The  aws: prefix is reserved for use by Amazon Web Services; you can’t use it in any tag keys or values that you define. In addition, you can't edit or remove tag keys or values that use this prefix. Tags that use this prefix don’t count against the limit of 50 tags per resource.

    • You can associate tags with public or shared resources, but the tags are available only for your Amazon Web Services account, not any other accounts that share the resource. In addition, the tags are available only for resources that are located in the specified Amazon Web Services Region for your Amazon Web Services account.

    • Key (string) -- [REQUIRED]

      One part of a key-value pair that defines a tag. The maximum length of a tag key is 128 characters. The minimum length is 1 character.

    • Value (string) -- [REQUIRED]

      The optional part of a key-value pair that defines a tag. The maximum length of a tag value is 256 characters. The minimum length is 0 characters. If you don't want a resource to have a specific tag value, don't specify a value for this parameter. If you don't specify a value, Amazon SES sets the value to an empty string.

type DkimSigningAttributes:

dict

param DkimSigningAttributes:

If your request includes this object, Amazon SES configures the identity to use Bring Your Own DKIM (BYODKIM) for DKIM authentication purposes, or, configures the key length to be used for Easy DKIM.

You can only specify this object if the email identity is a domain, as opposed to an address.

  • DomainSigningSelector (string) --

    [Bring Your Own DKIM] A string that's used to identify a public key in the DNS configuration for a domain.

  • DomainSigningPrivateKey (string) --

    [Bring Your Own DKIM] A private key that's used to generate a DKIM signature.

    The private key must use 1024 or 2048-bit RSA encryption, and must be encoded using base64 encoding.

  • NextSigningKeyLength (string) --

    [Easy DKIM] The key length of the future DKIM key pair to be generated. This can be changed at most once per day.

  • DomainSigningAttributesOrigin (string) --

    The attribute to use for configuring DKIM for the identity depends on the operation:

    • For PutEmailIdentityDkimSigningAttributes:

    • For CreateEmailIdentity when replicating a parent identity's DKIM configuration:

      • Allowed values: All values except AWS_SES and EXTERNAL

    • AWS_SES – Configure DKIM for the identity by using Easy DKIM.

    • EXTERNAL – Configure DKIM for the identity by using Bring Your Own DKIM (BYODKIM).

    • AWS_SES_AF_SOUTH_1 – Configure DKIM for the identity by replicating from a parent identity in Africa (Cape Town) region using Deterministic Easy-DKIM (DEED).

    • AWS_SES_EU_NORTH_1 – Configure DKIM for the identity by replicating from a parent identity in Europe (Stockholm) region using Deterministic Easy-DKIM (DEED).

    • AWS_SES_AP_SOUTH_1 – Configure DKIM for the identity by replicating from a parent identity in Asia Pacific (Mumbai) region using Deterministic Easy-DKIM (DEED).

    • AWS_SES_EU_WEST_3 – Configure DKIM for the identity by replicating from a parent identity in Europe (Paris) region using Deterministic Easy-DKIM (DEED).

    • AWS_SES_EU_WEST_2 – Configure DKIM for the identity by replicating from a parent identity in Europe (London) region using Deterministic Easy-DKIM (DEED).

    • AWS_SES_EU_SOUTH_1 – Configure DKIM for the identity by replicating from a parent identity in Europe (Milan) region using Deterministic Easy-DKIM (DEED).

    • AWS_SES_EU_WEST_1 – Configure DKIM for the identity by replicating from a parent identity in Europe (Ireland) region using Deterministic Easy-DKIM (DEED).

    • AWS_SES_AP_NORTHEAST_3 – Configure DKIM for the identity by replicating from a parent identity in Asia Pacific (Osaka) region using Deterministic Easy-DKIM (DEED).

    • AWS_SES_AP_NORTHEAST_2 – Configure DKIM for the identity by replicating from a parent identity in Asia Pacific (Seoul) region using Deterministic Easy-DKIM (DEED).

    • AWS_SES_ME_SOUTH_1 – Configure DKIM for the identity by replicating from a parent identity in Middle East (Bahrain) region using Deterministic Easy-DKIM (DEED).

    • AWS_SES_AP_NORTHEAST_1 – Configure DKIM for the identity by replicating from a parent identity in Asia Pacific (Tokyo) region using Deterministic Easy-DKIM (DEED).

    • AWS_SES_IL_CENTRAL_1 – Configure DKIM for the identity by replicating from a parent identity in Israel (Tel Aviv) region using Deterministic Easy-DKIM (DEED).

    • AWS_SES_SA_EAST_1 – Configure DKIM for the identity by replicating from a parent identity in South America (São Paulo) region using Deterministic Easy-DKIM (DEED).

    • AWS_SES_CA_CENTRAL_1 – Configure DKIM for the identity by replicating from a parent identity in Canada (Central) region using Deterministic Easy-DKIM (DEED).

    • AWS_SES_AP_SOUTHEAST_1 – Configure DKIM for the identity by replicating from a parent identity in Asia Pacific (Singapore) region using Deterministic Easy-DKIM (DEED).

    • AWS_SES_AP_SOUTHEAST_2 – Configure DKIM for the identity by replicating from a parent identity in Asia Pacific (Sydney) region using Deterministic Easy-DKIM (DEED).

    • AWS_SES_AP_SOUTHEAST_3 – Configure DKIM for the identity by replicating from a parent identity in Asia Pacific (Jakarta) region using Deterministic Easy-DKIM (DEED).

    • AWS_SES_EU_CENTRAL_1 – Configure DKIM for the identity by replicating from a parent identity in Europe (Frankfurt) region using Deterministic Easy-DKIM (DEED).

    • AWS_SES_US_EAST_1 – Configure DKIM for the identity by replicating from a parent identity in US East (N. Virginia) region using Deterministic Easy-DKIM (DEED).

    • AWS_SES_US_EAST_2 – Configure DKIM for the identity by replicating from a parent identity in US East (Ohio) region using Deterministic Easy-DKIM (DEED).

    • AWS_SES_US_WEST_1 – Configure DKIM for the identity by replicating from a parent identity in US West (N. California) region using Deterministic Easy-DKIM (DEED).

    • AWS_SES_US_WEST_2 – Configure DKIM for the identity by replicating from a parent identity in US West (Oregon) region using Deterministic Easy-DKIM (DEED).

type ConfigurationSetName:

string

param ConfigurationSetName:

The configuration set to use by default when sending from this identity. Note that any configuration set defined in the email sending request takes precedence.

rtype:

dict

returns:

Response Syntax

{
    'IdentityType': 'EMAIL_ADDRESS'|'DOMAIN'|'MANAGED_DOMAIN',
    'VerifiedForSendingStatus': True|False,
    'DkimAttributes': {
        'SigningEnabled': True|False,
        'Status': 'PENDING'|'SUCCESS'|'FAILED'|'TEMPORARY_FAILURE'|'NOT_STARTED',
        'Tokens': [
            'string',
        ],
        'SigningAttributesOrigin': 'AWS_SES'|'EXTERNAL'|'AWS_SES_AF_SOUTH_1'|'AWS_SES_EU_NORTH_1'|'AWS_SES_AP_SOUTH_1'|'AWS_SES_EU_WEST_3'|'AWS_SES_EU_WEST_2'|'AWS_SES_EU_SOUTH_1'|'AWS_SES_EU_WEST_1'|'AWS_SES_AP_NORTHEAST_3'|'AWS_SES_AP_NORTHEAST_2'|'AWS_SES_ME_SOUTH_1'|'AWS_SES_AP_NORTHEAST_1'|'AWS_SES_IL_CENTRAL_1'|'AWS_SES_SA_EAST_1'|'AWS_SES_CA_CENTRAL_1'|'AWS_SES_AP_SOUTHEAST_1'|'AWS_SES_AP_SOUTHEAST_2'|'AWS_SES_AP_SOUTHEAST_3'|'AWS_SES_EU_CENTRAL_1'|'AWS_SES_US_EAST_1'|'AWS_SES_US_EAST_2'|'AWS_SES_US_WEST_1'|'AWS_SES_US_WEST_2',
        'NextSigningKeyLength': 'RSA_1024_BIT'|'RSA_2048_BIT',
        'CurrentSigningKeyLength': 'RSA_1024_BIT'|'RSA_2048_BIT',
        'LastKeyGenerationTimestamp': datetime(2015, 1, 1)
    }
}

Response Structure

  • (dict) --

    If the email identity is a domain, this object contains information about the DKIM verification status for the domain.

    If the email identity is an email address, this object is empty.

    • IdentityType (string) --

      The email identity type. Note: the MANAGED_DOMAIN identity type is not supported.

    • VerifiedForSendingStatus (boolean) --

      Specifies whether or not the identity is verified. You can only send email from verified email addresses or domains. For more information about verifying identities, see the Amazon Pinpoint User Guide.

    • DkimAttributes (dict) --

      An object that contains information about the DKIM attributes for the identity.

      • SigningEnabled (boolean) --

        If the value is true, then the messages that you send from the identity are signed using DKIM. If the value is false, then the messages that you send from the identity aren't DKIM-signed.

      • Status (string) --

        Describes whether or not Amazon SES has successfully located the DKIM records in the DNS records for the domain. The status can be one of the following:

        • PENDING – The verification process was initiated, but Amazon SES hasn't yet detected the DKIM records in the DNS configuration for the domain.

        • SUCCESS – The verification process completed successfully.

        • FAILED – The verification process failed. This typically occurs when Amazon SES fails to find the DKIM records in the DNS configuration of the domain.

        • TEMPORARY_FAILURE – A temporary issue is preventing Amazon SES from determining the DKIM authentication status of the domain.

        • NOT_STARTED – The DKIM verification process hasn't been initiated for the domain.

      • Tokens (list) --

        If you used Easy DKIM to configure DKIM authentication for the domain, then this object contains a set of unique strings that you use to create a set of CNAME records that you add to the DNS configuration for your domain. When Amazon SES detects these records in the DNS configuration for your domain, the DKIM authentication process is complete.

        If you configured DKIM authentication for the domain by providing your own public-private key pair, then this object contains the selector for the public key.

        Regardless of the DKIM authentication method you use, Amazon SES searches for the appropriate records in the DNS configuration of the domain for up to 72 hours.

        • (string) --

      • SigningAttributesOrigin (string) --

        A string that indicates how DKIM was configured for the identity. These are the possible values:

        • AWS_SES – Indicates that DKIM was configured for the identity by using Easy DKIM.

        • EXTERNAL – Indicates that DKIM was configured for the identity by using Bring Your Own DKIM (BYODKIM).

        • AWS_SES_AF_SOUTH_1 – Indicates that DKIM was configured for the identity by replicating signing attributes from a parent identity in Africa (Cape Town) region using Deterministic Easy-DKIM (DEED).

        • AWS_SES_EU_NORTH_1 – Indicates that DKIM was configured for the identity by replicating signing attributes from a parent identity in Europe (Stockholm) region using Deterministic Easy-DKIM (DEED).

        • AWS_SES_AP_SOUTH_1 – Indicates that DKIM was configured for the identity by replicating signing attributes from a parent identity in Asia Pacific (Mumbai) region using Deterministic Easy-DKIM (DEED).

        • AWS_SES_EU_WEST_3 – Indicates that DKIM was configured for the identity by replicating signing attributes from a parent identity in Europe (Paris) region using Deterministic Easy-DKIM (DEED).

        • AWS_SES_EU_WEST_2 – Indicates that DKIM was configured for the identity by replicating signing attributes from a parent identity in Europe (London) region using Deterministic Easy-DKIM (DEED).

        • AWS_SES_EU_SOUTH_1 – Indicates that DKIM was configured for the identity by replicating signing attributes from a parent identity in Europe (Milan) region using Deterministic Easy-DKIM (DEED).

        • AWS_SES_EU_WEST_1 – Indicates that DKIM was configured for the identity by replicating signing attributes from a parent identity in Europe (Ireland) region using Deterministic Easy-DKIM (DEED).

        • AWS_SES_AP_NORTHEAST_3 – Indicates that DKIM was configured for the identity by replicating signing attributes from a parent identity in Asia Pacific (Osaka) region using Deterministic Easy-DKIM (DEED).

        • AWS_SES_AP_NORTHEAST_2 – Indicates that DKIM was configured for the identity by replicating signing attributes from a parent identity in Asia Pacific (Seoul) region using Deterministic Easy-DKIM (DEED).

        • AWS_SES_ME_SOUTH_1 – Indicates that DKIM was configured for the identity by replicating signing attributes from a parent identity in Middle East (Bahrain) region using Deterministic Easy-DKIM (DEED).

        • AWS_SES_AP_NORTHEAST_1 – Indicates that DKIM was configured for the identity by replicating signing attributes from a parent identity in Asia Pacific (Tokyo) region using Deterministic Easy-DKIM (DEED).

        • AWS_SES_IL_CENTRAL_1 – Indicates that DKIM was configured for the identity by replicating signing attributes from a parent identity in Israel (Tel Aviv) region using Deterministic Easy-DKIM (DEED).

        • AWS_SES_SA_EAST_1 – Indicates that DKIM was configured for the identity by replicating signing attributes from a parent identity in South America (São Paulo) region using Deterministic Easy-DKIM (DEED).

        • AWS_SES_CA_CENTRAL_1 – Indicates that DKIM was configured for the identity by replicating signing attributes from a parent identity in Canada (Central) region using Deterministic Easy-DKIM (DEED).

        • AWS_SES_AP_SOUTHEAST_1 – Indicates that DKIM was configured for the identity by replicating signing attributes from a parent identity in Asia Pacific (Singapore) region using Deterministic Easy-DKIM (DEED).

        • AWS_SES_AP_SOUTHEAST_2 – Indicates that DKIM was configured for the identity by replicating signing attributes from a parent identity in Asia Pacific (Sydney) region using Deterministic Easy-DKIM (DEED).

        • AWS_SES_AP_SOUTHEAST_3 – Indicates that DKIM was configured for the identity by replicating signing attributes from a parent identity in Asia Pacific (Jakarta) region using Deterministic Easy-DKIM (DEED).

        • AWS_SES_EU_CENTRAL_1 – Indicates that DKIM was configured for the identity by replicating signing attributes from a parent identity in Europe (Frankfurt) region using Deterministic Easy-DKIM (DEED).

        • AWS_SES_US_EAST_1 – Indicates that DKIM was configured for the identity by replicating signing attributes from a parent identity in US East (N. Virginia) region using Deterministic Easy-DKIM (DEED).

        • AWS_SES_US_EAST_2 – Indicates that DKIM was configured for the identity by replicating signing attributes from a parent identity in US East (Ohio) region using Deterministic Easy-DKIM (DEED).

        • AWS_SES_US_WEST_1 – Indicates that DKIM was configured for the identity by replicating signing attributes from a parent identity in US West (N. California) region using Deterministic Easy-DKIM (DEED).

        • AWS_SES_US_WEST_2 – Indicates that DKIM was configured for the identity by replicating signing attributes from a parent identity in US West (Oregon) region using Deterministic Easy-DKIM (DEED).

      • NextSigningKeyLength (string) --

        [Easy DKIM] The key length of the future DKIM key pair to be generated. This can be changed at most once per day.

      • CurrentSigningKeyLength (string) --

        [Easy DKIM] The key length of the DKIM key pair in use.

      • LastKeyGenerationTimestamp (datetime) --

        [Easy DKIM] The last time a key pair was generated for this identity.

GetEmailIdentity (updated) Link ¶
Changes (response)
{'DkimAttributes': {'SigningAttributesOrigin': {'AWS_SES_AF_SOUTH_1',
                                                'AWS_SES_AP_NORTHEAST_1',
                                                'AWS_SES_AP_NORTHEAST_2',
                                                'AWS_SES_AP_NORTHEAST_3',
                                                'AWS_SES_AP_SOUTHEAST_1',
                                                'AWS_SES_AP_SOUTHEAST_2',
                                                'AWS_SES_AP_SOUTHEAST_3',
                                                'AWS_SES_AP_SOUTH_1',
                                                'AWS_SES_CA_CENTRAL_1',
                                                'AWS_SES_EU_CENTRAL_1',
                                                'AWS_SES_EU_NORTH_1',
                                                'AWS_SES_EU_SOUTH_1',
                                                'AWS_SES_EU_WEST_1',
                                                'AWS_SES_EU_WEST_2',
                                                'AWS_SES_EU_WEST_3',
                                                'AWS_SES_IL_CENTRAL_1',
                                                'AWS_SES_ME_SOUTH_1',
                                                'AWS_SES_SA_EAST_1',
                                                'AWS_SES_US_EAST_1',
                                                'AWS_SES_US_EAST_2',
                                                'AWS_SES_US_WEST_1',
                                                'AWS_SES_US_WEST_2'}},
 'VerificationInfo': {'ErrorType': {'REPLICATION_ACCESS_DENIED',
                                    'REPLICATION_PRIMARY_BYO_DKIM_NOT_SUPPORTED',
                                    'REPLICATION_PRIMARY_INVALID_REGION',
                                    'REPLICATION_PRIMARY_NOT_FOUND',
                                    'REPLICATION_REPLICA_AS_PRIMARY_NOT_SUPPORTED'}}}

Provides information about a specific identity, including the identity's verification status, sending authorization policies, its DKIM authentication status, and its custom Mail-From settings.

See also: AWS API Documentation

Request Syntax

client.get_email_identity(
    EmailIdentity='string'
)
type EmailIdentity:

string

param EmailIdentity:

[REQUIRED]

The email identity.

rtype:

dict

returns:

Response Syntax

{
    'IdentityType': 'EMAIL_ADDRESS'|'DOMAIN'|'MANAGED_DOMAIN',
    'FeedbackForwardingStatus': True|False,
    'VerifiedForSendingStatus': True|False,
    'DkimAttributes': {
        'SigningEnabled': True|False,
        'Status': 'PENDING'|'SUCCESS'|'FAILED'|'TEMPORARY_FAILURE'|'NOT_STARTED',
        'Tokens': [
            'string',
        ],
        'SigningAttributesOrigin': 'AWS_SES'|'EXTERNAL'|'AWS_SES_AF_SOUTH_1'|'AWS_SES_EU_NORTH_1'|'AWS_SES_AP_SOUTH_1'|'AWS_SES_EU_WEST_3'|'AWS_SES_EU_WEST_2'|'AWS_SES_EU_SOUTH_1'|'AWS_SES_EU_WEST_1'|'AWS_SES_AP_NORTHEAST_3'|'AWS_SES_AP_NORTHEAST_2'|'AWS_SES_ME_SOUTH_1'|'AWS_SES_AP_NORTHEAST_1'|'AWS_SES_IL_CENTRAL_1'|'AWS_SES_SA_EAST_1'|'AWS_SES_CA_CENTRAL_1'|'AWS_SES_AP_SOUTHEAST_1'|'AWS_SES_AP_SOUTHEAST_2'|'AWS_SES_AP_SOUTHEAST_3'|'AWS_SES_EU_CENTRAL_1'|'AWS_SES_US_EAST_1'|'AWS_SES_US_EAST_2'|'AWS_SES_US_WEST_1'|'AWS_SES_US_WEST_2',
        'NextSigningKeyLength': 'RSA_1024_BIT'|'RSA_2048_BIT',
        'CurrentSigningKeyLength': 'RSA_1024_BIT'|'RSA_2048_BIT',
        'LastKeyGenerationTimestamp': datetime(2015, 1, 1)
    },
    'MailFromAttributes': {
        'MailFromDomain': 'string',
        'MailFromDomainStatus': 'PENDING'|'SUCCESS'|'FAILED'|'TEMPORARY_FAILURE',
        'BehaviorOnMxFailure': 'USE_DEFAULT_VALUE'|'REJECT_MESSAGE'
    },
    'Policies': {
        'string': 'string'
    },
    'Tags': [
        {
            'Key': 'string',
            'Value': 'string'
        },
    ],
    'ConfigurationSetName': 'string',
    'VerificationStatus': 'PENDING'|'SUCCESS'|'FAILED'|'TEMPORARY_FAILURE'|'NOT_STARTED',
    'VerificationInfo': {
        'LastCheckedTimestamp': datetime(2015, 1, 1),
        'LastSuccessTimestamp': datetime(2015, 1, 1),
        'ErrorType': 'SERVICE_ERROR'|'DNS_SERVER_ERROR'|'HOST_NOT_FOUND'|'TYPE_NOT_FOUND'|'INVALID_VALUE'|'REPLICATION_ACCESS_DENIED'|'REPLICATION_PRIMARY_NOT_FOUND'|'REPLICATION_PRIMARY_BYO_DKIM_NOT_SUPPORTED'|'REPLICATION_REPLICA_AS_PRIMARY_NOT_SUPPORTED'|'REPLICATION_PRIMARY_INVALID_REGION',
        'SOARecord': {
            'PrimaryNameServer': 'string',
            'AdminEmail': 'string',
            'SerialNumber': 123
        }
    }
}

Response Structure

  • (dict) --

    Details about an email identity.

    • IdentityType (string) --

      The email identity type. Note: the MANAGED_DOMAIN identity type is not supported.

    • FeedbackForwardingStatus (boolean) --

      The feedback forwarding configuration for the identity.

      If the value is true, you receive email notifications when bounce or complaint events occur. These notifications are sent to the address that you specified in the Return-Path header of the original email.

      You're required to have a method of tracking bounces and complaints. If you haven't set up another mechanism for receiving bounce or complaint notifications (for example, by setting up an event destination), you receive an email notification when these events occur (even if this setting is disabled).

    • VerifiedForSendingStatus (boolean) --

      Specifies whether or not the identity is verified. You can only send email from verified email addresses or domains. For more information about verifying identities, see the Amazon Pinpoint User Guide.

    • DkimAttributes (dict) --

      An object that contains information about the DKIM attributes for the identity.

      • SigningEnabled (boolean) --

        If the value is true, then the messages that you send from the identity are signed using DKIM. If the value is false, then the messages that you send from the identity aren't DKIM-signed.

      • Status (string) --

        Describes whether or not Amazon SES has successfully located the DKIM records in the DNS records for the domain. The status can be one of the following:

        • PENDING – The verification process was initiated, but Amazon SES hasn't yet detected the DKIM records in the DNS configuration for the domain.

        • SUCCESS – The verification process completed successfully.

        • FAILED – The verification process failed. This typically occurs when Amazon SES fails to find the DKIM records in the DNS configuration of the domain.

        • TEMPORARY_FAILURE – A temporary issue is preventing Amazon SES from determining the DKIM authentication status of the domain.

        • NOT_STARTED – The DKIM verification process hasn't been initiated for the domain.

      • Tokens (list) --

        If you used Easy DKIM to configure DKIM authentication for the domain, then this object contains a set of unique strings that you use to create a set of CNAME records that you add to the DNS configuration for your domain. When Amazon SES detects these records in the DNS configuration for your domain, the DKIM authentication process is complete.

        If you configured DKIM authentication for the domain by providing your own public-private key pair, then this object contains the selector for the public key.

        Regardless of the DKIM authentication method you use, Amazon SES searches for the appropriate records in the DNS configuration of the domain for up to 72 hours.

        • (string) --

      • SigningAttributesOrigin (string) --

        A string that indicates how DKIM was configured for the identity. These are the possible values:

        • AWS_SES – Indicates that DKIM was configured for the identity by using Easy DKIM.

        • EXTERNAL – Indicates that DKIM was configured for the identity by using Bring Your Own DKIM (BYODKIM).

        • AWS_SES_AF_SOUTH_1 – Indicates that DKIM was configured for the identity by replicating signing attributes from a parent identity in Africa (Cape Town) region using Deterministic Easy-DKIM (DEED).

        • AWS_SES_EU_NORTH_1 – Indicates that DKIM was configured for the identity by replicating signing attributes from a parent identity in Europe (Stockholm) region using Deterministic Easy-DKIM (DEED).

        • AWS_SES_AP_SOUTH_1 – Indicates that DKIM was configured for the identity by replicating signing attributes from a parent identity in Asia Pacific (Mumbai) region using Deterministic Easy-DKIM (DEED).

        • AWS_SES_EU_WEST_3 – Indicates that DKIM was configured for the identity by replicating signing attributes from a parent identity in Europe (Paris) region using Deterministic Easy-DKIM (DEED).

        • AWS_SES_EU_WEST_2 – Indicates that DKIM was configured for the identity by replicating signing attributes from a parent identity in Europe (London) region using Deterministic Easy-DKIM (DEED).

        • AWS_SES_EU_SOUTH_1 – Indicates that DKIM was configured for the identity by replicating signing attributes from a parent identity in Europe (Milan) region using Deterministic Easy-DKIM (DEED).

        • AWS_SES_EU_WEST_1 – Indicates that DKIM was configured for the identity by replicating signing attributes from a parent identity in Europe (Ireland) region using Deterministic Easy-DKIM (DEED).

        • AWS_SES_AP_NORTHEAST_3 – Indicates that DKIM was configured for the identity by replicating signing attributes from a parent identity in Asia Pacific (Osaka) region using Deterministic Easy-DKIM (DEED).

        • AWS_SES_AP_NORTHEAST_2 – Indicates that DKIM was configured for the identity by replicating signing attributes from a parent identity in Asia Pacific (Seoul) region using Deterministic Easy-DKIM (DEED).

        • AWS_SES_ME_SOUTH_1 – Indicates that DKIM was configured for the identity by replicating signing attributes from a parent identity in Middle East (Bahrain) region using Deterministic Easy-DKIM (DEED).

        • AWS_SES_AP_NORTHEAST_1 – Indicates that DKIM was configured for the identity by replicating signing attributes from a parent identity in Asia Pacific (Tokyo) region using Deterministic Easy-DKIM (DEED).

        • AWS_SES_IL_CENTRAL_1 – Indicates that DKIM was configured for the identity by replicating signing attributes from a parent identity in Israel (Tel Aviv) region using Deterministic Easy-DKIM (DEED).

        • AWS_SES_SA_EAST_1 – Indicates that DKIM was configured for the identity by replicating signing attributes from a parent identity in South America (São Paulo) region using Deterministic Easy-DKIM (DEED).

        • AWS_SES_CA_CENTRAL_1 – Indicates that DKIM was configured for the identity by replicating signing attributes from a parent identity in Canada (Central) region using Deterministic Easy-DKIM (DEED).

        • AWS_SES_AP_SOUTHEAST_1 – Indicates that DKIM was configured for the identity by replicating signing attributes from a parent identity in Asia Pacific (Singapore) region using Deterministic Easy-DKIM (DEED).

        • AWS_SES_AP_SOUTHEAST_2 – Indicates that DKIM was configured for the identity by replicating signing attributes from a parent identity in Asia Pacific (Sydney) region using Deterministic Easy-DKIM (DEED).

        • AWS_SES_AP_SOUTHEAST_3 – Indicates that DKIM was configured for the identity by replicating signing attributes from a parent identity in Asia Pacific (Jakarta) region using Deterministic Easy-DKIM (DEED).

        • AWS_SES_EU_CENTRAL_1 – Indicates that DKIM was configured for the identity by replicating signing attributes from a parent identity in Europe (Frankfurt) region using Deterministic Easy-DKIM (DEED).

        • AWS_SES_US_EAST_1 – Indicates that DKIM was configured for the identity by replicating signing attributes from a parent identity in US East (N. Virginia) region using Deterministic Easy-DKIM (DEED).

        • AWS_SES_US_EAST_2 – Indicates that DKIM was configured for the identity by replicating signing attributes from a parent identity in US East (Ohio) region using Deterministic Easy-DKIM (DEED).

        • AWS_SES_US_WEST_1 – Indicates that DKIM was configured for the identity by replicating signing attributes from a parent identity in US West (N. California) region using Deterministic Easy-DKIM (DEED).

        • AWS_SES_US_WEST_2 – Indicates that DKIM was configured for the identity by replicating signing attributes from a parent identity in US West (Oregon) region using Deterministic Easy-DKIM (DEED).

      • NextSigningKeyLength (string) --

        [Easy DKIM] The key length of the future DKIM key pair to be generated. This can be changed at most once per day.

      • CurrentSigningKeyLength (string) --

        [Easy DKIM] The key length of the DKIM key pair in use.

      • LastKeyGenerationTimestamp (datetime) --

        [Easy DKIM] The last time a key pair was generated for this identity.

    • MailFromAttributes (dict) --

      An object that contains information about the Mail-From attributes for the email identity.

      • MailFromDomain (string) --

        The name of a domain that an email identity uses as a custom MAIL FROM domain.

      • MailFromDomainStatus (string) --

        The status of the MAIL FROM domain. This status can have the following values:

        • PENDING – Amazon SES hasn't started searching for the MX record yet.

        • SUCCESS – Amazon SES detected the required MX record for the MAIL FROM domain.

        • FAILED – Amazon SES can't find the required MX record, or the record no longer exists.

        • TEMPORARY_FAILURE – A temporary issue occurred, which prevented Amazon SES from determining the status of the MAIL FROM domain.

      • BehaviorOnMxFailure (string) --

        The action to take if the required MX record can't be found when you send an email. When you set this value to USE_DEFAULT_VALUE, the mail is sent using amazonses.com as the MAIL FROM domain. When you set this value to REJECT_MESSAGE, the Amazon SES API v2 returns a MailFromDomainNotVerified error, and doesn't attempt to deliver the email.

        These behaviors are taken when the custom MAIL FROM domain configuration is in the Pending, Failed, and TemporaryFailure states.

    • Policies (dict) --

      A map of policy names to policies.

      • (string) --

        The name of the policy.

        The policy name cannot exceed 64 characters and can only include alphanumeric characters, dashes, and underscores.

        • (string) --

          The text of the policy in JSON format. The policy cannot exceed 4 KB.

          For information about the syntax of sending authorization policies, see the Amazon SES Developer Guide.

    • Tags (list) --

      An array of objects that define the tags (keys and values) that are associated with the email identity.

      • (dict) --

        An object that defines the tags that are associated with a resource. A tag is a label that you optionally define and associate with a resource. Tags can help you categorize and manage resources in different ways, such as by purpose, owner, environment, or other criteria. A resource can have as many as 50 tags.

        Each tag consists of a required tag key and an associated tag value, both of which you define. A tag key is a general label that acts as a category for a more specific tag value. A tag value acts as a descriptor within a tag key. A tag key can contain as many as 128 characters. A tag value can contain as many as 256 characters. The characters can be Unicode letters, digits, white space, or one of the following symbols: _ . : / = + -. The following additional restrictions apply to tags:

        • Tag keys and values are case sensitive.

        • For each associated resource, each tag key must be unique and it can have only one value.

        • The  aws: prefix is reserved for use by Amazon Web Services; you can’t use it in any tag keys or values that you define. In addition, you can't edit or remove tag keys or values that use this prefix. Tags that use this prefix don’t count against the limit of 50 tags per resource.

        • You can associate tags with public or shared resources, but the tags are available only for your Amazon Web Services account, not any other accounts that share the resource. In addition, the tags are available only for resources that are located in the specified Amazon Web Services Region for your Amazon Web Services account.

        • Key (string) --

          One part of a key-value pair that defines a tag. The maximum length of a tag key is 128 characters. The minimum length is 1 character.

        • Value (string) --

          The optional part of a key-value pair that defines a tag. The maximum length of a tag value is 256 characters. The minimum length is 0 characters. If you don't want a resource to have a specific tag value, don't specify a value for this parameter. If you don't specify a value, Amazon SES sets the value to an empty string.

    • ConfigurationSetName (string) --

      The configuration set used by default when sending from this identity.

    • VerificationStatus (string) --

      The verification status of the identity. The status can be one of the following:

      • PENDING – The verification process was initiated, but Amazon SES hasn't yet been able to verify the identity.

      • SUCCESS – The verification process completed successfully.

      • FAILED – The verification process failed.

      • TEMPORARY_FAILURE – A temporary issue is preventing Amazon SES from determining the verification status of the identity.

      • NOT_STARTED – The verification process hasn't been initiated for the identity.

    • VerificationInfo (dict) --

      An object that contains additional information about the verification status for the identity.

      • LastCheckedTimestamp (datetime) --

        The last time a verification attempt was made for this identity.

      • LastSuccessTimestamp (datetime) --

        The last time a successful verification was made for this identity.

      • ErrorType (string) --

        Provides the reason for the failure describing why Amazon SES was not able to successfully verify the identity. Below are the possible values:

        • INVALID_VALUE – Amazon SES was able to find the record, but the value contained within the record was invalid. Ensure you have published the correct values for the record.

        • TYPE_NOT_FOUND – The queried hostname exists but does not have the requested type of DNS record. Ensure that you have published the correct type of DNS record.

        • HOST_NOT_FOUND – The queried hostname does not exist or was not reachable at the time of the request. Ensure that you have published the required DNS record(s).

        • SERVICE_ERROR – A temporary issue is preventing Amazon SES from determining the verification status of the domain.

        • DNS_SERVER_ERROR – The DNS server encountered an issue and was unable to complete the request.

        • REPLICATION_ACCESS_DENIED – The verification failed because the user does not have the required permissions to replicate the DKIM key from the primary region. Ensure you have the necessary permissions in both primary and replica regions.

        • REPLICATION_PRIMARY_NOT_FOUND – The verification failed because no corresponding identity was found in the specified primary region. Ensure the identity exists in the primary region before attempting replication.

        • REPLICATION_PRIMARY_BYO_DKIM_NOT_SUPPORTED – The verification failed because the identity in the primary region is configured with Bring Your Own DKIM (BYODKIM). DKIM key replication is only supported for identities using Easy DKIM.

        • REPLICATION_REPLICA_AS_PRIMARY_NOT_SUPPORTED – The verification failed because the specified primary identity is a replica of another identity, and multi-level replication is not supported; the primary identity must be a non-replica identity.

        • REPLICATION_PRIMARY_INVALID_REGION – The verification failed due to an invalid primary region specified. Ensure you provide a valid AWS region where Amazon SES is available and different from the replica region.

      • SOARecord (dict) --

        An object that contains information about the start of authority (SOA) record associated with the identity.

        • PrimaryNameServer (string) --

          Primary name server specified in the SOA record.

        • AdminEmail (string) --

          Administrative contact email from the SOA record.

        • SerialNumber (integer) --

          Serial number from the SOA record.

PutEmailIdentityDkimSigningAttributes (updated) Link ¶
Changes (request)
{'SigningAttributes': {'DomainSigningAttributesOrigin': 'AWS_SES | EXTERNAL | '
                                                        'AWS_SES_AF_SOUTH_1 | '
                                                        'AWS_SES_EU_NORTH_1 | '
                                                        'AWS_SES_AP_SOUTH_1 | '
                                                        'AWS_SES_EU_WEST_3 | '
                                                        'AWS_SES_EU_WEST_2 | '
                                                        'AWS_SES_EU_SOUTH_1 | '
                                                        'AWS_SES_EU_WEST_1 | '
                                                        'AWS_SES_AP_NORTHEAST_3 '
                                                        '| '
                                                        'AWS_SES_AP_NORTHEAST_2 '
                                                        '| AWS_SES_ME_SOUTH_1 '
                                                        '| '
                                                        'AWS_SES_AP_NORTHEAST_1 '
                                                        '| '
                                                        'AWS_SES_IL_CENTRAL_1 '
                                                        '| AWS_SES_SA_EAST_1 | '
                                                        'AWS_SES_CA_CENTRAL_1 '
                                                        '| '
                                                        'AWS_SES_AP_SOUTHEAST_1 '
                                                        '| '
                                                        'AWS_SES_AP_SOUTHEAST_2 '
                                                        '| '
                                                        'AWS_SES_AP_SOUTHEAST_3 '
                                                        '| '
                                                        'AWS_SES_EU_CENTRAL_1 '
                                                        '| AWS_SES_US_EAST_1 | '
                                                        'AWS_SES_US_EAST_2 | '
                                                        'AWS_SES_US_WEST_1 | '
                                                        'AWS_SES_US_WEST_2'},
 'SigningAttributesOrigin': {'AWS_SES_AF_SOUTH_1',
                             'AWS_SES_AP_NORTHEAST_1',
                             'AWS_SES_AP_NORTHEAST_2',
                             'AWS_SES_AP_NORTHEAST_3',
                             'AWS_SES_AP_SOUTHEAST_1',
                             'AWS_SES_AP_SOUTHEAST_2',
                             'AWS_SES_AP_SOUTHEAST_3',
                             'AWS_SES_AP_SOUTH_1',
                             'AWS_SES_CA_CENTRAL_1',
                             'AWS_SES_EU_CENTRAL_1',
                             'AWS_SES_EU_NORTH_1',
                             'AWS_SES_EU_SOUTH_1',
                             'AWS_SES_EU_WEST_1',
                             'AWS_SES_EU_WEST_2',
                             'AWS_SES_EU_WEST_3',
                             'AWS_SES_IL_CENTRAL_1',
                             'AWS_SES_ME_SOUTH_1',
                             'AWS_SES_SA_EAST_1',
                             'AWS_SES_US_EAST_1',
                             'AWS_SES_US_EAST_2',
                             'AWS_SES_US_WEST_1',
                             'AWS_SES_US_WEST_2'}}

Used to configure or change the DKIM authentication settings for an email domain identity. You can use this operation to do any of the following:

  • Update the signing attributes for an identity that uses Bring Your Own DKIM (BYODKIM).

  • Update the key length that should be used for Easy DKIM.

  • Change from using no DKIM authentication to using Easy DKIM.

  • Change from using no DKIM authentication to using BYODKIM.

  • Change from using Easy DKIM to using BYODKIM.

  • Change from using BYODKIM to using Easy DKIM.

See also: AWS API Documentation

Request Syntax

client.put_email_identity_dkim_signing_attributes(
    EmailIdentity='string',
    SigningAttributesOrigin='AWS_SES'|'EXTERNAL'|'AWS_SES_AF_SOUTH_1'|'AWS_SES_EU_NORTH_1'|'AWS_SES_AP_SOUTH_1'|'AWS_SES_EU_WEST_3'|'AWS_SES_EU_WEST_2'|'AWS_SES_EU_SOUTH_1'|'AWS_SES_EU_WEST_1'|'AWS_SES_AP_NORTHEAST_3'|'AWS_SES_AP_NORTHEAST_2'|'AWS_SES_ME_SOUTH_1'|'AWS_SES_AP_NORTHEAST_1'|'AWS_SES_IL_CENTRAL_1'|'AWS_SES_SA_EAST_1'|'AWS_SES_CA_CENTRAL_1'|'AWS_SES_AP_SOUTHEAST_1'|'AWS_SES_AP_SOUTHEAST_2'|'AWS_SES_AP_SOUTHEAST_3'|'AWS_SES_EU_CENTRAL_1'|'AWS_SES_US_EAST_1'|'AWS_SES_US_EAST_2'|'AWS_SES_US_WEST_1'|'AWS_SES_US_WEST_2',
    SigningAttributes={
        'DomainSigningSelector': 'string',
        'DomainSigningPrivateKey': 'string',
        'NextSigningKeyLength': 'RSA_1024_BIT'|'RSA_2048_BIT',
        'DomainSigningAttributesOrigin': 'AWS_SES'|'EXTERNAL'|'AWS_SES_AF_SOUTH_1'|'AWS_SES_EU_NORTH_1'|'AWS_SES_AP_SOUTH_1'|'AWS_SES_EU_WEST_3'|'AWS_SES_EU_WEST_2'|'AWS_SES_EU_SOUTH_1'|'AWS_SES_EU_WEST_1'|'AWS_SES_AP_NORTHEAST_3'|'AWS_SES_AP_NORTHEAST_2'|'AWS_SES_ME_SOUTH_1'|'AWS_SES_AP_NORTHEAST_1'|'AWS_SES_IL_CENTRAL_1'|'AWS_SES_SA_EAST_1'|'AWS_SES_CA_CENTRAL_1'|'AWS_SES_AP_SOUTHEAST_1'|'AWS_SES_AP_SOUTHEAST_2'|'AWS_SES_AP_SOUTHEAST_3'|'AWS_SES_EU_CENTRAL_1'|'AWS_SES_US_EAST_1'|'AWS_SES_US_EAST_2'|'AWS_SES_US_WEST_1'|'AWS_SES_US_WEST_2'
    }
)
type EmailIdentity:

string

param EmailIdentity:

[REQUIRED]

The email identity.

type SigningAttributesOrigin:

string

param SigningAttributesOrigin:

[REQUIRED]

The method to use to configure DKIM for the identity. There are the following possible values:

  • AWS_SES – Configure DKIM for the identity by using Easy DKIM.

  • EXTERNAL – Configure DKIM for the identity by using Bring Your Own DKIM (BYODKIM).

type SigningAttributes:

dict

param SigningAttributes:

An object that contains information about the private key and selector that you want to use to configure DKIM for the identity for Bring Your Own DKIM (BYODKIM) for the identity, or, configures the key length to be used for Easy DKIM.

  • DomainSigningSelector (string) --

    [Bring Your Own DKIM] A string that's used to identify a public key in the DNS configuration for a domain.

  • DomainSigningPrivateKey (string) --

    [Bring Your Own DKIM] A private key that's used to generate a DKIM signature.

    The private key must use 1024 or 2048-bit RSA encryption, and must be encoded using base64 encoding.

  • NextSigningKeyLength (string) --

    [Easy DKIM] The key length of the future DKIM key pair to be generated. This can be changed at most once per day.

  • DomainSigningAttributesOrigin (string) --

    The attribute to use for configuring DKIM for the identity depends on the operation:

    • For PutEmailIdentityDkimSigningAttributes:

    • For CreateEmailIdentity when replicating a parent identity's DKIM configuration:

      • Allowed values: All values except AWS_SES and EXTERNAL

    • AWS_SES – Configure DKIM for the identity by using Easy DKIM.

    • EXTERNAL – Configure DKIM for the identity by using Bring Your Own DKIM (BYODKIM).

    • AWS_SES_AF_SOUTH_1 – Configure DKIM for the identity by replicating from a parent identity in Africa (Cape Town) region using Deterministic Easy-DKIM (DEED).

    • AWS_SES_EU_NORTH_1 – Configure DKIM for the identity by replicating from a parent identity in Europe (Stockholm) region using Deterministic Easy-DKIM (DEED).

    • AWS_SES_AP_SOUTH_1 – Configure DKIM for the identity by replicating from a parent identity in Asia Pacific (Mumbai) region using Deterministic Easy-DKIM (DEED).

    • AWS_SES_EU_WEST_3 – Configure DKIM for the identity by replicating from a parent identity in Europe (Paris) region using Deterministic Easy-DKIM (DEED).

    • AWS_SES_EU_WEST_2 – Configure DKIM for the identity by replicating from a parent identity in Europe (London) region using Deterministic Easy-DKIM (DEED).

    • AWS_SES_EU_SOUTH_1 – Configure DKIM for the identity by replicating from a parent identity in Europe (Milan) region using Deterministic Easy-DKIM (DEED).

    • AWS_SES_EU_WEST_1 – Configure DKIM for the identity by replicating from a parent identity in Europe (Ireland) region using Deterministic Easy-DKIM (DEED).

    • AWS_SES_AP_NORTHEAST_3 – Configure DKIM for the identity by replicating from a parent identity in Asia Pacific (Osaka) region using Deterministic Easy-DKIM (DEED).

    • AWS_SES_AP_NORTHEAST_2 – Configure DKIM for the identity by replicating from a parent identity in Asia Pacific (Seoul) region using Deterministic Easy-DKIM (DEED).

    • AWS_SES_ME_SOUTH_1 – Configure DKIM for the identity by replicating from a parent identity in Middle East (Bahrain) region using Deterministic Easy-DKIM (DEED).

    • AWS_SES_AP_NORTHEAST_1 – Configure DKIM for the identity by replicating from a parent identity in Asia Pacific (Tokyo) region using Deterministic Easy-DKIM (DEED).

    • AWS_SES_IL_CENTRAL_1 – Configure DKIM for the identity by replicating from a parent identity in Israel (Tel Aviv) region using Deterministic Easy-DKIM (DEED).

    • AWS_SES_SA_EAST_1 – Configure DKIM for the identity by replicating from a parent identity in South America (São Paulo) region using Deterministic Easy-DKIM (DEED).

    • AWS_SES_CA_CENTRAL_1 – Configure DKIM for the identity by replicating from a parent identity in Canada (Central) region using Deterministic Easy-DKIM (DEED).

    • AWS_SES_AP_SOUTHEAST_1 – Configure DKIM for the identity by replicating from a parent identity in Asia Pacific (Singapore) region using Deterministic Easy-DKIM (DEED).

    • AWS_SES_AP_SOUTHEAST_2 – Configure DKIM for the identity by replicating from a parent identity in Asia Pacific (Sydney) region using Deterministic Easy-DKIM (DEED).

    • AWS_SES_AP_SOUTHEAST_3 – Configure DKIM for the identity by replicating from a parent identity in Asia Pacific (Jakarta) region using Deterministic Easy-DKIM (DEED).

    • AWS_SES_EU_CENTRAL_1 – Configure DKIM for the identity by replicating from a parent identity in Europe (Frankfurt) region using Deterministic Easy-DKIM (DEED).

    • AWS_SES_US_EAST_1 – Configure DKIM for the identity by replicating from a parent identity in US East (N. Virginia) region using Deterministic Easy-DKIM (DEED).

    • AWS_SES_US_EAST_2 – Configure DKIM for the identity by replicating from a parent identity in US East (Ohio) region using Deterministic Easy-DKIM (DEED).

    • AWS_SES_US_WEST_1 – Configure DKIM for the identity by replicating from a parent identity in US West (N. California) region using Deterministic Easy-DKIM (DEED).

    • AWS_SES_US_WEST_2 – Configure DKIM for the identity by replicating from a parent identity in US West (Oregon) region using Deterministic Easy-DKIM (DEED).

rtype:

dict

returns:

Response Syntax

{
    'DkimStatus': 'PENDING'|'SUCCESS'|'FAILED'|'TEMPORARY_FAILURE'|'NOT_STARTED',
    'DkimTokens': [
        'string',
    ]
}

Response Structure

  • (dict) --

    If the action is successful, the service sends back an HTTP 200 response.

    The following data is returned in JSON format by the service.

    • DkimStatus (string) --

      The DKIM authentication status of the identity. Amazon SES determines the authentication status by searching for specific records in the DNS configuration for your domain. If you used Easy DKIM to set up DKIM authentication, Amazon SES tries to find three unique CNAME records in the DNS configuration for your domain.

      If you provided a public key to perform DKIM authentication, Amazon SES tries to find a TXT record that uses the selector that you specified. The value of the TXT record must be a public key that's paired with the private key that you specified in the process of creating the identity.

      The status can be one of the following:

      • PENDING – The verification process was initiated, but Amazon SES hasn't yet detected the DKIM records in the DNS configuration for the domain.

      • SUCCESS – The verification process completed successfully.

      • FAILED – The verification process failed. This typically occurs when Amazon SES fails to find the DKIM records in the DNS configuration of the domain.

      • TEMPORARY_FAILURE – A temporary issue is preventing Amazon SES from determining the DKIM authentication status of the domain.

      • NOT_STARTED – The DKIM verification process hasn't been initiated for the domain.

    • DkimTokens (list) --

      If you used Easy DKIM to configure DKIM authentication for the domain, then this object contains a set of unique strings that you use to create a set of CNAME records that you add to the DNS configuration for your domain. When Amazon SES detects these records in the DNS configuration for your domain, the DKIM authentication process is complete.

      If you configured DKIM authentication for the domain by providing your own public-private key pair, then this object contains the selector that's associated with your public key.

      Regardless of the DKIM authentication method you use, Amazon SES searches for the appropriate records in the DNS configuration of the domain for up to 72 hours.

      • (string) --