How do I add and verify a domain to use with WorkMail?
I want to add my organization's email domain to Amazon WorkMail.
Resolution
You can add your email domain to WorkMail by using the AWS Management Console. After adding your domain, create the required public DNS records in your DNS provider to send and receive email messages.
Add your domain to WorkMail
- From the WorkMail console, choose the Alias for your organization.
- From the navigation pane, choose Domains, and then choose Add domain.
- For Domain name, enter your fully qualified domain name (FQDN) in the Domain name field. Then choose Add domain.
Update the DNS records on Route 53
If you use Amazon Route 53 on the same account where you have your WorkMail organization, and the domain is registered, WorkMail can automatically configure your domain DNS records. Choose Update all in Route 53 at the top of the page to configure your DNS records.
Update the DNS records in other DNS providers
The procedures for publishing DNS records for your domain depend on the DNS provider you use. See the section titled Procedures for other DNS providers for instructions for adding DNS records to your domain. The procedure for adding DNS records to your domain's DNS server also varies based on your web hosting service or DNS provider.
To complete the process, copy the DNS record names and values from the WorkMail console and create the corresponding DNS records in your DNS provider.
Verify domain ownership
Before you can use your domain, WorkMail needs to verify the domain ownership. For this, create a DNS TXT record.
- From the WorkMail console, take note of the TXT record name (for example, _amazonses) and the value (for example, Examplet1m66d11EGfsukCL7w520AaExample+TESTo=).
- Create a TXT DNS record with the aforementioned name and value.
MX and autodiscover records
Create the DNS MX record so that WorkMail can start receiving email messages from your email domain. Add the autodiscover CNAME record for the client configuration.
- From the WorkMail console, take note of the MX record value (for example, 10 inbound-smtp.us-east-1.amazonaws.com).
- Create an MX DNS record with the aforementioned value.
Note: The MX record needs to point to the root domain that is typically denoted by @ or is empty. This is dependent on your DNS provider. - Take note of the CNAME record name (for example, autodiscover) and the record value (for example, autodiscover.mail.us-east-1.awsapps.com).
- Create a CNAME DNS record with aforementioned name and value.
Improve WorkMail security by configuring DKIM, DMARC, and SPF
To further protect your domain from impersonation, it's a best practice to create all records listed in the following steps. For the SPF record, make sure to include all servers that send email by using your domain.
- From the WorkMail console, take note of the first CNAME record name (for example, ex4mpl3ac7ki6clelsdbiiudpavjpsk3._domainkey) and the value (for example, ex4mpl3ac7ki6clelsdbiiudpavjpsk3.dkim.amazonses.com).
- Create a CNAME DNS record with the aforementioned name and value.
- Repeat steps 1 and 2 for the other two CNAME records.
- Take note of the TXT record value (for example, v=spf1 include:amazonses.com ~all).
- Create a TXT DNS record with the aforementioned value.
Note: The TXT record needs to point to the root domain that is typically denoted by @ or is empty. This denotation is dependent on your DNS provider.
Configure the MAIL FROM domain
By default, WorkMail uses the subdomain amazonses.com as the MAIL FROM domain for all outgoing email messages. This can cause a delivery failure if DomainKeys Identified Mail (DKIM) is not set for your domain. To resolve this, configure your own domain as the MAIL FROM domain from the Amazon Simple Email Service (Amazon SES) Domains page.
Follow the instructions in the console to configure a custom MAIL FROM domain.
For more information about MAIL FROM, see Using a custom MAIL FROM domain.
Verify the records published correctly
You can verify that the WorkMail domain verification TXT record is published correctly to your DNS server. For more information, see Verifying TXT records and MX records with your DNS service.
Note: It might take up to 72 hours for DNS records to propagate to your domain host provider.
For more information about adding DNS records to Amazon Route 53, see Routing traffic to Amazon WorkMail.
Procedures for other DNS providers
The procedures for publishing DNS records for your domain depend on the DNS provider you use. The following list includes links to the documentation for widely used DNS providers. This list isn't exhaustive and doesn't signify endorsement; likewise, if your DNS provider isn't listed, it doesn't imply they don't support WorkMail domain configuration.
- GoDaddy (on the GoDaddy website)
Add a CNAME record
Add a TXT record
Add an MX record - DreamHost (on the DreamHost website)
Adding custom DNS records - Cloudflare (on the Cloudflare website)
Manage DNS records - HostGator (on the HostGator website)
Manage DNS records with HostGator/Enom - Namecheap (on the Namecheap website)
How do I add TXT/SPF/DKIM/DMARC records for my domain? - Names.co.uk (on the Names.co.uk website)
Changing your domain's DNS settings - Wix (on the Wix website)
Adding or Updating MX Records in Your Wix Account
Adding or Updating CNAME Records in Your Wix Account
Adding or Updating TXT Records in Your Wix Account
Relevant content
- Accepted Answerasked a year ago
- asked 8 months ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated a year ago
