Posted On: Dec 13, 2019

Amazon Simple Email Service (Amazon SES) now includes a feature called Bring Your Own DKIM (BYODKIM), which allows you to use your own public-private key pair to configure DomainKeys Identified Mail (DKIM) for your email-sending domains.

DKIM is an email security standard designed to make sure messages are not altered in transit between the sending and recipient servers. It uses public-key cryptography to sign email with a private key. Recipient servers can then use a public key published to a domain's DNS to verify that the email has not been modified during the transit. Prior to the release of BYODKIM, you could only use DKIM signatures that were generated by Amazon SES.

This feature is useful for customers who use the same domain to send email across several AWS Regions, or across separate AWS accounts. Additionally, if you use Amazon SES to send emails on behalf of your customers, your customers can send emails that are signed using your own DKIM keys.

There are no additional charges associated with using the BYODKIM feature. This feature is available in the following AWS Regions: US East (N. Virginia), US West (Oregon), Asia-Pacific (Mumbai), Asia-Pacific (Sydney), Europe (Frankfurt), and Europe (Dublin). To learn more about BYODKIM, see Provide Your Own DKIM Authentication Token in the Amazon SES Developer Guide.

To learn more about Amazon SES and how to build multi-tenant solutions using Amazon SES, see