I’m using Amazon SES on a few sites to handle transactional emails. Setting this up was fairly straightforward on several domains but one domain, though setup identically, was having issues. I kept getting the Email DKIM Setup Failure email from AWS SES and couldn’t figure out what was wrong.
I’m still not 100% sure I know the issue, but it is working now and I didn’t see this particular suggestion as I was searching for solutions, so hoping this will be helpful to someone.
What Worked
- Delete the existing DKIM CNAME keys you’ve created in CloudFlare’s DNS.
- Add a new DKIM CNAME record to your CloudFlare DNS BUT…
- Before saving change the “Proxied Status” from “Proxied” to “DNS Only”.
- Save and repeat.
Here is a screen capture of the add DNS record form in CloudFlare as it is by default:

And here is what the Proxy status should look like after being changed to DNS only:




Why It Worked?
There are a number of reasons this could have worked…if I run into this issue again I’ll spend some more time identifying the exact cause but atm I’m guessing either:
- Something went wrong with the original CNAME creation, even though they were appearing in CloudFlare’s DNS and deleting and recreating the CNAME entry was required, not just editing the existing entry (and changing from Proxied to DNS Only has nothing to do with it).
- Could be a glitch in CloudFlare where even though the CNAME record is auto-converted to “DNS Only”, creating the record with “Proxied” causes some glitch that breaks the CNAME.
- I made some doofy error and fixed it by deleting and recreating.
What Didn’t Work?
I tried several times editing the existing CNAME records and copying/pasting the correct Name and Content from AWS SES into the CNAME record edit form. This made no difference. I also checked that the values I was pasting in matched those I was copying from Amazon.
I did this over a period of several days, enough to receive a two or three DKIM failure emails – so it wasn’t me being impatient either.
Resources
Here are some of the resources I stumbled upon while looking for a resolution…
- DKIM not verifying via cloudflare although they’re entered exactly as shown. AWS Developer Forums.
- Amazon ses dkim failing. CloudFlare Community.
- Why is my DKIM domain failing to verify on Amazon SES? AWS Knowledge Center.