AWS ses documentation change
Summary
Added programmatic method for DKIM hosted zone retrieval and updated verification email images/descriptions.
Security assessment
The DKIM documentation enhancement improves clarity for implementing email authentication (security feature), but doesn't address a vulnerability. Image updates are cosmetic.
Diff
diff --git a/ses/latest/dg/creating-identities.md b/ses/latest/dg/creating-identities.md index b390c10fe..d2d11cca8 100644 --- a//ses/latest/dg/creating-identities.md +++ b//ses/latest/dg/creating-identities.md @@ -240,0 +241,6 @@ The following image shows an example of the CNAME records to publish to your DNS +###### Retrieving the hosted zone programmatically + +Each CNAME record's value is composed of the DKIM token followed by a hosted zone domain (for example, ``token`.dkim.amazonses.com` or ``token`.`a31d`.dkim.`us-west-2`.amazonses.com`). The hosted zone portion varies by AWS Region and cell. + +You can retrieve the hosted zone directly from the API response. Both the [CreateEmailIdentity](https://docs.aws.amazon.com/ses/latest/APIReference-V2/API_CreateEmailIdentity.html) and [GetEmailIdentity](https://docs.aws.amazon.com/ses/latest/APIReference-V2/API_GetEmailIdentity.html) responses include a `SigningHostedZone` field in the `DkimAttributes` object. Use this value to construct the full CNAME record value: ``token`.`SigningHostedZone``. + @@ -450 +456 @@ When you attempt to verify an email address, Amazon SES sends an email to that a - + @@ -562 +568 @@ Your customer receives an email that uses the customized email template you crea - +