Hi,
I just switched my relay-server from sendgrid to Amazon SES, as some mails where blocked because some antispam-systems (e.g. Sophos) seems to identify sendgrids IPs as spam. While setting up Amazon SES, I struggled initially with DMARC verification (testmails to my google-account landed in SPAM due to failed DMARC). After getting this sorted and taking a deeper look at the mail-headers, I found the following:
ARC-Authentication-Results: i=1; mx.google.com;
dkim=pass header.i=@mydomain.de header.s=somerandomidentifier header.b=someheader;
dkim=pass header.i=@amazonses.com header.s=anotherrandomidentifier header.b=anotherheader;
dkim=fail header.i=@mydomain.de header.s=dkim header.b=yetanotherheader;
spf=pass (google.com: domain of 01070176862bcc6c-XXXXXXXX-8d6d-4096-b68b-XXXXXXXXXXXX-000000@eu-central-1.amazonses.com designates 69.XXX.XXX.X as permitted sender) smtp.mailfrom=01070176862bcc6c-XXXXXXXX-8d6d-4096-b68b-XXXXXXXXXXXX-000000@eu-central-1.amazonses.com;
dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=mydomain.de
For me this looks like the dkim configured in Mailcow fails the check. As the first two dkim-headers pass and SPF also passes, google seems to be good to pass also DMARC in this case. However, I like to have a clean configuration and asking myself:
Is the DKIM-configuration needed in Mailcow when using a relay-server like Amazon SES, who does DKIM itself? Is it good to just delete the DKIM-keys in Mailcow for my domains?