AWS SES DKIM cannot be proxied?

Hi there! I am new to Cloudflare but I have fancied the CDN and other functions for a while so I am giving a try here.
So, I have registered an account and on stage 2 “Review DNS records”. It was so nice the system auto retrieved most of my DNS records from my DNS server. However, I am stuck with the AWS SES DKIM verification issues. I am trying to input the name and values as CNAME in Cloudflare, but it gives me Error1004 saying that it cannot be proxied and can’t be saved. Just figured out if I choose “DNS only” then I will be able to save it.

The image below is the screen captured of the error message. Can any expert please advise? Do I have to set up all emails related (incl. Outlook emails, AWS SES services) to “DNS only” which does not need proxy? Thanks in advance!! Cheers

In general yes, that record should be unproxied since it needs to be a real CNAME for the DNS records it needs to show up (proxying it makes it a ‘fake’ cname that only forwards HTTPS traffic).

1 Like

Thanks Judge.
Correct me if I am wrong, in addition should I only put HTTPS related traffic to proxy?
What about other A records for mail server/ push mail service (AWS SES, sendinmail etc.) such as mail.domain.com which is being used by wordpress and other platform?

Cloudflare only proxied HTTP(S) traffic. If a record needs to accept any other traffic (eg. 25/465/587 for incoming mail), then CF won’t proxy it and you’ll have issues with these services not working if you set it to ‘proxied’.

1 Like

Tons of thanks Judge, highly appreciated your promptly help! You are the star. :haha:

1 Like

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.