From 877b75556d05996b6d5fc63d81a895e312657055 Mon Sep 17 00:00:00 2001 From: Kai Siren Date: Tue, 28 Jan 2025 11:53:36 -0800 Subject: [PATCH 1/3] MAIL FROM and DMARC DNS updates --- .../notifications-email-domain/resources/dns.tf | 13 ++++++++++--- .../notifications-email-domain/resources/main.tf | 3 +-- 2 files changed, 11 insertions(+), 5 deletions(-) diff --git a/infra/modules/notifications-email-domain/resources/dns.tf b/infra/modules/notifications-email-domain/resources/dns.tf index 516df2cc..c430a169 100644 --- a/infra/modules/notifications-email-domain/resources/dns.tf +++ b/infra/modules/notifications-email-domain/resources/dns.tf @@ -7,8 +7,6 @@ resource "aws_route53_record" "dkim" { zone_id = var.hosted_zone_id name = "${aws_sesv2_email_identity.sender_domain.dkim_signing_attributes[0].tokens[count.index]}._domainkey.${var.domain_name}" records = ["${aws_sesv2_email_identity.sender_domain.dkim_signing_attributes[0].tokens[count.index]}.dkim.amazonses.com"] - - depends_on = [aws_sesv2_email_identity.sender_domain] } resource "aws_route53_record" "spf_mail_from" { @@ -24,7 +22,16 @@ resource "aws_route53_record" "mx_receive" { allow_overwrite = true type = "MX" ttl = "600" + zone_id = var.hosted_zone_id name = local.mail_from_domain + records = ["10 feedback-smtp.${data.aws_region.current.name}.amazonses.com"] +} + +resource "aws_route53_record" "dmarc" { + allow_overwrite = true + ttl = "600" + type = "TXT" zone_id = var.hosted_zone_id - records = ["10 feedback-smtp.${data.aws_region.current.name}.amazonaws.com"] + name = aws_sesv2_email_identity_mail_from_attributes.sender_domain.mail_from_domain + records = ["v=DMARC1; p=none;"] } diff --git a/infra/modules/notifications-email-domain/resources/main.tf b/infra/modules/notifications-email-domain/resources/main.tf index f89cc8ce..728861e6 100644 --- a/infra/modules/notifications-email-domain/resources/main.tf +++ b/infra/modules/notifications-email-domain/resources/main.tf @@ -4,6 +4,7 @@ data "aws_region" "current" {} locals { mail_from_domain = "mail.${var.domain_name}" + dmarc_domain = "_dmarc.${var.domain_name}" dash_domain = replace(var.domain_name, ".", "-") } @@ -35,6 +36,4 @@ resource "aws_sesv2_configuration_set" "email" { resource "aws_sesv2_email_identity_mail_from_attributes" "sender_domain" { email_identity = aws_sesv2_email_identity.sender_domain.email_identity mail_from_domain = local.mail_from_domain - - depends_on = [aws_sesv2_email_identity.sender_domain] } From c10943f5fa3f98d7a1b67a70c915e43ce26a18e6 Mon Sep 17 00:00:00 2001 From: "kai [they]" Date: Tue, 28 Jan 2025 12:31:20 -0800 Subject: [PATCH 2/3] Update infra/modules/notifications-email-domain/resources/dns.tf Co-authored-by: Loren Yu --- infra/modules/notifications-email-domain/resources/dns.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/infra/modules/notifications-email-domain/resources/dns.tf b/infra/modules/notifications-email-domain/resources/dns.tf index c430a169..3ffbe098 100644 --- a/infra/modules/notifications-email-domain/resources/dns.tf +++ b/infra/modules/notifications-email-domain/resources/dns.tf @@ -32,6 +32,6 @@ resource "aws_route53_record" "dmarc" { ttl = "600" type = "TXT" zone_id = var.hosted_zone_id - name = aws_sesv2_email_identity_mail_from_attributes.sender_domain.mail_from_domain + name = local.dmarc_domain records = ["v=DMARC1; p=none;"] } From ede01923ee6d307693c3c423f2b29bf21480b2f3 Mon Sep 17 00:00:00 2001 From: Kai Siren Date: Tue, 28 Jan 2025 14:24:16 -0800 Subject: [PATCH 3/3] dmarc quarantine --- infra/modules/notifications-email-domain/resources/dns.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/infra/modules/notifications-email-domain/resources/dns.tf b/infra/modules/notifications-email-domain/resources/dns.tf index 3ffbe098..92fa41cf 100644 --- a/infra/modules/notifications-email-domain/resources/dns.tf +++ b/infra/modules/notifications-email-domain/resources/dns.tf @@ -33,5 +33,5 @@ resource "aws_route53_record" "dmarc" { type = "TXT" zone_id = var.hosted_zone_id name = local.dmarc_domain - records = ["v=DMARC1; p=none;"] + records = ["v=DMARC1; p=quarantine;"] }