Summary
Experts and email marketers universally advise against removing DMARC and DKIM records to leverage Amazon SES's shared domain reputation. They emphasize that DMARC, DKIM, and SPF are crucial for maintaining a positive sending reputation, preventing spoofing and phishing attacks, and building customer trust. Relying on a shared IP address or reputation does not guarantee email delivery, as good sender reputation and sending practices are still critical. Removing these records is considered a risky strategy that can harm deliverability and make your domain vulnerable to abuse. The practice also undermines email authentication standards and can be seen as an attempt to 'steal' reputation.
Key findings
- DMARC/DKIM Importance: DMARC and DKIM are essential for verifying the source and integrity of email messages, preventing spoofing/phishing, and building sender legitimacy.
- Deliverability Impact: Removing DMARC/DKIM can negatively impact your email deliverability and sender reputation, as it signals a lack of authentication.
- Security Risks: Removing authentication records makes your domain vulnerable to malicious actors who can exploit it for phishing and other fraudulent activities.
- Shared Reputation Drawbacks: Relying solely on a shared domain reputation is not a viable long-term strategy, and it doesn't guarantee deliverability.
- Ethical Concerns: Trying to leverage shared IP reputation without proper authentication can be seen as an attempt to exploit the system, going against the intent of email authentication standards.
Key considerations
- Long-Term Strategy: Focus on building a sustainable email program with a good sender reputation, clean sending practices, and proper authentication.
- Email Authentication: Implement and maintain DMARC, DKIM, and SPF records correctly to protect your domain, improve deliverability, and build trust with recipients.
- Reputation Ownership: Take ownership of your domain's reputation through proper authentication rather than relying on shared resources.
- Compliance Adherence: Understand and adhere to email sending best practices and ESP compliance policies to avoid account suspension or other penalties.
- Security Best Practices: Prioritize security measures to prevent domain impersonation, protect recipients from phishing attacks, and maintain a trustworthy brand reputation.
What email marketers say
11 marketer opinions
Experts and email marketers overwhelmingly advise against removing DMARC and DKIM records to leverage Amazon SES's shared domain reputation. They emphasize that DMARC and DKIM are crucial for maintaining a positive sending reputation, preventing spoofing and phishing attacks, and building customer trust. Removing these records is considered a risky strategy that can harm deliverability and make your domain vulnerable to abuse.
Key opinions
- DMARC/DKIM Importance: DMARC and DKIM are essential for proving sender legitimacy to mailbox providers and preventing spoofing/phishing.
- Deliverability Impact: Removing DMARC/DKIM can negatively impact your email deliverability and sender reputation.
- Security Risks: Removing these records makes your domain vulnerable to malicious actors who can exploit it for phishing and other fraudulent activities.
- Shared Reputation Drawbacks: Relying on a shared domain reputation is not a viable long-term strategy and can lead to inconsistencies in deliverability.
- SES Compliance: Amazon SES has strict compliance policies, and aggressive sending practices can lead to account suspension.
Key considerations
- Long-Term Strategy: Consider the long-term implications of removing authentication records versus the short-term gains of using a shared reputation.
- Reputation Ownership: Taking ownership of your domain's reputation through proper authentication is crucial for sustainable email marketing success.
- Authentication Implementation: Implement DMARC, DKIM, and SPF correctly to protect your domain and improve deliverability.
- Compliance Adherence: Understand and adhere to email sending best practices and ESP (Email Service Provider) compliance policies.
- Security Best Practices: Prioritize security measures to prevent domain impersonation and protect your recipients from phishing attacks.
Marketer view
Email marketer from EmailonAcid Blog strongly emphasizes that you should *never* consider removing email authentication. It is critical to protecting your domain reputation and ensuring deliverability. They suggest implementing DMARC, DKIM, and SPF.
5 Apr 2025 - EmailonAcid Blog
Marketer view
Email marketer from Email Geeks shares that SES got pretty tight with their compliance a couple years back and started booting people left and right. While your client might be getting away with let's call it aggressive sending it might not be google or yahoo that cut off their head but a message from ses saying their account is suspended and their 400k a day goes to 0 with no warm ips to welcome them.
16 Nov 2023 - Email Geeks
What the experts say
4 expert opinions
Experts advise against removing DMARC and DKIM records to leverage Amazon SES's shared domain reputation. They highlight that this practice is against the intent of email authentication standards, as it enables senders with poor practices to benefit from the reputation of shared IPs. Furthermore, a shared IP address does not guarantee deliverability, as good sender reputation and sending practices are still crucial. Properly implemented DMARC prevents domain name abuse and protects recipients from phishing.
Key opinions
- Undermines Email Standards: Removing DMARC/DKIM enables senders with poor practices to exploit shared IP reputations, going against the goals of email authentication.
- Deliverability Not Guaranteed: Shared IPs don't guarantee deliverability; a good sender reputation and sending practices are still essential.
- DMARC Prevents Abuse: Correctly implemented DMARC helps prevent bad actors from using your domain name for phishing and other malicious activities.
- Short-Term Solution: Relying on shared IP reputation is not a sustainable, long-term solution for deliverability.
Key considerations
- Long-Term Strategy: Focus on building and maintaining a good sender reputation and following best practices for sending emails.
- Email Authentication: Implement and maintain DMARC, DKIM, and SPF records correctly to protect your domain and ensure deliverability.
- Ethical Sending: Avoid practices that exploit shared infrastructure to bypass deliverability issues.
- Sustainable Deliverability: Prioritize clean sending practices, proper authentication, and good list hygiene for long-term deliverability success.
Expert view
Expert from Spam Resource states that shared IP addresses or reputation do not mean that your emails will get delivered. Email delivery still relies heavily on a good sender reputation and good sending practices.
28 Apr 2025 - Spam Resource
Expert view
Expert from Email Geeks shares concerns that a similar exploit occurred where groups never finished custom domain configuration to send millions of cruddy messages on shared IPs, and he asks, 'what do you plan to do past June, because this isn't a plan for long term success.'
14 Dec 2023 - Email Geeks
What the documentation says
4 technical articles
Technical documentation from AWS, RFC, DMARC.org, and Google Workspace Admin Help suggests that removing DMARC and DKIM records to use Amazon SES shared domain reputation is not recommended. DMARC, DKIM, and SPF are essential for verifying the source and integrity of email messages, preventing spoofing, and maintaining control over sender reputation. AWS suggests dedicated IPs and domain authentication for senders aiming for high deliverability. DMARC.org states that DMARC helps protect domains from unauthorized use and email spoofing.
Key findings
- Shared IPs Not Recommended: AWS does not recommend using shared IPs for senders aiming for high deliverability.
- Importance of Authentication: SPF, DKIM, and DMARC are crucial for verifying the source and integrity of email messages.
- Spoofing Prevention: SPF and DMARC help prevent email spoofing and unauthorized use of domains.
- Reputation Control: Dedicated IPs and domain authentication provide more control over sender reputation.
Key considerations
- Authentication Implementation: Implement SPF, DKIM, and DMARC to protect your domain and ensure emails are authenticated.
- Deliverability Goals: Consider your deliverability goals when choosing between shared IPs and dedicated IPs with domain authentication.
- Long-Term Reputation: Focus on building a positive sender reputation through proper authentication and good sending practices.
- Security Measures: Prioritize security measures to prevent domain impersonation and protect recipients from fraudulent activities.
Technical article
Documentation from RFC states that DomainKeys Identified Mail (DKIM) is designed to provide a method for verifying the source and integrity of email messages. It allows receiving systems to confirm that a message was indeed sent by the domain it claims to be from and that the message content has not been altered in transit.
16 Sep 2021 - RFC 4871
Technical article
Documentation from AWS explains that while using Amazon SES shared IPs is an option, it's not recommended for senders aiming for high deliverability. They emphasize that dedicated IPs and domain authentication (SPF, DKIM, DMARC) provide more control over sender reputation, which is essential for consistent inbox placement.
8 Apr 2024 - AWS Documentation
Are SPF, DKIM, and DMARC records necessary for transactional email servers not used for marketing?
Can I use DMARC with shared IP addresses?
Do all email service providers support DMARC, and what does 'support' mean in this context?
How can I use DMARC to prevent spammers from using my domain?
How do I properly set up SPF and DKIM records for email marketing, including handling multiple SPF records, IP ranges, bounce capturing, and Google Postmaster Tools verification?
How do SPF, DKIM, and DMARC email authentication standards work?
