DKIM should be enabled
Ensures DomainKeys Identified Mail (DKIM) is enabled for domains and addresses in SES. DKIM is a security feature that allows recipients of an email to verify that the sender domain has authorized the message and that it has not been spoofed.
DKIM should be verified
Identity Not Exposed
Identify any exposed Amazon Simple Email Service (SES) identities and update their sending authorization policy in order to stop unauthorized users from sending emails from domains or addresses owned by your AWS SES account.
Ensure that SES identities are verified in order to prove their ownership and to prevent others from using them.
Identify Cross-Account Access
Ensure that AWS SES identities (domains and/or email addresses) do not allow unknown cross-account access via authorization policies.
Help Us Improve!
If you have any suggestions to improve this checklist, please let us know by filling out