shut lichen
Dear Cloudflare Support Team,
I am writing to report a serious security issue involving my domain moleculesciwriteip.in, which is currently managed through Cloudflare DNS.
It has come to my attention that emails are being sent using my domain via Amazon SES without my authorization. These emails are passing SPF, DKIM, and DMARC checks and are resulting in bounce-back messages being delivered to my domain.
Upon reviewing my DNS configuration on Cloudflare, I found the following concerning entries:
DKIM CNAME records pointing to Amazon SES (*.dkim.amazonses.com)
TXT record for _amazonses domain verification
SPF records including amazonses.com
MX record pointing to feedback-smtp.us-west-1.amazonaws.com
DMARC policy set to p=none (non-enforcing)
These configurations are effectively allowing third-party email services (Amazon SES) to send emails on behalf of my domain, which is being actively abused.
I did not intentionally configure Amazon SES for this domain, and I believe this setup has either been misconfigured or exploited. Since all DNS routing and management is handled through Cloudflare, I request your urgent assistance in:
Investigating how these Amazon SES-related DNS records were introduced
Confirming whether any automated Cloudflare services or integrations could have enabled this
Advising on immediate steps to fully revoke any external email sending authorization
Ensuring no unauthorized services can use my domain for email sending going forward
This issue is impacting my domain’s reputation and poses a significant risk of being flagged for spam or abuse.
Please treat this as a high-priority security concern and assist in resolving it at the earliest.
Domain: moleculesciwriteip.in
I am available to provide any additional logs or verification needed.
Thank you for your prompt support.
silver jetty