MAIL FROM and DMARC DNS updates

[coilysiren]

Changes

• Fixes the DNS record for the MAIL FROM domain
• Adds the DNS record for the DMARC domain

Context for reviewers

Work originates from https://nava.slack.com/archives/C03G1SWD9H7/p1738089826660819

Testing

Preview environment for app

♻️ Environment destroyed ♻️

Preview environment for app-rails

♻️ Environment destroyed ♻️

[lorenyu]

Assuming testing looks good the code looks good to me. Had one non-blocking idea/suggestion if you think it's a good idea go for it otherwise not required

[lorenyu]

Non-blocking style suggestion. For email I think dns.tf doesn't really say what it's doing, more how it's doing it. What do you think about instead separating into 3 files:

• mail_from.tf
• dkim.tf
• dmarc.tf

mail_from.tf will have the resources:

• local mail_from variable
• aws_sesv2_email_identity_mail_from_attributes.sender_domain
• aws_route53_record.mx_receive
• aws_route53_record.spf_mail_from

dkim.tf would have:

• aws_route53_record.dkim

and dmarc.tf would have:

• aws_route53_record.dmarc

thoughts?

[coilysiren]

While that's probably correct from the point of view of the greater organization of the project, I think it's important to keep the UX in mind here. Splitting up the DNS into 3 files will probably confuse people more often than not. Especially if they don't have strong working knowledge of have email verification works (I certainly don't!)

[lorenyu]

That's reasonable

[lorenyu]

@coilysiren for testing go ahead and apply the changes on the dev environment and look in the console to see if the MAIL FROM shows up as "SUCCESS" rather than pending or failed, and upload a screenshot of that to the PR description

[lorenyu]

@coilysiren oh even better, use the test notifications page and send an email and show that the email was sent from mail.platform-test-dev.navateam.com

[lorenyu]

Should we close this

[coilysiren]

Done => navapbc/template-infra#859