If anyone at Amazon is paying attention, you have duplicate spf1 records for amazon.com: # dig -t TXT amazon.com | grep spf amazon.com. 281 IN TXT "spf2.0/pra include:spf1.amazon.com include:spf2.amazon.com include:amazonses.com -all" amazon.com. 281 IN TXT "v=spf1 include: amazon.com include:spf1.amazon.com include:spf2.amazon.com include:amazonses.com -all" amazon.com. 281 IN TXT "v=spf1 include:spf1.amazon.com include:spf2.amazon.com include:amazonses.com -all" It's causing mail deliverability issues, so users cannot reset their password, or even get OTP codes reliably. (I don't know where else to post, as whois/arin contacts aren't responding, and I can't even imagine trying to go through other methods of support...)