diff --git a/ses-domain-identity/README.md b/ses-domain-identity/README.md
index 0447135..3c513d5 100644
--- a/ses-domain-identity/README.md
+++ b/ses-domain-identity/README.md
@@ -9,10 +9,10 @@ This module allows you to setup domain identification for SES with the following
 
 ## Usage
 
-See `variables.tf` for the full argument reference.
+### With a literal zone ID
 
 ```hcl
-module "ses_doamin_identity" {
+module "ses_domain_identity" {
   source = "github.com/script47/aws-tf-modules/ses-domain-identity"
 
   zone_id = "zone-id"
@@ -41,3 +41,32 @@ module "ses_doamin_identity" {
   }
 }
 ```
+
+### With a resource-derived zone ID
+
+If `zone_id` comes from a resource created in the same apply (e.g. `aws_route53_zone`), set `manage_dns_records = true` explicitly. Without it, Terraform cannot evaluate the `count` at plan time and will error with "Invalid count argument".
+
+```hcl
+module "ses_domain_identity" {
+  source = "github.com/script47/aws-tf-modules/ses-domain-identity"
+
+  zone_id            = aws_route53_zone.zone.id
+  manage_dns_records = true
+  domain             = "example.org"
+}
+```
+
+### Without DNS management
+
+To create the SES domain identity without managing Route53 records, set `manage_dns_records = false`. `zone_id` can then be omitted.
+
+```hcl
+module "ses_domain_identity" {
+  source = "github.com/script47/aws-tf-modules/ses-domain-identity"
+
+  manage_dns_records = false
+  domain             = "example.org"
+}
+```
+
+See `variables.tf` for the full argument reference.
diff --git a/ses-domain-identity/route53.tf b/ses-domain-identity/route53.tf
index a0dff2d..5de17f9 100644
--- a/ses-domain-identity/route53.tf
+++ b/ses-domain-identity/route53.tf
@@ -1,5 +1,5 @@
 locals {
-  configure_dns = var.zone_id != null
+  configure_dns = var.manage_dns_records
   spf_record = join(
     " ",
     concat(
diff --git a/ses-domain-identity/variables.tf b/ses-domain-identity/variables.tf
index 3133f77..b668229 100644
--- a/ses-domain-identity/variables.tf
+++ b/ses-domain-identity/variables.tf
@@ -2,6 +2,17 @@ variable "zone_id" {
   type        = string
   description = "The ID of the hosted zone"
   default     = null
+
+  validation {
+    condition     = !var.manage_dns_records || var.zone_id != null
+    error_message = "zone_id must be provided when manage_dns_records is true."
+  }
+}
+
+variable "manage_dns_records" {
+  type        = bool
+  description = "Whether to create Route53 DNS records in the provided zone. Set to false to create the SES domain identity without managing DNS."
+  default     = true
 }
 
 variable "domain" {