Thursday, 24 March 2022

Amazon SES

 

  • A cost-effective and scalable email service that enables you to send mail from within any application.
  • A regional service.
  • Amazon SES is for applications that need to send communications via email. Amazon SES supports custom email header fields, and many MIME types.
  • Amazon SNS is for messaging-oriented applications, with multiple subscribers requesting and receiving push notifications of messages via different available transport protocols, such as HTTP, Amazon SQS, and email. SNS does not support multimedia attachments.

Common Use Cases

  • Transactional emails
  • Marketing emails 
  • Mass email communications

Features

  • Flexible Deployment Options
    • By default, Amazon SES sends email from IP addresses that are shared with other Amazon SES customers. Shared addresses are a great option for many customers who want to start sending immediately with established IPs. These IP addresses’ reputation are monitored closely by AWS.
    • For customers that want to manage their own IP reputation, you can lease dedicated IP addresses to use with your Amazon SES account.
    • Amazon SES also supports Bring Your Own IP (BYOIP).
  • Sender Identity Management and Security
    • SES supports Domain Keys Identified Mail (DKIM), Sender Policy Framework (SPF), and Domain-based Message Authentication, Reporting and Conformance (DMARC).
  • Provides Sending Statistics
    • SES captures information on the number of sends, deliveries, opens, clicks, bounces, complaints, and rejections. This data is shared by default in the Sending Statistics report in the SES console.
    • Sending data can be stored in an Amazon S3 bucket or an Amazon Redshift database, sent to Amazon SNS for real-time notifications, or analyzed using Amazon Kinesis Analytics.
  • Reputation Dashboard
    • SES console includes a reputation dashboard that you can use to track issues that could impact the delivery of your emails, such as bounce and feedback loops for your account.
    • You can use CloudWatch to create alarms that notify you when your bounce or complaint rates reach certain thresholds.
  • Email Receiving
    • You can use SES to receive emails.
    • You can accept or reject mail based on the email address, IP address, or domain of the sender. 
    • Once SES has accepted the email, you can store it in an S3 bucket, execute custom code using a Lambda function, or publish notifications to SNS.

Methods of Sending Emails

  • Amazon SES console
  • SES Simple Mail Transfer Protocol (SMTP) interface
  • Amazon SES API

Testing Amazon SES

  • The Amazon SES sandbox is an area where new users can test the capabilities of SES. When your account is in the sandbox, you can only send email to verified identities. A verified identity is an email address or domain that you own.
  • In sandbox mode, there are limits on the volume of email that you can send each day, and on the number of messages that you can send each second.

Concepts

  • SES SMTP
    • You can connect directly to this SMTP interface from your applications, or configure your existing email server to use this interface as an SMTP relay.
    • SES allows you to create a private SMTP relay.
    • You need to generate SMTP credentials first before you can use the interface.
    • You can access your SES SMTP endpoint from your VPC privately via AWS PrivateLink through a VPC endpoint.
  • Email deliverability 
    • This is the percentage of your emails that arrive in your recipients’ inboxes.
  • Reputation
    • When it comes to email sending, reputation—a measure of confidence that an IP address, email address, or sending domain is not the source of spam—is important.
    • You build your reputation by sending high-quality content.
    • Excessive bounces and complaints negatively impact your reputation and can cause SES to reduce the sending quotas for your account, or terminate your SES account.
  • Bounce
    • If your receiver or email provider fails to deliver your message to the recipient, the receiver bounces the message back to SES.
    • SES notifies you of hard bounces and soft bounces that will no longer be retried.
  • Complaint
    • If the email provider concludes that you are a spammer, and SES has a feedback loop set up with the email provider then the email provider will send the complaint back to SES.
  • Global suppression list
    • SES global suppression list is a list of recipient email addresses that have recently caused a hard bounce for any Amazon SES customer. 
    • If you try to send an email through SES to an address that is on the suppression list, the call to SES succeeds, but the email is treated as a hard bounce instead of SES attempting to send it.
  • Deliveries
    • This metric tells us if SES successfully delivered the email to the recipient’s mail server.
  • Opens
    • This metric tells us if the recipient received the message and opened it in their email client.
  • Clicks
    • This metric tells us if the recipient clicked one or more links in the email.
  • Configuration sets
    • Groups of rules that you can apply to the emails you send.
      • Event publishing – SES can track the number of send, delivery, open, click, bounce, and complaint events for each email you send. You can use event publishing to send information about these events to other AWS services.
      • IP pool management – If you lease dedicated IP addresses, you can create groups of these addresses, called dedicated IP pools. You can then associate these dedicated IP pools with configuration sets.
  • Dedicated IP Pools
    • If you lease several dedicated IP addresses, you can use the dedicated IP pools feature to create groups of those IP addresses. You can then associate each pool with a configuration set. 
    • When you send emails using a configuration set, those emails are only sent from the IP addresses in the associated pool.
    • A common scenario is to create one pool of dedicated IP addresses for sending marketing communications, and another for sending transactional emails. Your sender reputation for transactional emails is then isolated from that of your marketing emails.

Email Authentication Methods

  • Authenticating Email with Sender Policy Framework (SPF) – an email validation standard that’s designed to prevent email spoofing. Domain owners use SPF to tell email providers which servers are allowed to send email from their domains.
  • Authenticating Email with Domain Keys Identified Mail (DKIM) – a standard that allows senders to sign their email messages with a cryptographic key. Email providers then use these signatures to verify that the messages weren’t modified by a third party while in transit.
  • Complying with DMARC – an email authentication protocol that uses SPF and DKIM to detect email spoofing. In order to comply with DMARC, messages must be authenticated through either SPF or DKIM, or both.

Email Sending Requests

  • If the request to SES succeeds, SES returns a success response to the sender. This message includes the message ID, a string of characters that uniquely identifies the request.
  • If the request to SES fails, SES responds to the sender with an error and drops the email.

Dedicated IP Addresses vs Amazon SES IP Addresses

Benefit

Shared IP addresses

Dedicated IP addresses

Ready to use with no additional setup

Yes

No

Reputation managed by AWS

Yes

No

Good for customers with continuous, predictable sending patterns

Yes

Yes

Good for customers with less predictable sending patterns

Yes

No

Good for high-volume senders

Yes

Yes

Good for low-volume senders

Yes

No

Additional monthly costs

No

Yes

Complete control over sender reputation

No

Yes

Isolate reputation by email type, recipient, or other factors

No

Yes

Provides known IP addresses that never change

No

Yes

 

Security

  • AWS uses in-house anti-spam technologies to filter messages that contain poor-quality content. They also scan all messages that contain attachments to check for viruses and other malicious content.
  • Integrates with AWS KMS.
  • Supports TLS 1.2, TLS 1.1 and TLS 1.0 for TLS connections.

Pricing

  • When you call SES from an application hosted in an EC2 instance, you can send 62,000 messages per month at no charge. You pay a fee for every 1,000 emails you send after that.
  • You do not get free sends from other platforms.
  • The first 1,000 emails you receive are free. Succeeding emails will cost you.
  • You pay for dedicated IP addresses you lease.
  • You are charged for each BYOIP you bring to SES.
  • You also pay for outgoing data charges per GB.

No comments:

Post a Comment