Checking if SPF, DKIM, and DMARC are set correctly - amazon-web-services

I have a mock domain name: dev.chacchan.ml
I've configured SPF and DKIM to ensure nobody can use my SMTP credential to send mail outside SES
This is my DNS config:
How can I send mail from outside SES to validate my configures are working correctly with an expected result is e-mail being blocked

Whether an email is delivered depends on many factors, in particular the configuration of the receiving mail server and the reputation of the sender. It is thus really difficult to isolate individual factors with tests.
Make sure you also have a valid DMARC record with a reject policy. Afterwards, you can test your configuration with a tool such as mail-tester.com. Alternatively, you can interpret the Authentication-Results header field, which your personal mailbox provider likely adds to incoming emails, yourself.
There are no guarantees that not-authenticated emails are blocked by receiving mail servers. Configuring SPF, DKIM, and DMARC properly is the best you can do as a sender.

Related

How to setup an email address for sending only?

My main goal is to setup an email address for my server to use for sending emails only.
I did some research, and it looked like Amazon Simple Email Server and/or Amazon Workmail could provide me with what I needed. I've gotten as far as setting up SES and Workmail so that I can set my server to be able to send emails. However, I saw that once the Workmail inbox is full (50GB), the account would be unable to send emails. Given that this is going to be used by the server and not a human, I didn't want the inbox to get filled with auto replies, spam, or failed to send messages, and then be unable to send emails. So, I went looking for a way to either:
A) prevent emails from being received and stored in the inbox
B) a rule I could setup to delete anything that didn't match the company domain
C) be able to read the inbox and delete email messages using the AWS CLI, and I'd setup my own script to manage how and what was deleted when
So far I haven't had any luck.
Again, I'm not particular how I achieve the goal, but I do preferably need to find a way to have an email address for a server to use exclusively for sending messages. I worry that if I leave it to employees to remember to login and clear the inbox, someone will forget, and then the server will stop sending emails.
Any direction or advice would be greatly appreciated.
I'm not well versed in email protocols; could I setup the address to return a bounce back always, and that would prevent it from receiving emails into it's inbox?
How are you generating these emails? If you are generating them programmatically (via an app/script), you may not need to set up a server. If you just route the outgoing mail through your app to SNS, the emails will be valid, however, there will be no "inbox" for incoming mail and they will just be dumped. This way you don't have to actually worry about an inbox getting full as it will just drop anything coming in.
https://docs.aws.amazon.com/ses/latest/DeveloperGuide/receiving-email.html
In order to receive emails though SNS, you have to go through the setup linked above, but if you do not set this up, then emails will just bounce. At least, that is how I have been doing it.

Sendy External SMTP Bounce Handler

Sendy will not track bounced email address when sending emails via any SMTP server. It only works when if you hook it with AWS SES.
As I'm using SMTP which is hosted on a Linux server along with IMAP, POP3.
I sent thousands of mail using that SMTP and Sendy is not counting Bounced addresses while I checked my mailbox and there was thousands of undelivered mail.
Is there any way to make it count for Sendy SMTP?
I saw this image in Google, Don't know how to make it.
The image you found does not appear to be part of Sendy -- it appears to be from this third party product. It's not entirely clear.
What it seems to do is connect to your mailbox (the one you showed, with the bounces) using the POP3 mail fetching protocol... and read those bounce messages.
The web site seems to imply that this vendor wants access to your server and will install their products for you, which seems like a very dubious practice, so proceed with caution.

How to send email on users behalf using AWS SES?

I can see that from SendGrid I can send email, where the from field will show any email which the end user will put. With AWS SES how can I achieve this?
As I see in the docs it needs to verify the email/domain before doing this. Is there a way to do this?
In SES you can only send emails from verified domains or verified emails. And in either cases you would need to own them otherwise you cannot verify them and subsequently you cannot use those.
Once you verify a domain it is more liberal in the sense that now you can use any arbitrary id at that domain
So e.g. if you verify xyz.com domain then you can use any id #xyz.com
E.g. myid1#xyz.com or jghdgd#xyz.com
That might be about policy
Not very familiar with send grid.
We use sparkpost as another ESP and there as well you can only use only authenticated domains. And that makes sense as well because otherwise people can just adopt any arbitrary identity for spamming

Should I Expect the Forward("my.username#gmail.com") Route to Email Me?

I have my catch_all() set to forward("my.username#gmail.com"). I expected that any emails caught by this route would be forwarded to my email address as actual emails, but I never received them. The mailgun logs state that the message was routed, accepted, and delivered successfully.
What am I missing?
The problem ended up being gmail... I was sending my test messages from my gmail account and had the forward setup to return to my gmail. Gmail filters out loopbacks. Sending the test message from a different account yielded the expected results
You are correct, setting the catch_all and forward filters and actions does just that!
Did you set up the MX records for your domain properly? If not, that might be the issue (check Domains in the control panel)
Check the logs at https://mailgun.com/cp/log to debug the issue!
Best

Does my From address need to exist for Amazon SES

I own a domain - for the purpose of this question, let's call it example.com.
I have verified example.com with Amazon SES. I have set up the DKIM stuff as well. Everything is working; I have no problems sending outgoing emails, and I have already been granted production access.
The question: I am sending emails from no-reply#example.com, but this email address does not actually exist. Should I be worried about this? Is it bad to send emails from an email address that does not actually exist? Since I verified the domain, it seems that I can send emails from any email address I choose to invent.
(My emails are 'email validation' emails. We do not wish to capture any form of reply from our users, and bounces would only occur due to users registering fake email addresses - despite our warning that it is pointless to do so.)
I searched everywhere for an answer to this question, and I'm very surprised that I haven't found an explicitly clear answer to it...
What you are doing is very common, with SES and/or any other batch mailing type service where you don't want any replies to the sending address - I don't see any problem.