Amazon SES - notifications for email verification - amazon-web-services

We use Amazon's SES service, and have set up Topics and Subscriptions under SNS (Simple Notification Service) so that we get notification emails when an email is bounced or successfully delivered. That's all working fine.
We sometimes send emails via SES on behalf of one of our partners, and before we can do that we need to verify their email address. The process is that the system asks SES to send out a verification email to the person saying "Example.com wants to send emails on your behalf, is that ok?", with a link for them to click. If they click it, then that email is marked as Verified within SES, and we can use it as a from address.
What I can't work out is how to automate the process of knowing whether they've clicked the link yet. I can log in to the AWS dashboard, and go and look at the list of verified email addresses, but i'd like to make it an automated process.
What would be ideal is if it worked the same way as bounces & deliveries: that i set up a "Verification" topic, and subscribe to it so we get an email like we do with bounces and deliveries. Then, the scheduled job that deals with incoming email notifications can say "Aha, this is a verification email for foobar#example.com: I'll mark their account as 'ses-verified'".
Does anyone know if it's possible to set this up? All the docs on the SES site just talk about bounces, deliveries and complaints.
thanks, Max

You can use the GetIdentityVerification api call in the SES part of the awssdk:
https://docs.aws.amazon.com/ses/latest/APIReference/API_GetIdentityVerificationAttributes.html
You could do this in a serverless way by having a lambda function do the check, and expose the lambda as an API endpoint to your application (among other ways).
Alternatively you could just try to send a single test email to a test/internal email address and check if it gives you an error - if its not verified, it will return an error immediately when you try to do the send.
EDIT:
If you want to use the CLI instead:
aws ses get-identity-verification-attributes --identities "mailbox#thedomain.com"

Related

Should AWS SES bounce emails be notified by one or more methods

AWS Simple Email Service (SES): Bounce Email Notification/Feedback
I have both the following methods set up in the AWS Console to receive information about bounce emails:
1) Email Feedback forwarding - to send any bounce email details back to the sender. This is the domain or email that is managed in the AWS console and is verified. Hence the From/Source is a valid user email with a mailbox
2) SNS Notification for bounce emails - This is used to trigger a lambda function and the intention here is to get a notification on the emails that bounced and was sent from an address of a verified domain that doesn't have a mailbox e.g noreply#domain. This is automated from the software.
The lambda function forwards this notification to the reply emails that are part of the Header in the notification.
The reply emails may also contain personal email addresses that are not necessarily managed in the AWS console. Therefore the lambda is basically forwarding the notification back to all the reply emails of the user.
My issue here is that the above works but sometimes I get notifications using both methods.
Should AWS only choose one of the above two when dealing with bounces? Can someone please shed some light on this?
Thank you
Try creating a Deliverability dashboard, it now provides excel sheet to download and track your bounce emails.
https://docs.aws.amazon.com/ses/latest/DeveloperGuide/bouncecomplaintdashboard.html
The AWS documentation is not super clear with respect to simultaneously using multiple methods for bounce email notification. However, the following under 'Disabling Email Feedback Forwarding' does indicate that using more than one method for bounce notification will result in multiple notifications.
https://docs.aws.amazon.com/ses/latest/DeveloperGuide/notifications-via-email.html
In my case (using the above two methods for bounce email notification), When I use the SES via SMTP interface from an Asp.Net app, I get two bounce email notifications, one via SNS and the other via the Email Feedback Forwarding method. In Addition when I use an email client like MSOutlook, then I only get one bounce notification which is expected
because it's not using SES.
My solution:
Option 1:
Use both methods for SES.
The Email Feedback Forwarding method will be responsible for delivering the notification to a verified email eg user#mycompany.com with a mailbox.
The lambda triggered by the SNS method will have a filter that will only process notifications where the source is norepy#mycompany.com.
Hence this will prevent duplicates and will also allow me to forward bounce email notifications to other reply-to emails (set by the web app in the header) that are not verified in my AWS.
Option 2:
Disable Email Feedback Forwarding Method and process all notifications via lambda triggered by SNS Method.

Identify original email from Complaint SES notification

Is there a way to identify the originating email from a complaint notification in Amazon's SES? For example if we have 3 different mailing groups all sending different emails, and the recipient doesn't like 1 of them and reports it as spam, is there anything in the SES notification that would help us identify which email, and therefore which mailing group, we need to act on?
Yes, there is! From the docs:
Monitor your bounces and complaints and remove any bounced or
complained recipient addresses from your mailing list. You can be
notified of bounces and complaints in one of two ways: by email or by
Amazon Simple Notification Service (Amazon SNS) notifications. For
more information, see Monitoring Using Amazon SES Notifications.
Basically you can receive an email of a SNS notification (email, SMS, queue, etc.) to handle this. I would suggest SNS as it's way more flexible and the cost shouldn't be a problem (considering you don't have loads of complaints, of course!). Take a look:
Monitoring Using Amazon SES Notifications
EDIT: to identify the specific message the complaint is about, you'll need to store the unique ID created by SES when you send the message. From this AWS blog post:
Amazon SES assigns a unique message ID to each email that you
successfully submit to send. When Amazon SES receives a bounce or
complaint message from an ISP, we forward the feedback message to you.
I have used complaints treatment but never paid attention to this message ID. Anyway, looks like the path to follow.
Yes, you can do that
For each of the email that you send out via the SES, it gives back a messageID which is unique for every message that goes out (In your case it will be unique for each of the 3 mails that you send to the same recipient).
You need to persist that somewhere when you send emails.
Now when a complain occurs SES gives back the original messageId that this particular email was sent with.
And this way you can look up your local persistance and find out which of the 3 emails did the user complained for

How can I see a report of my AWS Bounced emails?

I have an application that automatically sends thousands of emails per hour using Amazon Web Service's Simple Email System (SES).
How/where can I view a report of email bounces?
EDIT:
Below #Neil shows how I can setup SNS to email me about bounced emails. But is there any way I can see a report of Bounced emails in the past? Going forward is there a way I can see a bounce report/table instead of getting an email notification every time an email bounces?
It has been long time wanted but there's no built-in feature for now.
I suggest you push on this thread so Amazon gives more info about the roadmap to integrate this feature
You can configure AWS to email you via SNS. See here
You can configure SES to send bounces (and complaints, and even deliveries) to an SNS endpoint.
From SNS, you can configure different subscribers: email, http(s), or a couple other options. The interesting option is Lambda. Create a Lambda end point, and then write a simple function that inserts the information you want to track into DynamoDB.
This might cost you a few cents/month, but you have control over what you're recording and how to access it.

Amazon SES Notifications (SNS) not working

I am still in the sandbox of Amazons SES trying set a bounce email handler.
I am using the mailbox simulator to test a bounce/complaint email.
I have created a SNS topic (and I have subscribed to receive notifications from this topic):
I have selected this topic to receive bounce email notifications, then I have disabled email notifications:
However, when I send e-mails to bounce#simulator.amazonses.com from SES I still receive a bounceback e-mail and there aren't updates in the SNS topic.
I will try to make this issue clearer with some screenshots.
It can happen outside the sandbox too.
I did not realise that the Amazon SES console can set a SNS bounce/complaint topic for the domain, as well as a separate SNS setting for every verified email address.
So each verified email address can have its own different SNS bounce/complaint topic if you want! If you want them all the same, you have to go and set them all up in the console: tell each one to use SNS, otherwise they have 'Email Feedback Forwarding' set to "enabled" and this will override the setting at domain level.
The configurations of not receiving "Email Feedback" and sending Bounce emails to SNS Topic were set to my Domain example.com.
In my Verified Emails I had myself#example.com and I was sending e-mails with it.
It happens that my verified e-mail itself had these configurations too, so when I set them to be like those of my domain, everything started working.
If I had tried to send e-mails with anythingelse#example.com it would've worked.
Email Feedback Forwarding and SES notifications via Amazon SNS are exposed as two separate mechanisms. The linked documentation describes as much:
You must receive bounce and complaint notifications either by email or
through Amazon SNS – The default method is by email, through a feature
called email feedback forwarding.
Since you've shown that Email Feedback Forwarding is disabled, you are likely still receiving bounce notifications via your verified SNS email subscription.
To test, try removing your email subscription from the SNS topic and then sending an email to the bounce simulator again. To test further, you could subscribe a different email address or even an SQS queue to verify that bounce notifications are still being published.

Amazon SES fails to deliver emails to office domains

I have an AWS SES application, which sends an email when an event happens. The mail deliver is successful when I send it to gmail. But, if I want to use my company domain address which is also verified by SES, I do not see any emails in my account. The confusion part is, the sender email (FROM) is my company domain address.
Simple way is to create a SNS subscription and a topic from Amazon console, if you are trying to send e-mails from you application you might have to see if your corporate SMTP server is able to recieve e-mails.
Another simple route is to use "sendgrid" service, this is a paid subscription and it is very easy to use.