AWS SES Integration Guide
Amazon Simple Email Service (SES) integration for managing email identities, domains, and configuration sets.Features
- Email Identity Management: Verify and manage individual email addresses
- Domain Identity Management: Verify and manage entire domains with DKIM
- Configuration Sets: Organize and track email sending activities
- DKIM Support: Enable email authentication for better deliverability
- Custom MAIL FROM: Configure custom bounce and complaint addresses
Quick Start
Email Identity
Domain Identity
Configuration Set
Entities
email-identity
Verifies individual email addresses for sending.
Parameters:
region(required): AWS regionemail_address(required): Email address to verifydkim_signing_enabled: Enable DKIM signingconfiguration_set_name: Configuration set to use
get-verification-status: Check verification statussend-test-email: Send test email (requires verification)get-dkim-tokens: Display DKIM DNS records
domain-identity
Verifies entire domains for email sending.
Parameters:
region(required): AWS regiondomain_name(required): Domain to verifydkim_signing_enabled: Enable DKIMmail_from_domain: Custom MAIL FROM subdomainmail_from_behavior_on_mx_failure: UseDefaultValue or RejectMessage
get-verification-status: Check verification statusget-dns-records: Display all required DNS recordssend-test-email: Send test email from domain
configuration-set
Manages configuration sets for tracking and managing emails.
Parameters:
region(required): AWS regionconfiguration_set_name(required): Configuration set namereputation_metrics_enabled: Enable reputation trackingsending_enabled: Enable sending (default: true)custom_redirect_domain: Custom tracking domaintls_policy: REQUIRE or OPTIONALsuppression_list_reasons: Array of BOUNCE/COMPLAINT
get-info: Display configuration detailsenable-sending: Enable email sendingdisable-sending: Disable email sending
Verification Workflow
Email Verification
- Create email identity
- AWS sends verification email
- Click verification link
- Wait for status to become “Success”
Domain Verification
- Create domain identity
- Run
get-dns-recordsaction to view required records - Add DNS records to your domain:
- TXT record for domain verification
- 3 CNAME records for DKIM
- MX and TXT records for MAIL FROM (if configured)
- Wait for DNS propagation (24-72 hours)
- Verification completes automatically
Example DNS Configuration
For domainexample.com with MAIL FROM domain mail.example.com:
AWS SES Sandbox
New AWS accounts start in sandbox mode with restrictions:- Can only send to verified email addresses
- Limited to 200 emails/day
- 1 email/second rate limit
- Request production access in AWS SES Console
- Provide use case details
- Wait for AWS approval (usually 24-48 hours)
Best Practices
- Enable DKIM: Always enable DKIM signing for better deliverability
- Use Configuration Sets: Track bounces, complaints, and deliveries
- Set up MAIL FROM: Use custom MAIL FROM domain for better reputation
- Monitor Reputation: Enable reputation metrics in configuration sets
- Handle Bounces: Configure suppression lists for bounces and complaints
- Use TLS: Set
tls_policy: REQUIREfor secure email delivery - Test Thoroughly: Use sandbox mode to test before production
Common Use Cases
Transactional Emails
Marketing Emails
Troubleshooting
Email Not Verified
- Check spam folder for verification email
- Request new verification email from AWS Console
- Ensure email address is correctly specified
Domain Not Verifying
- DNS records can take 24-72 hours to propagate
- Verify DNS records with
digornslookup - Ensure TXT record value matches exactly (including quotes)
- Check DKIM CNAME records point to correct values
Cannot Send Emails
- Verify you’re out of sandbox mode for production use
- Ensure sender email/domain is verified
- Check AWS service quotas and limits
- Verify IAM permissions for SES
API Errors
- Check AWS credentials are configured
- Verify IAM permissions include required SES actions
- Ensure region is correct and SES is available
- Check AWS service health dashboard