Amazon SES is a very robust service for sending and receiving email within the AWS ecosystem (most people use it for sending outbound). If you’re a new AWS customer, you can use it for free for one year under their free tier. Configuring your site to use AWS SES to send email to the outside world can sometimes be difficult though and that is why this post exists. Any competent system administrator will already know that you should not simply setup a web server and expect it to be able to send email to the outside world without issues. That’s what email servers are for, obviously. This was a huge problem at a job despite them having an abundance of technical knowledge. We had sites in Prod actually using localhost smtpd to send email to the company’s clients, then had people wondering why there was a problem with users not receiving email, or being flagged as spam. Settings up WordPress to use SES is actually a lot easier than you think and you don’t even need to touch your DNS SPF record. As a matter of fact you don’t even need to think about reverse DNS (rDNS) or DKIM. This is because you will be allowing the domain amazonses.com to send on behalf of your domain and amzonses.com has SPF and DKIM setup correctly. So you will be delegating the burden of managing the more technical aspect of email servers to Amazon SES and using their massive infrastructure for practically nothing. Most things that are too good to be true usually are, but not this time.
After signing up for an account at aws.amazon.com, you will need to open a support case to move your account out of the SES sandbox. Once you’ve done that, navigate to SES and verify your domain which will require you to create a DNS TXT record called “_amazonses” without the quotes with a certain value you are provided by AWS SES. Once you’ve done that you should see a status of verified.
After your domain is verified, go to SMTP Settings on the left. Note the Server Name, you will need this later. For the US-East region this will be
email-smtp.us-east-1.amazonaws.com. Click on the Create my SMTP Credentials button. You could change the name to make it reflect its purpose. An example is ses-smtp-user.contosocom. Click Create and download the credentials on the next page by clicking the button in the bottom right of the screen. You will need both values of
SMTP Username and
SMTP Port: 587 (if that doesn’t work try 25 or 465
Use TLS encryption. This is not the same as STARTTLS. For most servers SSL is the recommended option.
Check the box Yes: Use SMTP authentication.
Username: Enter the username of the user you created under SMTP Settings in SES. It’s the weird-looking one with a long alphanumeric string of letters and numbers and not the clean one like ses-smtp-user.
Password: This is the long string of random characters.
Click on Save Changes and then send yourself a test email with the button below save. This will provide a verbose log to help you troubleshoot if any errors occur.
A Couple of things to think about are:
- are any ports blocked outbound from your host?
- is a firewall enabled?
- could your ISP be blocking port 25 outbound?
- are you underqualified to be messing around with these types of things?
- email headers are read bottom to top, not top to bottom
When you receive the test email you should notice that it is being sent via amazonses.com. This is hardly noticeable to end users but if you wanted both the FROM and MAIL FROM fields to be set to your domain, additional configuration will be required.
Delivered-To: firstname.lastname@example.org Received: by 10.31.157.76 with SMTP id g73csp545051vke; Sat, 3 Sep 2016 18:04:03 -0700 (PDT) X-Received: by 10.237.38.35 with SMTP id z32mr32385280qtc.69.1472951043619; Sat, 03 Sep 2016 18:04:03 -0700 (PDT) Return-Path: <email@example.com> Received: from a8-39.smtp-out.amazonses.com (a8-39.smtp-out.amazonses.com. [184.108.40.206]) by mx.google.com with ESMTPS id 87si10830184qks.19.2016.09.03.18.04.03 for <firstname.lastname@example.org> (version=TLS1 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Sat, 03 Sep 2016 18:04:03 -0700 (PDT) Received-SPF: pass (google.com: domain of email@example.com designates 220.127.116.11 as permitted sender) client-ip=18.104.22.168; Authentication-Results: mx.google.com; dkim=pass firstname.lastname@example.org; spf=pass (google.com: domain of email@example.com designates 22.214.171.124 as permitted sender) firstname.lastname@example.org DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/simple; s=6gbrjpgwjskckoa6a5zn6fwqkn67xbtw; d=amazonses.com; t=1472951042; h=Date:To:From:Subject:Message-ID:MIME-Version:Content-Type:Content-Transfer-Encoding:Feedback-ID; bh=8NH7JhMDXgvd6RyQSoJ6UGgipPHa7VgVCzslnkVyoI4=; b=ACm3J/3mL/Qdk5K44qrwdv+ApvjmzWCuxP9O8s8lRBZkbbZQhLg8dI/QhN9m6KZ1 I314TeIWvxav1ykrkQ8H35QbuWqTk7vBldS4xTPmf+cT+u0zozWCf1aAJLMmBkGlitC OewjQSmO67OUw93LGAEN8X63gZ+wjoLkExH+E/nQ= Date: Sun, 4 Sep 2016 01:04:02 +0000 To: email@example.com From: Travis Runyard <firstname.lastname@example.org> Subject: WP Mail SMTP: Test mail to email@example.com Message-ID: <firstname.lastname@example.org> X-Mailer: PHPMailer 5.2.14 (https://github.com/PHPMailer/PHPMailer) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-SES-Outgoing: 2016.09.04-126.96.36.199 Feedback-ID: 1.us-east-1.tVHugpZRoeHUfyZCgNVONDGagq81+As3rbP6j7DFKx4=:AmazonSES This is a test email generated by the WP Mail SMTP WordPress plugin.