I am using AWS SES to send out emails automatically through my application. I have configured the Identity management as following:
DKIM is setup correctly. I have no issues sending emails from my domain except for GMX and WEB.de emails where I receive the following error:
Action: failed
Final-Recipient: rfc822; [email protected]
(mxweb111) Nemesis ESMTP Service not available
554-No SMTP service
554-Reject due to policy restrictions
Looking at further documentation, it seems that emails coming from my domain are classified as Spam by their servers.
I have done research and found that I might need to configure Reverse-DNS but as it looks like, AWS SES does not support this?
What else can I do to make my emails get through WEB.de and GMX servers? Thank you.
This section describes the SMTP interface. Amazon SES sends email using SMTP, which is the most common email protocol on the internet. You can send email through Amazon SES by using a variety of SMTP-enabled programming languages and software to connect to the Amazon SES SMTP interface.
Check whether your account is in the Amazon SES sandbox for the AWS Region that you're using to send emails. If your account is in the Amazon SES sandbox, then you must verify the recipient email address, in addition to verifying your sender identity. Or, you can request to move your account out of the Amazon SES sandbox.
SMTP credentials are unique to each AWS Region. If you plan to use the SMTP interface to send email in multiple AWS Regions, you need a user name and password for each Region. Your SMTP user name and password aren't identical to your AWS access keys or the credentials that you use to sign in to the Amazon SES console.
DEBUG SMTP: MessagingException while sending, THROW: com.sun.mail.smtp.SMTPSendFailedException: 554 Message rejected: Email address is not verified. The following identities failed the check in region EU-WEST-1: [email protected]
I was in deep conversations with AWS SES support regarding this issue. This is the outcome:
I also would like to update you that SES internal team were able to confirm a deliverability issue with the recipient ISP and are actively working towards a resolution but we do not have an exact ETA at this time. Due to the nature of the shared IP pool, these types of blocks can happen periodically and we make every effort to resolve these issues as fast as possible. To prevent impact from these types of issues, it is always recommended to use dedicated ips for higher volume sending.
It means that the shared IP addresses used by AWS SES are blacklisted with GMX and WEB.de AWS SES wants to resolve this.
In the meantime, they recommend to use dedicated IP addresses to solve this issue. Please note that these IP addresses have to be "warmed up" in order to not cause trouble on the recipient end (e.g. spam folder issues). Unfortunately, my sending volume is not that high (yet) so I have my fingers crossed I can get those emails send out easily. Otherwise I have to find another solution or need to wait for AWS so solve the blacklist issue. I hope this helps anyone else.
Edit January 2021
I was able to send to GMX/WEB.de although my IP was only starting to warm up. Now after one month I am nearly at 100% with not many emails per day sendout volume.
Several e-mail services operated by United Internet (at least GMX, Web.de) seem to have blocked Amazon SES IPs. Validity of DKIM, SPF, DMARC does not seem to have any impact on the block. I'm seeing these rejections in my logfiles as far back as 2020-10-05.
The alternative of using a the dedicated IP address has its own challenges. Managing and warming up new IP addresses for delivery can be very painful (e.g., Outlook.com was known to accept and then silently discard e-mails after IP changes).
I would suggest to write to [email protected] or use their contact form https://postmaster.gmx.net/en/contact. I've received a response from them, although they didn't seem to fully grasp the issue. Maybe more contacts will help them see the importance of addressing this. Until then I am informing my users per banner of the issue (and recommending alternative e-mail services).
Amazon support has not been helpful for me. I've received one first-level response which indicated the responder had not understood the issue at all, but promised to forward it to SES support. Since then I haven't heard anything for a week.
Edit: since 2021-03-24, there are no more 554-Reject due to policy restrictions
failures in my logs. Seems that either GMX or Amazon have done something to address this problem.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With