AWS SES 554-No SMTP Service for web.de and GMX email addresses [closed]

Question

I am using AWS SES to send out emails automatically through my application. I have configured the Identity management as following:

DKIM is setup correctly. I have no issues sending emails from my domain except for GMX and WEB.de emails where I receive the following error:

Action: failed
Final-Recipient: rfc822; [email protected]
(mxweb111) Nemesis ESMTP Service not available
554-No SMTP service
554-Reject due to policy restrictions

Looking at further documentation, it seems that emails coming from my domain are classified as Spam by their servers.

I have done research and found that I might need to configure Reverse-DNS but as it looks like, AWS SES does not support this?

What else can I do to make my emails get through WEB.de and GMX servers? Thank you.

Answer 1

I was in deep conversations with AWS SES support regarding this issue. This is the outcome:

I also would like to update you that SES internal team were able to confirm a deliverability issue with the recipient ISP and are actively working towards a resolution but we do not have an exact ETA at this time. Due to the nature of the shared IP pool, these types of blocks can happen periodically and we make every effort to resolve these issues as fast as possible. To prevent impact from these types of issues, it is always recommended to use dedicated ips for higher volume sending.

It means that the shared IP addresses used by AWS SES are blacklisted with GMX and WEB.de AWS SES wants to resolve this.

In the meantime, they recommend to use dedicated IP addresses to solve this issue. Please note that these IP addresses have to be "warmed up" in order to not cause trouble on the recipient end (e.g. spam folder issues). Unfortunately, my sending volume is not that high (yet) so I have my fingers crossed I can get those emails send out easily. Otherwise I have to find another solution or need to wait for AWS so solve the blacklist issue. I hope this helps anyone else.

Edit January 2021

I was able to send to GMX/WEB.de although my IP was only starting to warm up. Now after one month I am nearly at 100% with not many emails per day sendout volume.

Answer 2

Several e-mail services operated by United Internet (at least GMX, Web.de) seem to have blocked Amazon SES IPs. Validity of DKIM, SPF, DMARC does not seem to have any impact on the block. I'm seeing these rejections in my logfiles as far back as 2020-10-05.

The alternative of using a the dedicated IP address has its own challenges. Managing and warming up new IP addresses for delivery can be very painful (e.g., Outlook.com was known to accept and then silently discard e-mails after IP changes).

I would suggest to write to [email protected] or use their contact form https://postmaster.gmx.net/en/contact. I've received a response from them, although they didn't seem to fully grasp the issue. Maybe more contacts will help them see the importance of addressing this. Until then I am informing my users per banner of the issue (and recommending alternative e-mail services).

Amazon support has not been helpful for me. I've received one first-level response which indicated the responder had not understood the issue at all, but promised to forward it to SES support. Since then I haven't heard anything for a week.

Edit: since 2021-03-24, there are no more 554-Reject due to policy restrictions failures in my logs. Seems that either GMX or Amazon have done something to address this problem.