Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How can I use my users (non verified) addresses as senders with Amazon SES?

I'm writing a send to a friend feature and I need the from address to be the senders email to be a bit more personal. However, with Amazon SES it looks like I can only send from verified addresses.

I don't think this is an uncommon problem and was wondering how anyone else has solved this?

like image 994
Abs Avatar asked Dec 04 '12 09:12

Abs


People also ask

How do I send an email to a non verified email address from AWS SES?

You can only send mail from verified email addresses and domains. You can send a maximum of 200 messages per 24-hour period. Amazon SES can accept a maximum of one message from your account per second. You have to move out of sandbox to send email to non-verified email address using AWS SES.

How do I verify my AWS SES email address?

Check the inbox of the email address used to create your identity and look for an email from [email protected]. Open the email and click the link to complete the verification process for the email address. After it's complete, the Identity status updates to Verified.

Can I use AWS SES to send email?

With Amazon SES, you can send an email in three ways: using the console, using the Simple Mail Transfer Protocol (SMTP) interface, or using the API.

How can I find out which IAM user sent an email through Amazon SES?

On the All metrics tab, choose SES. Choose the dimension name that you entered when you created the configuration set. For example, choose ses:caller-identity. Under the ses:caller-identity column, you'll see the IAM user who sent the test email.


1 Answers

However, with Amazon SES it looks like I can only send from verified addresses.

That's correct, however, one of the historical flaws (and one of the main reasons for people becoming victims of email based fishing attacks so easily) with the Simple Mail Transport Protocol (SMTP) is that the sender from the mail transport agent's (MTA) point of view doesn't need to match the sender from the mail client point of view at all, see About Header Fields:

Simple Mail Transfer Protocol (SMTP) specifies how email messages are to be sent by defining the mail envelope and some of its parameters, but it does not concern itself with the content of the message. Instead, the Internet Message Format (RFC 2822) defines how the message is to be constructed.

RFC 2822 defines the Originator fields to indicate the mailbox(es) of the source of the message:

The "From:" field specifies the author(s) of the message, that is, the mailbox(es) of the person(s) or system(s) responsible for the writing of the message. The "Sender:" field specifies the mailbox of the agent responsible for the actual transmission of the message. For example, if a secretary were to send a message for another person, the mailbox of the secretary would appear in the "Sender:" field and the mailbox of the actual author would appear in the "From:" field.

Solution

As outlined you'll simply need to supply the verified sender in the Sender header fields and can provide whatever From address you like (see Appendix: Header Fields for a list of the supported fields).

Attention

For the aforementioned reasons, crafting your mail like so (albeit entirely valid) makes it much more likely to be classified as spam by involved mail transport systems - here's how AWS describes this issue within their Whitepaper on Email Best Practices:

Think carefully about the addresses you send your email from. The “From” address will not only be visible to recipients in their email client (including in the preview pane), but will also collect reputation at some ISPs. This, along with the Subject line, will create the first impression a recipient will have of your email.

Therefore you should apply the available measures for Authenticating Your Email to improve your reputation in turn (which is highly recommended anyway of course).

like image 180
Steffen Opel Avatar answered Sep 23 '22 17:09

Steffen Opel