Three enhancements for SES Mail Manager to improve interoperability, security, and compliance

Posted on: Oct 31, 2024

SES Mail Manager announces three new features. The first adds support for authenticated connections to ingress endpoints via TCP port 587 (email submission port). The second introduces verified customer identity enforcement when using Mail Manager SMTP relays, and enables customers to create rule conditions in which MIME headers can be searched and used for routing logic. The final enhancement enables message envelope search for Mail Manager archives, enabling customers to differentiate between named and blind-copied recipients when searching and exporting archived messages.

By supporting connections from TCP port 587, ingress endpoints can now more easily replace on-premise mail servers such as Exchange or Postfix servers already configured to use that same port. In addition, Mail Manager’s relay action now inserts a custom header identifying the specific customer source, and a corresponding rule action allows customers to enforce that unique value as a condition for onward delivery of messages. Used together, these provide a more robust relaying behavior than relying only on allowlisted IP addresses.

Finally, the archiving search and export features now specify message envelope ‘From’ and ‘To’ as separate fields, to distinguish between the visible ‘From’ and ‘To’ fields which may have different values. This, in turn, allows you to identify messages which were received via bcc functions.

These features are all available in Mail Manager across all AWS Regions where it is launched. You can learn more about Mail Manager by clicking here or visiting the Mail Manager pages in the SES console. A blog about the SMTP relay protections is also available here.