Building a large-scale email solution is often a complex and costly challenge for a business. You must deal with infrastructure challenges such as email server management, network configuration, and IP address reputation. Additionally, many third-party email solutions require contract and price negotiations, as well as significant up-front costs. Amazon SES eliminates these challenges and enables you to benefit from the years of experience and sophisticated email infrastructure has built to serve its own large-scale customer base. Amazon SES has a range of features that make it the ideal solution for sending and receiving email.

High Deliverability

It is an unfortunate fact that a very large percentage of global email traffic is spam – unsolicited or undesired bulk email. ISPs are equipped with automated filters to detect email messages that appear to be spam, and prevent these messages from being delivered. Most email messages that you send over the Internet are scanned by one or more ISPs, each of which has its own spam filters in place. Spam filters are not perfect: even if your email is legitimate, an ISP's spam filter could still falsely identify it as spam, and block it.

When deciding whether to deliver an email, one factor that ISPs consider is where the email originated. If an IP address or domain has a history of sending spam, then the ISP may block delivery from either or both. Amazon SES takes proactive steps to prevent questionable content from being sent, so that ISPs receive consistently high-quality email from our domains and therefore view Amazon SES as a trusted email origin.

The term deliverability refers to the likelihood that an email message you send will actually arrive at its intended destination. Below are some of the features that maximize deliverability and dependability for all of our senders:

  • Amazon SES uses content filtering technologies to help detect and block messages containing viruses or malware before they can be sent.
  • Amazon SES maintains complaint feedback loops with major ISPs. Complaint feedback loops indicate which emails a recipient marked as spam. Amazon SES provides you access to these delivery metrics to help guide your sending strategy.
  • Amazon SES supports authentication mechanisms such as Sender Policy Framework (SPF) and DomainKeys Identified Mail (DKIM). When you authenticate an email, you provide evidence to ISPs that you are the owner of the account and that your emails have not been modified in transit. Amazon SES makes it easy for you to authenticate your emails. If you configure your account to use Easy DKIM, Amazon SES will DKIM-sign your emails on your behalf, so you can focus on other aspects of your email-sending strategy.

Multiple Email-Sending Interfaces

To provide you with the flexibility to decide which email-sending method works best for your use case, Amazon SES has multiple cloud-based email interfaces you can choose from. You can use the Amazon SES console, the Simple Mail Transfer Protocol (SMTP) interface, or you can call the Amazon SES API.

  • The Amazon SES console is the quickest way to get set up, but after you send a couple of test emails, you will use the console primarily to monitor your sending activity.
  • The SMTP interface is ideal if you want to take advantage of your existing SMTP-enabled email client or software program. You can simply configure the software to send all outbound emails through Amazon SES. There will be no change in how you interact with the email client or software. If you're a developer, you can also use an SMTP-enabled programming language such as Java to access the Amazon SES SMTP interface by using the language's built-in SMTP functions and data types.
  • A more advanced option is to call the Amazon SES Query API directly by making HTTPS requests. When you call the Amazon SES API, you can use one of two email-sending actions that provide you with different levels of control over the composition of the email message. You can also access the Amazon SES API by using the AWS Command Line Interface, or you can use an AWS Software Development Kit (SDK), which wraps the low-level functionality of the Amazon SES API with higher-level data types and function calls that take care of the details for you. 

Sending Statistics

To help you fine-tune your email-sending strategy, Amazon SES automatically collects the following statistics regarding your sending activity:

  • Successful delivery attempts
  • Rejected messages
  • Bounces
  • Complaints

These statistics are available to you on a real-time basis via a single API call or by using the Amazon SES console. By regularly monitoring your sending statistics, you can identify and fix problems right away.


To help you track your email sending, Amazon SES has a built-in mechanism to forward you bounce, complaint, and delivery notifications. Amazon SES can send the bounce and complaint messages to you in one of two ways: by email or through Amazon Simple Notification Service (Amazon SNS). Delivery notifications are available only through Amazon SNS.

Amazon SES Mailbox Simulator

Amazon SES provides a mailbox simulator that you can use to test how your application handles various email-sending scenarios without affecting your sending quota or your bounce and complaint metrics. The mailbox simulator is a set of email addresses that each simulate a specific type of behavior: a successful acceptance, a hard bounce, an out-of-office auto response, a complaint, or an address on the Amazon SES suppression list. Since your test messages are received by Amazon SES instead of actual recipients, your bounce and complaint rates are not affected. The mailbox simulator is also a good way to find your system’s maximum throughput without using up your daily sending quota.

Email Processing Options

You can choose among several different options to process your incoming mail. Amazon SES can deliver your messages to an Amazon S3 bucket, call your custom code via an AWS Lambda function, or publish notifications to Amazon SNS. You can also configure Amazon SES to drop or bounce messages you do not want to receive. If you choose to store your messages in Amazon S3, Amazon SES can encrypt your mail using AWS Key Management Service (KMS) before writing it to the bucket.

Mail Flow Control

You have complete control over which mail you receive. You are not billed for any mail that is rejected during the SMTP conversation. Amazon SES offers two mechanisms you can use to control whether Amazon SES accepts or rejects incoming mail on your behalf. The first method is to use custom IP allow lists and block lists. If you know that you don't want to receive any mail from a particular IP address, simply add it to your account's IP address block list. You can also override block lists by adding IP address ranges to your allow list, which provides fine-grained control over your incoming email traffic. The second mechanism for controlling the acceptance of incoming messages is to set up recipient-based rules. Amazon SES only accepts messages for which you have set up at least one rule that matches a recipient of the message.

Highly Customizable Receipt Rules

You can control what happens to incoming messages at the recipient level by setting up receipt rules, which collectively make up your account's receipt rule set. A receipt rule set contains an ordered collection of receipt rules, and each receipt rule contains an ordered collection of actions. Amazon SES also supports complex message-matching conditions through AWS Lambda functions. The return value of the AWS Lambda function indicates whether or not the evaluation of the receipt rule and receipt rule set should continue.


You can choose for Amazon SES to simply notify you of incoming messages through Amazon SNS, or you can be notified through Amazon SNS in conjunction with another action, such as saving the message to Amazon S3. The Amazon SNS notifications contain the verdict of Amazon SES's spam and virus scans as well as whether the email passed authentication mechanisms DKIM and SPF.


Amazon SES publishes Amazon CloudWatch metrics in your AWS account when your receipt rules fail to successfully process a message, so that you will know to check your configuration. For example, you may have deleted your Amazon S3 bucket, or removed the policy that granted Amazon SES permission to write to it. Metrics are emitted at the account level as well as at the receipt-rule level. You can set up monitors at the account level, and use the receipt-rule level failure metrics to pinpoint which specific receipt rules are having problems.

Amazon SES integrates seamlessly with other AWS services, such as Amazon EC2, AWS Elastic Beanstalk, Amazon SNS, Amazon Route 53, AWS IAM, Amazon S3, AWS Lambda, AWS Key Management Service (KMS), Amazon CloudWatch, and Amazon WorkMail.

AWS recommends Amazon SES as the preferred solution for Amazon EC2 users who need an email-sending service. You can add email capabilities to any application running on an EC2 instance. If you send emails from an Amazon EC2 instance directly or through AWS Elastic Beanstalk, you are eligible for the Amazon SES Free Usage Tier.

You can easily create an email-enabled application using AWS Elastic Beanstalk with Amazon SES. For example, you can write an application that accesses a list of customer addresses, and then uses Amazon SES as a marketing email service to send special offers to each customer. The AWS SDK for Java provides access to the Amazon SES API, so all of your AWS Elastic Beanstalk applications can send email with a simple API call.

Amazon SES can pass your bounce, complaint, and delivery notifications to Amazon SNS topics that you specify. Notifications are set according to verified email addresses and domains and can be configured via the AWS Management Console or via the Amazon SES APIs.

When you use the Amazon SES console to verify or set up Easy DKIM on a domain that you manage with Amazon Route 53, you can automatically generate the record sets for that domain. This eliminates the need to manually add a TXT record for domain verification or CNAME records for DKIM-signing.

Amazon SES integrates with IAM so that you can specify which Amazon SES API actions a user can perform. For example, you can create an IAM policy that allows users in your organization to send email but not perform administrative actions.

When you use Amazon SES to receive your email, you can process your incoming messages by using a variety of AWS services. You can have Amazon SES deliver messages to an Amazon S3 bucket, trigger your code via an AWS Lambda function, publish notifications to Amazon SNS, or bounce messages. If you choose to have your mail delivered to an Amazon S3 bucket, Amazon SES can encrypt the messages you receive using master keys managed in AWS KMS. Amazon SES also publishes metrics to Amazon CloudWatch.

Your use of this service is subject to the Amazon Web Services Customer Agreement.

Get Started with AWS for Free

Create a Free Account

Receive twelve months of access to the AWS Free Tier and enjoy AWS Basic Support features including, 24x7x365 customer service, support forums, and more.