Difference between revisions of "Managing AWS SES (Simple Email Service)"

From Contensive Wiki
Jump to: navigation, search
(How to Manage Bounce Processing on the Website)
(Email Bounce Settings)
 
(18 intermediate revisions by the same user not shown)
Line 13: Line 13:
  
 
; AWS SNS : Amazon Web Services - Simple notification Service, a push notification tool.
 
; AWS SNS : Amazon Web Services - Simple notification Service, a push notification tool.
 +
 +
; Email Blocked List : An internal list of email addresses that have permanent bounces or a request to stop emails to the address was sent.
  
 
==Roles==
 
==Roles==
Line 18: Line 20:
  
 
==How To==
 
==How To==
===How to setup Amazon AWS Server===
 
# Go to aws.amazon.com and sign in to the console.
 
# Select SES.
 
# Select Domains under Identity Management.
 
# Enter a Domain to verify
 
# Edit DNS records; add a TXT file with given key values.
 
  
===How to setup Amazon SES Email===
+
===How to Save AWS Settings on the Website===
# Go to aws.amazon.com and sign in to the console.
+
#Login and click on ADMIN, SETTINGS EMAIL.
# Select SES.
+
#Check the box next to field "Use AWS Simple Email Service (SES).
# Select Email Addresses under Identity Management.
+
#Enter AWS User Name in field "AWS Access Key ID".
# Enter an email address to verify and click on VERIFY A NEW EMAIL ADDRESS.
+
#Enter AWS Password in field "AWS Secret Access Key".  
  
===IMPORTANT NOTE ABOUT FROM ADDRESSES===
+
===How to Approve a FROM address on Amazon AWS SES===
'''If your email is managed on an AMAZON SES server, you must make sure that all email addresses used in the FROM field are verified before you send a group or system email using them.''' <br />
+
Send an email to support@contensive.com that contains each email address or the whole domain.
 
+
To verify your from addresses, you will login to your AWS account if you have your own, or contact support@contensive.com if Contensive manages your email server. <br />
+
# Go to aws.amazon.com  <br />
+
# Login with user name and password for the account  <br />
+
# Click on SES under APPLICATION SERVICES section  <br />
+
# Click EMAIL ADDRESSES from the menu on the left  <br />
+
# Click VERIFY A NEW EMAIL ADDRESS button at the top of the page  <br />
+
# Enter the email address and click VERIFY THIS EMAIL ADDRESS  <br />
+
# The email address will be listed as PENDING VERIFICATION until an email sent to that address is received and the link in the email is clicked  <br />
+
# The email address will be listed as VERIFIED after someone clicks the link in the email sent to that address  <br />
+
 
+
===How to setup Amazon SES Email Bounce Processing===
+
# You must have first configured SES Email
+
# Click on Amazon SNS (Notifications) on the Amazon AWS Dashboard. Create a topic.
+
# Click on Amazon SQS (Message Queues). Add a message queue. Subscribe the queue to the the SNS topic. Get the URL in the details tab and save in the "AWS SQS Bounce Email Queue Endpoint" in the Email Bounce Settings.
+
# Go to Amazon (SES) and assign the sending Domain and/or email addresses to the SNS topic.
+
# Go to Amazon Identity & Access Management and create a new user for the email block process. Under permissions, add a policy for "AmazonSQSFullAccess". Under Security, create an access key. Save the "AWS Access Key Id" and the "AWS Secret Access Key" in the Email Bounce Settings.
+
# in Email Bounce Settings, check the box next to "Allow AWS Email Bounce Processing".
+
# To test the configuration, send to the following AXS SEs email addresses from the system.
+
#* success@simulator.amazonses.com
+
#* bounce@simulator.amazonses.com
+
#* ooto@simulator.amazonses.com
+
#* complaint@simulator.amazonses.com
+
#* suppressionlist@simulator.amazonses.com
+
  
 
===How to Manage Bounce Processing on the Website===
 
===How to Manage Bounce Processing on the Website===
#Install add-on Email Bounce Process if it has not already been installed.
+
#Periodically review the list at Manage Add-ons, Amazon SES Email, Email Bounce List.
#Under Manage Add-Ons, Email Bounce Process, click on Email Bounce Settings.
+
#Make sure box is checked next to "Allow AWS Email Bounce Processing".
+
#Enter number of days that emails with transient issues (such as on vacation) will be allowed. After this time they will be blocked from receiving emails from your site.
+
#Click OK to save.
+
#Periodically review the list at Manage Add-ons, Email Bounce Processing, Email Bounce List.
+
 
#If in the Details the bounce is marked as Transient, after you make any necessary changes to recover it, you can delete this record from the list to enable emails to this email address.
 
#If in the Details the bounce is marked as Transient, after you make any necessary changes to recover it, you can delete this record from the list to enable emails to this email address.
 
#If in the Details the bounce is marked as Permanent, the email address will be added to the Email Blocked Report. See [[#ow to Manage Blocked Emails on the Website|Blocked Emails]]
 
#If in the Details the bounce is marked as Permanent, the email address will be added to the Email Blocked Report. See [[#ow to Manage Blocked Emails on the Website|Blocked Emails]]
  
 
===How to Manage Blocked Emails on the Website===
 
===How to Manage Blocked Emails on the Website===
#Install add-on Email Blocked Report if it has not already been installed.
 
 
#To view the Email Blocked Report, click Reports, Email Blocked Report.  
 
#To view the Email Blocked Report, click Reports, Email Blocked Report.  
 
#To have an email removed from this list, please contact support@contensive.com to provide the list of emails you would like removed from the blocked list.
 
#To have an email removed from this list, please contact support@contensive.com to provide the list of emails you would like removed from the blocked list.
Line 77: Line 43:
 
===Email Bounce Settings===
 
===Email Bounce Settings===
  
Under Navigator > Settings > Email Bounce Settings
+
Under Admin > Settings > Email Bounce Settings
  
; Allow AWS Email Bounce Processing : (For Amazon AWS hosted sites only, requires Amazon SES Email) Use Amazon Notifications to automatically block bad email addresses from your database. When enabled, the site will check with Amazon AWS hourly and if bad email addresses where detected, the user's Allow Group Email will be disabled and the email address will be added to the site's blocked list.
+
;Email Bounce Processing Description
 +
*We create an SNS Topic (ses-bounces-topic) for SES bounces/complaints
 +
*We create an SQS Queue (ses-bounces-queue) and subscribe it to the topic.
 +
*We assign the topic to the verified from-address domain name
 +
*We run a process in our application that reads messages from the ses-bounces-queue. We store the email to-address in a bounce-list table as either permanent or transient. Permanent email addresses are blocked from future emails.
 +
*Transient email addresses are converted to permanent addresses after 14 days
 +
*We always add verified/opt-in email addresses to our list. -- they emphasis that their bounce system should not be used to clean lists
  
; AWS Transient Email Grace Period : The period of time up to 30 days that email addresses with transient issues will be allowed. You must periodically review the transient email issues in the Email Block List. Transient issues older than this period will be blocked from receiving email.
+
; Allow AWS Email Bounce Processing : (Check this box for Amazon AWS hosted sites only, requires Amazon SES Email) Use Amazon Notifications to automatically block bad email addresses from your database. When enabled, the site will check with Amazon AWS hourly and if bad email addresses were detected, the user's Allow Group Email will be disabled and the email address will be added to the site's blocked list.
  
; AWS Access Key Id : The access key associated with the identity you will use to communicate with the AWS Message system to retrieve bounce and complaint notifications. Use the AWS Identity and Access Management to create you credentials.
+
; AWS Transient Email Grace Period : The period of time (up to 30 days) that email addresses with transient issues will be allowed. You must periodically review the transient email issues in the Email Block List. Transient issues older than this period will be blocked from receiving email.
  
; AWS Secret Access Key : The secret access key associated with the identity you will use to communicate with the AWS Message system to retrieve bounce and complaint notifications. Use the AWS Identity and Access Management to create you credentials.
+
; AWS Access Key ID : The access key associated with the identity you will use to communicate with the AWS Message system to retrieve bounce and complaint notifications. Use the AWS Identity and Access Management to create your credentials.
  
; AWS SQS Bounce Email Queue Endpoint : The URL for the AWS Message Queue you configured to store the bounce messages.
+
; AWS Secret Access Key : The secret access key associated with the identity you will use to communicate with the AWS Message system to retrieve bounce and complaint notifications. Use the AWS Identity and Access Management to create your credentials. (The secret access key only displays upon the creation of the access key.)
  
Under Navigator > Settings > Preferences > Email Tab
+
; AWS SQS Bounce Email Queue Endpoint : The URL for the AWS Message Queue you configured to store the bounce messages.
  
==Test Cases==
+
Under Admin > Settings > Preferences > Email Tab
  
# End-To-End test
+
; Allow Email Bounce Processing : This field should NOT be check if AWS SES is set up.
#* Setup Amazon SES Email and verify you can send a group email to a known address
+
; Email Bounce Address : This field should be blank if AWS SES is set up.
#* Configure Bounce Processing using the instructions on this page.
+
<br>
#* Create a group "AWS SES Bounce Test"
+
'''Developer notes:'''
#* Create five users, one named for each test email above, using that email, and adding them to the AWS SES Bounce Email group
+
*TLS1.0 must be enabled
#* Send a group test and check the confirmation email to make sure all is setup correctly.
+
*Fips should be enabled
#* Send the group email.
+
#* After one minute, manually run the Manage Addons > Email Bounce Process > AWS SES Email Bounce Process
+
#* Verify the user with the bounce address no longer has "Allow Group Email" checked.
+
#* Verify the Email Bounce List has
+
#** A permanent entry for the bounce user.
+
#** A transient entry for the ooto user.
+
#* Use the Email Block Log Tool and verify the bounce user is on the block log.
+
  
 
==Change History==
 
==Change History==
 
; 10/28/2016 : This build adds the AWS SES email handling, required if you send SES email. Instead of reading addresses from a pop3 account, it receives messages from the Amazon SQS message queue and marks records appropriately.
 
; 10/28/2016 : This build adds the AWS SES email handling, required if you send SES email. Instead of reading addresses from a pop3 account, it receives messages from the Amazon SQS message queue and marks records appropriately.

Latest revision as of 20:10, 25 August 2020

This tool is used to capture email bounces and automatically mark them as bad addresses.

Terms

Transient Email Failures 
Are emails that cannot be delivered because of non-permanent problems. These may be temporary issues like "out of the office", or problems with a particular email like "cannot accept email from this address".
Permanent Email Failures 
Are emails that cannot be delivered for reasons that will not recover, like "user does not exist"
Email Bounce List 
A database table found in the Email Bounce Process Collection that includes an entry for every bounce email detected.
AWS SES 
Amazon Web Services - Simple Email Service.
AWS SQS 
Amazon Web Services - Simple Query Service, a persistent messaging tool.
AWS SNS 
Amazon Web Services - Simple notification Service, a push notification tool.
Email Blocked List 
An internal list of email addresses that have permanent bounces or a request to stop emails to the address was sent.

Roles

Administrator 
A user with the Administrator checkbox set in their user record, under permissions. Administrators can review the email drop list.

How To

How to Save AWS Settings on the Website

  1. Login and click on ADMIN, SETTINGS EMAIL.
  2. Check the box next to field "Use AWS Simple Email Service (SES).
  3. Enter AWS User Name in field "AWS Access Key ID".
  4. Enter AWS Password in field "AWS Secret Access Key".

How to Approve a FROM address on Amazon AWS SES

Send an email to support@contensive.com that contains each email address or the whole domain.

How to Manage Bounce Processing on the Website

  1. Periodically review the list at Manage Add-ons, Amazon SES Email, Email Bounce List.
  2. If in the Details the bounce is marked as Transient, after you make any necessary changes to recover it, you can delete this record from the list to enable emails to this email address.
  3. If in the Details the bounce is marked as Permanent, the email address will be added to the Email Blocked Report. See Blocked Emails

How to Manage Blocked Emails on the Website

  1. To view the Email Blocked Report, click Reports, Email Blocked Report.
  2. To have an email removed from this list, please contact support@contensive.com to provide the list of emails you would like removed from the blocked list.

References

Email Bounce Settings

Under Admin > Settings > Email Bounce Settings

Email Bounce Processing Description
  • We create an SNS Topic (ses-bounces-topic) for SES bounces/complaints
  • We create an SQS Queue (ses-bounces-queue) and subscribe it to the topic.
  • We assign the topic to the verified from-address domain name
  • We run a process in our application that reads messages from the ses-bounces-queue. We store the email to-address in a bounce-list table as either permanent or transient. Permanent email addresses are blocked from future emails.
  • Transient email addresses are converted to permanent addresses after 14 days
  • We always add verified/opt-in email addresses to our list. -- they emphasis that their bounce system should not be used to clean lists
Allow AWS Email Bounce Processing 
(Check this box for Amazon AWS hosted sites only, requires Amazon SES Email) Use Amazon Notifications to automatically block bad email addresses from your database. When enabled, the site will check with Amazon AWS hourly and if bad email addresses were detected, the user's Allow Group Email will be disabled and the email address will be added to the site's blocked list.
AWS Transient Email Grace Period 
The period of time (up to 30 days) that email addresses with transient issues will be allowed. You must periodically review the transient email issues in the Email Block List. Transient issues older than this period will be blocked from receiving email.
AWS Access Key ID 
The access key associated with the identity you will use to communicate with the AWS Message system to retrieve bounce and complaint notifications. Use the AWS Identity and Access Management to create your credentials.
AWS Secret Access Key 
The secret access key associated with the identity you will use to communicate with the AWS Message system to retrieve bounce and complaint notifications. Use the AWS Identity and Access Management to create your credentials. (The secret access key only displays upon the creation of the access key.)
AWS SQS Bounce Email Queue Endpoint 
The URL for the AWS Message Queue you configured to store the bounce messages.

Under Admin > Settings > Preferences > Email Tab

Allow Email Bounce Processing 
This field should NOT be check if AWS SES is set up.
Email Bounce Address 
This field should be blank if AWS SES is set up.


Developer notes:

  • TLS1.0 must be enabled
  • Fips should be enabled

Change History

10/28/2016 
This build adds the AWS SES email handling, required if you send SES email. Instead of reading addresses from a pop3 account, it receives messages from the Amazon SQS message queue and marks records appropriately.
Retrieved from "http://wiki.kmacloud.net/index.php?title=Managing_AWS_SES_(Simple_Email_Service)&oldid=3972"