How to Use Amazon SES as SMTP Relay?

Organizations typically do not use their production email infrastructure to send non-user emails to the internet. For example, a company may send a weekly or monthly newsletter to partners, send automatic replies for orders, blast marketing messages, etc.

Instead of building a separate SMTP server and bearing the hardware, maintenance, and future possible upgrade cost, an excellent alternative is using a cloud-hosted solution like the Amazon SES.

Amazon Simple Email Service or SES is Amazon’s SMTP email service aimed at mainly two types of usage scenarios: Transactional and Promotional. But don’t get hung up with those two labels because, at its very core, Amazon SES works like any other SMTP relay service.

If you’re interested in learning about Amazon SES as SMTP relay, you’ve come to the right place. We’ll cover how to set up the AWS SMTP relay service in this tutorial, and by the end, you should be able to send outbound messages through it.

ADVERTISEMENT

Requirements

  • You must have an existing AWS account. A free tier account is sufficient for this tutorial.
  • Depending on how you want to prove the sender’s identity:
    • Whole Domain: You must have access to your DNS host to establish the domain ownership.
    • Single Sender Address: An active email account in your domain to prove the mailbox exists. You cannot use known public email address domains like gmail.com, yahoo.com, etc.

Create a Sender Identity for Amazon SES SMTP Relay

Before sending emails using the AWS SES SMTP relay, you must create and verify the sender’s identity. You can verify a whole domain or a single email address as the sender’s identity.

Note. By default, every SES account starts as sandboxed, with restrictions and limitations. One limitation is that you can only send and receive emails using your verified sender identity (sender and recipient are the same domain or email address.)

Refer to Moving out of the Amazon SES sandbox to learn how to move your SES account to production.

If you verify a whole domain, you can send emails using any email address from that domain through Amazon SES. For example, if you configure the domain org870b.ga as the sender identity domain, you can send messages from user1@org870b.ga, someonelse@org870b.ga, and so on.

In contrast, verifying a single email address would mean you can only send messages using that specific email address. Whichever sender identity you configure is entirely your decision.

Option 1: Verify a Domain

Note. This option involves adding new DNS records for your domain, which means that you must have access to your public DNS management. This example will verify the domain identity of org870b.ga.

Login to your AWS SES account at https://console.aws.amazon.com/ses.

Click Verified identitiesCreate identity.

amazon ses as smtp relay

Next, select Domain as the identity type and enter the domain you wish to verify.

aws smtp relay

Scroll to the bottom and click Create Identity. At this point, the domain identity is already created, but the verification status is still pending.

smtp relay aws

ADVERTISEMENT

The domain identity creation automatically generated DKIM keys in the form of CNAME records, as you can see below.

aws ses relay

To complete the domain verification, you must add these CNAME entries to your DNS. The process varies depending on your DNS host. In this example, we are using Cloudflare as the DNS host to manage this domain’s entries.

aws ses smtp relay

Note. DNS records could take several minutes to several hours to replicate.

You only need to wait for Amazon SES to detect your created CNAME entries. In my case, it took around five minutes for Amazon SES to see the DNS records.

Once it happens, the domain identity status changes to Verified.

amazon smtp relay

ADVERTISEMENT

The DKIM configuration status changes to Successful.

amazon ses smtp relay

Option 2: Verify an Email Address

This example will verify the sender email identity of aten.stig@org870b.ga.

Login to your AWS SES account at https://console.aws.amazon.com/ses.

Click Verified identitiesCreate identity.

amazon ses relay

Next, select Email address as the identity type and enter the specific email address you wish to verify.

ses smtp relay

After creating the sender identity, Amazon SES sends a verification email to the email address.

ADVERTISEMENT

aws smtp relay service

To complete the verification process, open the mailbox, look for the email from Amazon Services, and click the link in the email.

use amazon ses as smtp relay

The link opens in the web browser and confirms that you can now use this email address to send emails via AWS SES SMTP relay.

aws ses as smtp relay

Back to the Amazon SES console, the identity status is now Verified.

smtp relay amazon ses

Send a Test Email from Amazon SES

You’ve now verified your sender’s identity. Whether you verified a domain or a specific email address, our next step is to send a test email and confirm that it is working.

Back on the Amazon SES console, click Verified identities and click the identity you want to test. In this example, we’ll choose the domain identity.

using aws ses as smtp relay

On the next page, click the Send test email button.

amazon smtp relay send test email

On the next page:

  • Enter the From-address without the domain part.
  • Select Custom under the Scenario so you can enter a custom recipient address. Note that you can only send to verified identity.
  • Enter the recipient’s email address.
  • Enter the Subject and Body.
  • Click Send test email.

amazon ses smtp relay mail

If successful, you should see a banner like the one below.

amazon ses relay send test email

Verify that the recipient received the test email.

ses smtp relay mail

Send an Email using the Amazon SES SMTP Relay

So you’ve successfully created, verified, and tested your Amazon SES sender’s identity (domain or email address). But we’re not done yet. We still need to use the Amazon SES SMTP Relay endpoint to send a message.

Find the Amazon SES SMTP Relay Settings

The SMTP endpoint listens to ports 25, 587, and 2587 for STARTTLS. To find the SMTP relay settings, click SMTP Settings.

aws smtp relay service mail

Create the SMTP Credential

Knowing the SMTP interface details would be useless if you don’t have the proper authentication credentials to connect to it. So let’s create an SMTP credential to get the username and password we’ll use to authenticate.

On the same page, click Create SMTP credentials.

use amazon ses as smtp relay mail

Type the username you want for the account, and click Create. In this example, let’s use ses-smtp-user as the IAM username.

amazon ses as smtp relay send test mail

Once the credential is created, copy the SMTP username and password. You can also download the credential.

aws smtp

Send the Email using PowerShell

Having the SMTP endpoint, username, and password allows you to configure your applications to use the Amazon SES SMTP relay. But in this example, we’ll use the SMTP details to send an email using PowerShell; here’s how.

Open a PowerShell window on your computer and run the below command to store the SMTP credentials to the $credential variable.

$credential = Get-Credential

smtp relay aws mail

Next, modify the below code to use your values.

  • Replace the SmtpServer value with your Amazon SES SMTP relay endpoint.
  • Replace the From value with your sender’s identity.
  • Replace the To value with your recipient’s email address.
# Send Email 
Send-MailMessage -Credential $credential ` 
-UseSSL ` 
-SmtpServer 'email-smtp.us-east-2.amazonaws.com' ` 
-Port 587 ` 
-From 'someone@org870b.ga' ` 
-To 'aten.stig@org870b.ga' ` 
-Subject 'Amazon SES SMTP Relay Test' ` 
-Body 'Amazon SES SMTP Relay Test'

Once you’ve modified the code, run it in PowerShell to send the test email. An empty return means the SMTP relay operation was successful.

aws email relay

Check the recipient’s mailbox and confirm that the email was received.

amazon ses as smtp relay test

And that confirms that your AWS SES SMTP relay configuration is working.

Conclusion

Amazon SES is an excellent email service that’s relatively easy to implement. You can do many more configurations that this tutorial did not cover, but you can explore them on your own.

When you decide that Amazon SES SMTP relay fits your organization’s requirements, don’t forget to move your SES instance out of the sandbox before using it in production. Good luck!

I enjoy technology and developing websites. Since 2012 I'm running a few of my own websites, and share useful content on gadgets, PC administration and website promotion.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.