In this article, I'm going to be sharing how we got notified of our elevated email bounce rates, how we made a first big reduction by enabling the suppression list functionality on AWS SES, and then how we were able to identify bounced accounts and the commands and CLI tools you can use for managing your suppression list.
It is Friday, and all of a sudden you receive an Amazon support email saying that your account has been moved under review. 😱
We placed your SES account in the US xxx (City) Region under review. You can still use this account to send emails, but you should fully address the problems that led to your account being placed under review.
So, what are the steps that we followed in order to fix this problem?
The big picture for tackling the problem for us looked like this:
- Respond to AWS support case and let them know that you are working on the issue and the actions you would be taking to fix the issue.
- Look into the bounce rates metrics, before and after any updates to your account.
- Learn about the suppression list.
- Enable your account to get qualitative data for bounced accounts (Amazon SNS).
- With all the data you should be able to make improvements in your application in the long run and create some monitoring on your side.
And there is a great article called How can I handle a high bounce rate with emails that I send using Amazon SES?, that explains very well most of the points I'll be sharing here.
As I stated above, first of all, you need to understand your metrics first, and for that, there is a section on the Amazon SES, that will show you some metrics and history about your bounce rates, but that is Quantitative information most of the time, as you are not able to see the details on the bounced accounts spikes and metrics.
So, let's say that you are aware of the spikes, in that case, the next urgent/critical action from your side or someone with access to your AWS account, would be to enable your account level suppression list https://docs.aws.amazon.com/ses/latest/dg/sending-email-suppression-list.html.
Basically, once you enable this functionality in your Amazon account, you will be able to manage your own suppression list at your account level, in addition to the Amazon global suppression list, but that is not something you can manage or change.
Something I found out after enabling the suppression list, is that, by default, Amazon created and was adding email accounts to the list, without any human intervention and that is really cool, because, that saves a lot of time on your side, but it gives you the ability to add or remove accounts from that list.
I'm including additional details for the suppression list, in the section below, which is called How to manage your suppression using your terminal
Let's say that you already enabled the suppression list and now you can confirm that your bounce rates have been decreased significantly(after looking into your most recent metrics), so now it is time to enable your account to get qualitative data for bounced accounts (Amazon SNS)
And in order to achieve that, you need to enable the Amazon SNS notification so you get notified whenever a new email bounce happens for that setup you can follow this URL https://aws.amazon.com/es/premiumsupport/knowledge-center/ses-bounce-notifications-sns/
After that is configured, you will be able to get an email notification that would look similar to this:
Now, that you are able to identify the offenders, it would all depend on your specific case, but in our case, it was related to plenty of testing accounts that probably were deactivated/destroyed at some point and they were causing a lot of errors due to SMTP errors and marked as bounced accounts.
By the way, we have been using it for testing email notifications, it is mailinator.com, so you can manage real email notifications, and whoever knows the username can access those emails without the need for authentication.
In terms of managing your subscribers and email list, Amazon has a great article, so you can follow some of those best practices for that. https://aws.amazon.com/es/blogs/messaging-and-targeting/amazon-ses-best-practices-top-5-best-practices-for-list-management/
For that, you can install the latest AWS CLI tool (currently version 2) https://docs.aws.amazon.com/cli/latest/userguide/getting-started-install.html
In my case, I installed the MAC version of it
MacBook-Air:repo myaccount$ which aws
/usr/local/bin/aws
MacBook-Air:repo myaccount $ aws --version
aws-cli/2.5.8 Python/3.9.11 Darwin/20.3.0 exe/x86_64 prompt/off
and configure different roles if you have staging and production environments, for that you will need to provide the following information:
- Access key ID
- Secret access key
- AWS Region
- Output format / it could be
json
And once you have that information(I created an IAM user with only the access to manage the suppression list)
aws configure --profile produser
And once you are done with the configuration it is time to play with the sesv2 commands.
And I'm sharing here some of the ones you can play with:
At the command line, enter the following command:
aws sesv2 list-suppressed-destinations
# or using different profiles
aws sesv2 list-suppressed-destinations --profile productionser
If your list is not a big one, like in my case, you would see a list like this.
$ aws sesv2 list-suppressed-destinations --profile productionser
{
"SuppressedDestinationSummaries": [
{
"EmailAddress": "test@gmail.com",
"Reason": "BOUNCE",
"LastUpdateTime": "2022-04-25T07:32:52.933000-05:00"
},
{
"EmailAddress": "heri+signup300@mailinator.com",
"Reason": "BOUNCE",
"LastUpdateTime": "2022-04-25T07:05:25.104000-05:00"
},
{
But, if you have a lot of accounts in that list, you would need to use pagination and "tokens", in the form of:
aws sesv2 list-suppressed-destinations --next-token string
Also, you can use the StartDate option to only show email addresses that were added to the list after a certain date.
aws sesv2 list-suppressed-destinations --start-date 1604394130
# or using different profiles
aws sesv2 list-suppressed-destinations --start-date 1604394130 --profile produser
In the preceding command, replace 1604394130 with the Unix timestamp of the start date.
You can also use the EndDate option to only show email addresses that were added to the list before a certain date.
aws sesv2 list-suppressed-destinations --end-date 1611126000
# or using different profiles
aws sesv2 list-suppressed-destinations --end-date 1611126000 --profile produser
To search your account-level suppression list for a specific address
aws sesv2 list-suppressed-destinations | grep -A2 'example.com'
# or using different profiles
aws sesv2 list-suppressed-destinations --profile produser | grep -A2 'mydomain.com'
aws sesv2 put-suppressed-destination \
--email-address recipient@example.com \
--reason BOUNCE
# or using different profiles
aws sesv2 put-suppressed-destination \
--email-address heriberto@domain.com \
--reason BOUNCE --profile productionser
# or with a different reason
aws sesv2 put-suppressed-destination \
--email-address heriberto@domain.com \
--reason COMPLAINT --profile productionser
In order to achieve that you can follow the instructions included in the section called:
Adding email addresses in bulk to your Amazon SES account-level suppression list
In the same link, I shared before - sending email suppression list
Hope this was helpful for you, and have a nice day.
H.