How to check Amazon SES Sending Logs

To monitor and check Amazon SES sending logs, especially to prevent unauthorized use or spam, you can implement several methods:

1. Use Configuration Sets: Set up a configuration set and link it to your identities. This allows you to stream SES events to Amazon S3, which can then be analyzed using AWS analytics services.

2. Monitor IAM Identity: The SES logs capture the 'ses:caller-identity', which is the IAM identity of the Amazon SES user who sent the email. This helps track which user or account initiated the sending process.

3. Utilize CloudWatch: Set up a configuration set to export data to CloudWatch. This can provide graphs and metrics on sent emails, though for more detailed logs, you may need additional configuration.

4. Event Publishing: Enable SES's Event Publishing feature with a configuration set that includes detailed event types like "send," "delivery," "bounce," and others. This provides more comprehensive insights in CloudWatch.

5. Monitor Email Sending Events: Keep track of important measures such as sends, rejects, bounces, complaints, deliveries, opens, and clicks. These metrics can help you identify unusual patterns or potential spam activities.

6. Set up SNS Notifications: Configure Simple Notification Service (SNS) to monitor bounces, complaints, and delivery statuses, which can alert you to potential issues.

7. Use the SES Console: Regularly check the SES console for sending statistics, reputation metrics, and account health information.

8. API Monitoring: Utilize the SES API to programmatically monitor deliveries, bounces, complaints, and rejects.

By implementing these monitoring methods, you can gain visibility into your SES sending activity, track which accounts or keys are being used to send emails, and quickly identify any potential unauthorized or spam-like behavior. This will help you maintain a healthy sending reputation and prevent abuse of your SES resources.

Sources
Amazon SES Statistics by SMTP User | AWS re:Post
Monitoring your Amazon SES sending activity - Amazon Simple Email Service
Monitoring your Amazon SES sending activity - Amazon Simple Email Service

Hello,

To set everything up, the steps are hyperlinked towards the bottom of page 633:

• Create a configuration set.

• Add an event destination.

• Specify your configuration set when sending an email.

• Page 422 of the Amazon Simple Email Service - Developer Guide (Configuration sets)

• Page 433 of the Amazon Simple Email Service - Developer Guide (Event destinations)

• Page 628 of the Amazon Simple Email Service - Developer Guide (Monitor email)

**Source: ** https://docs.aws.amazon.com/pdfs/ses/latest/dg/ses-dg.pdf

If you plan to enable SES Event Logs > Configuration sets in order to log details of every email sent based upon type to help detect unknown senders, consider the following:

• Enable "Reputation points". This is at the Amazon SES > Configuration: Configurations sets > Create set > Reputation options > Check the box besides "Enabled".

• After you have created the set > goto Amazon SES > Configuration: Configuration sets > <name-of-configuration-set> > Click on the tab, 'Event destinations' > Add destination > The best options to help identify unauthorised senders and suspicious activity are - "Sends", "Rejects", "Deliveries".

• From there, click "Next".

• Amazon SES > Configuration: Configuration sets > <name-of-configuration-set> > Specify destination > Select Amazon CloudWatch.

• Amazon SES > Configuration: Configuration sets > <name-of-configuration-set> > Amazon > Add event destination > Amazon CloudWatch dimensions > Value source - select:

• Message Tag to track emails by campaign, application or user.

Default value > UnknownUser

Click on 'Next' > Review > 'Add destination'.