Dedicated IP Pool Limit for Multi-Tenant Application

0

In my multi-tenancy laravel web project I want to implement an email module so my tenants can send email to their customers. And of course I want to isolate the ip reputation from one tenant to another. After researching for a while, dedicated ip (managed) seemed like a good fit to achieve this, but I found out that there is a limit of 50 dedicated ip pool in total for an AWS account. But what if I have more then 50 tenants and I want to manage them in one account. What is the best practise for me?

furkan
asked a year ago281 views
2 Answers
1
Accepted Answer

Hello.

When dealing with sending emails on behalf of multiple tenants, it's critical to separate the reputation of one tenant from another to ensure that the actions of one tenant (e.g., sending spam) don't negatively affect the deliverability of another tenant. Using dedicated IPs is one way to accomplish this. However, as you've pointed out, there are limits to how many dedicated IP pools you can have in AWS.

Here are a few approaches and best practices you might consider:

  • Multiple AWS Accounts: One straightforward solution is to create multiple AWS accounts, each with its own limit. While this might sound cumbersome, AWS Organizations can help manage multiple accounts and billing centrally. However, be aware that managing multiple accounts can introduce overhead.
  • Shared Pools with Segmentation: Even within a dedicated IP pool, you can have multiple IPs. You can segment multiple tenants to share an IP but ensure they're similar in terms of email sending reputation. This way, even if one tenant starts sending spam, it will only affect a small group of tenants sharing that IP.
  • Third-Party ESPs (Email Service Providers): Consider using specialized ESPs like SendGrid, Mailgun, or Postmark. Many of these services offer dedicated IP solutions built specifically for this purpose. They might offer more flexibility in terms of dedicated IP allocation than AWS SES.

Regards, Andrii

profile picture
EXPERT
answered a year ago
profile picture
EXPERT
reviewed 15 days ago
  • Thank you for your really really good answer. But If you don't mind I have anoter question. Is there a another way instead of using dedicated ip pools by using the public ip but preventing from the tennant to harm reputation of the ips used so the aws account will not be reviewed or paused and the tennants wont be able to effect each other? Thank you for the answer again.

1

Dear Furkan, thanks for asking this interesting question.

In regards to your follow up question, you can make use of the Configuration Sets to isolate each sender even using the default SES Shared IPs. That way, if a rogue sender has a spike in complaints, you can pause that particular configuration set only without affecting others and without getting your account blocked. You still need to setup alerting and monitoring for the reputation at each config set level, but at least this way you can identify who is causing the spikes and prevent a higher impact.

You can configure Amazon SES to export reputation metrics that are specific to emails that are sent using a specific configuration set to Amazon CloudWatch. You can then use these metrics to create CloudWatch alarms that are specific to these configuration sets. When these alarms exceed certain thresholds, you can automatically pause the sending of emails that use the specified configuration sets, without impacting the overall email sending capabilities of your Amazon SES account.

https://docs.aws.amazon.com/ses/latest/dg/monitoring-sender-reputation-pausing-configuration-set.html

Furthermore, I also recommend reading our blog post about How to implement multi tenancy with Amazon SES, where we describe a configuration that utilizes Dedicated IP Pools (Standard or Managed) for larger senders and Configuration Sets with Shared IPs for others who do not require dedicated IPs:

https://aws.amazon.com/blogs/messaging-and-targeting/how-to-manage-email-sending-for-multiple-end-customers-using-amazon-ses/

I hope this helps clarify your question. Please let me know if you need further assistance.

Best regards,

-Bruno

AWS
bruno_g
answered 8 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions