- Newest
- Most votes
- Most comments
Hello.
When dealing with sending emails on behalf of multiple tenants, it's critical to separate the reputation of one tenant from another to ensure that the actions of one tenant (e.g., sending spam) don't negatively affect the deliverability of another tenant. Using dedicated IPs is one way to accomplish this. However, as you've pointed out, there are limits to how many dedicated IP pools you can have in AWS.
Here are a few approaches and best practices you might consider:
- Multiple AWS Accounts: One straightforward solution is to create multiple AWS accounts, each with its own limit. While this might sound cumbersome, AWS Organizations can help manage multiple accounts and billing centrally. However, be aware that managing multiple accounts can introduce overhead.
- Shared Pools with Segmentation: Even within a dedicated IP pool, you can have multiple IPs. You can segment multiple tenants to share an IP but ensure they're similar in terms of email sending reputation. This way, even if one tenant starts sending spam, it will only affect a small group of tenants sharing that IP.
- Third-Party ESPs (Email Service Providers): Consider using specialized ESPs like SendGrid, Mailgun, or Postmark. Many of these services offer dedicated IP solutions built specifically for this purpose. They might offer more flexibility in terms of dedicated IP allocation than AWS SES.
Regards, Andrii
Dear Furkan, thanks for asking this interesting question.
In regards to your follow up question, you can make use of the Configuration Sets to isolate each sender even using the default SES Shared IPs. That way, if a rogue sender has a spike in complaints, you can pause that particular configuration set only without affecting others and without getting your account blocked. You still need to setup alerting and monitoring for the reputation at each config set level, but at least this way you can identify who is causing the spikes and prevent a higher impact.
You can configure Amazon SES to export reputation metrics that are specific to emails that are sent using a specific configuration set to Amazon CloudWatch. You can then use these metrics to create CloudWatch alarms that are specific to these configuration sets. When these alarms exceed certain thresholds, you can automatically pause the sending of emails that use the specified configuration sets, without impacting the overall email sending capabilities of your Amazon SES account.
Furthermore, I also recommend reading our blog post about How to implement multi tenancy with Amazon SES, where we describe a configuration that utilizes Dedicated IP Pools (Standard or Managed) for larger senders and Configuration Sets with Shared IPs for others who do not require dedicated IPs:
I hope this helps clarify your question. Please let me know if you need further assistance.
Best regards,
-Bruno
Relevant content
- asked a year ago
- asked 2 years ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 9 months ago
- AWS OFFICIALUpdated a year ago
Thank you for your really really good answer. But If you don't mind I have anoter question. Is there a another way instead of using dedicated ip pools by using the public ip but preventing from the tennant to harm reputation of the ips used so the aws account will not be reviewed or paused and the tennants wont be able to effect each other? Thank you for the answer again.