We started having a strange problem in the last few hours. We send transactional emails through SES. One of the email templates we use has the word "select" in it. Example:
Reservations are free and -- if you select a free cancellation rate...
This worked just fine for many years until early this morning when we started getting a 403 Error back any time we tried to send an email. We eventually narrowed it down to the word "select". If we removed it from the email, it would send just fine. We're guessing it has something to do with an updated WAF ruleset that must be blocking the word "select" due to its possible use in a query-based SQL-type attack, but we're not sure.
Has anyone else come across this? I can see the thinking, here, but to block a commonly used word from being sent via email is probably not the best approach to dealing with a potential vulnerability.
AWS OFFICIALUpdated 2 years ago
