By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post
About re:Post

SES configuration set cannot disable account level suppression list

0

We need to ensure that authentication code emails are delivered via SES, even to recipients who are on the account-level suppression list.

To achieve this, we configured a configuration set as described in the "Do not use any suppression" section of the AWS documentation Using the Amazon SES account-level suppression list as shown below.

Enter image description here

Despite using this configuration set, emails sent to addresses on the account suppression list are still being bounced. Below is the related SES tracking information:

{
   "eventType":"Bounce",
   "bounce":{
      "bounceType":"Permanent",
      "bounceSubType":"OnAccountSuppressionList",
      "bouncedRecipients":[
         {
            "emailAddress":"...",
            "action":"failed",
            "status":"5.1.1",
            "diagnosticCode":"Amazon SES did not send the message to this address because it is on the suppression list for your account. For more information about removing addresses from the suppression list, see the Amazon SES Developer Guide at https://docs.aws.amazon.com/ses/latest/DeveloperGuide/sending-email-suppression-list.html"
         }
      ],
      "timestamp":"2025-04-21T21:28:19.268Z",
   },
   "mail":{
      "tags":{
         "ses:operation":[
            "SendTemplatedEmail"
         ],
         "ses:configuration-set":[
            "bypass-suppression"
         ],
      }
   }
}

Question: Why is the configuration set not bypassing the account-level suppression list as expected?

  • Malini Agrawal
    22 days ago

    hi,

    SES is region-specific. Can you double-check that the config set was created in the same region you're sending the email from?

  • ScreenName2025
    22 days ago

    @Malini Agrawal Yes, the config set is created in the same region as the email is sent from.

Topics
Front-End Web & MobileBusiness Applications
Tags
Amazon Simple Email Service
Language
English
ScreenName2025
asked 22 days ago57 views
1 Answer
2

Please focus on SES configuration set settings and IAM permissions such as verify the ses:configuration-set tag in the event data, ensure that your IAM role has the necessary permissions to override suppression settings, you may require to explicitly grant SES permissions to bypass suppression.

https://docs.aws.amazon.com/ses/latest/dg/sending-email-suppression-list-config-level.html

EXPERT
Kidd Ip
answered 22 days ago
  • ScreenName2025
    21 days ago

    As shown in my original post, the event data has the tag ("ses:configuration-set":["bypass-suppression"]), indicating that the configuration set I use is correct.

    We also tried to add the following permissions to the email sender IAM permissions, but it still does not work. ses:ListSuppressedDestinations, ses:PutAccountSuppressionAttributes, ses:PutConfigurationSetSuppressionOptions.

    Furthermore, if I change the configuration set to: Override account level settings, with configuration set-level suppression enabled, and reason "complaints only"

    It can bypass the account-level suppression list as expected. This suggests that the issue is not related to IAM permissions, and that the "disabled suppression list" setting is simply not functioning as intended. However, our use case requires bypassing both bounces and complaints.

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content