Skip to content
By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post
About re:Post

Question Regarding AWS SES

0

We recently migrated our application server from AWS to a DigitalOcean droplet and configured our server to send emails through Amazon SES using SMTP credentials. After the migration, SES sending was paused with the message that the SMTP credentials may have been compromised. Could you please help us understand where to get such below information.

From which IP addresses the SMTP credentials were used? Whether the suspicious activity was related to our DigitalOcean server IP? If there were any unusual sending patterns or volumes detected? This will help us determine whether the credentials were exposed or if the activity was coming from our newly configured server.

Topics
Front-End Web & MobileBusiness Applications
Tags
Amazon Simple Email Service
Language
English
asked 2 months ago34 views
1 Answer
0

Amazon Simple Email Service (SES) will automatically suspend email sending if it detects that SMTP credentials may have been compromised. However, SES does not provide detailed forensic data such as the originating IP addresses, specific traffic patterns, or confirmation of whether the activity was associated with your DigitalOcean server.

https://docs.aws.amazon.com/ses/latest/dg/monitor-sending-activity.html

https://docs.aws.amazon.com/ses/latest/dg/monitor-using-event-publishing.html

https://docs.aws.amazon.com/ses/latest/dg/smtp-credentials.html

https://docs.aws.amazon.com/ses/latest/dg/logging-using-cloudtrail.html

EXPERT
answered 2 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Relevant content