Account Status: SHUTDOWN?

Hi,

I can confirm that the account is Healthy now.

Regards,
Gaurav @ AWS

Thank you so much!

Hi:

I cannot believe it - this has happened again. We sent an email to ~18k opt-in customers yesterday. 1 complaint. Maybe 10 bounces.

Just now I get another warning from SES and see somehow 29000 emails have been sent and the complaint rate is already at 0.69%.

Our server has no queue, nothing is being sent from our email app, sendmail is still shutdown on the server.

I just updated the SMTP credentials again.

Can I pay for some support for SES to figure out how the heck this is happening?

Thanks for your help!

A short while later and 42000 emails have been sent using our SES account. I do not understand - SMTP credentials have not even been copied from SES. Our bounce/complaint email is not getting anything - zero emails. Nothing in our catchall / spam accounts.

Is there a way to find out where these emails are being sent from? I do not see anything in the SES Management Console.

Any help is welcomed! Thanks.

If someone at AWS support can shut down our SES account for now that would be great. Thanks!

Again I think we need paid support to figure this out.

Now almost 54000 emails have been sent and the complaint rate is 0.89%. SMTP credentials have been reset once more. Our apps and server show zero activity in terms of email sends. I have zero ideas about how this is happening but welcome any help. Thank you - I'm looking for help.

Now at 54k emails sent. Complaints are up to 1.01%.

Still... Nothing being sent by our server or apps. No complaints to our accounts. SMTP credentials changed and changed - that info is not even on our server and only on AWS.

Absolutely out of our control.

Any help appreciated. Thanks! Happy to pay for AWS support!

Just sent this email to ses-review@amazon.com...

=====

​What caused your high complaint rate?

We presume our SMTP account was hacked and we have changed the credentials​ twice tonight​ - none of those bad emails were sent by us. The appropriate configuration files on our server are protected. We have not seen any complaint emails from our server associated with this email send of ​54k +. To add, we have not sent any emails from our server since 7/​16/19 and the hack seems to have occurred on 7/​18/19.

What changes have you made in your email-sending systems or processes?

We have reset the credentials for SMTP​ twice tonight​. We have validated that no bad emails were sent from our servers. We are not using any non opt-in email addresses. Our bounce rate should revert to normal - historically less than 0.2%. Our complaint rate should revert to our normal - historically less than 0.02%.

How do these changes ensure that the issue won't occur again in the future?

New SES SMTP credentials. Scanned/removed all malware on our server. New tools to monitor and alert any hacked sending from our servers. Our systems are safe to re-enable our SES service.

Please let me know any questions. We really need to get our SES account live again.

​Happy to have paid support from Amazon to resolve this.​

The shutdown happened again.

Opening new thread.

Were you able to resolve this? We are facing similar problem.

Have you tried using IP Address Filters as a temporary solution? If it is only a short number of IP addresses or a well-defined set of ranges that you need to send email from, this might fix the problem.

I would still want to investigate this though...to figure out how these people are gaining access to your account.