Proper handling of SES bounces sent to sender's reply address (when already using SNS service to handle bounces)

0

Following the help articles we found, we set up a verified SES sending domain, and had that verified domain send bounce notifications to a SNS topic. ​The SNS contact contacts our app via https and our app unsubscribes the email. So we can send our emails from "noreply@ourdomain.com".

However our verified domain doesn't currently receive any emails at all, it has no MX, so any email replies or bounces sent to "noreply@ourdomain.com" would go nowhere. What is the best practice for the sender email address we use? Even though we are using the SNS setup described above to handle bounces, should we still be using a sender email address that can receive bounce back emails too?

2 Answers
0
Accepted Answer

When sending through SES there is a From: header and an Envelope-From: header in the outbound message The From: header will have your from address "noreply@ourdomain.com" and this is the address mail would be sent to if the recipient replies to the message. If the message bounces the bounce is sent to the Envelope-From address which by default is formatted as <SES-Message-ID>@amazonses.com when sending sending through SES. All bounces are sent to this address, the Envelope-From: address, SES then receives the bounces and will then either forward them to the From: address if no Event Notifications are configured and this method does require a working email address to receive the notifications or if Event Notifications are configured the bounce notification is then sent to the SNS Topic you specify. https://docs.aws.amazon.com/ses/latest/dg/monitor-sending-activity-using-notifications-email.html

You do have the option of using a Custom MAIL FROM address which will change the domain of the Envelope-From: to one you verify with SES and this will require your domain to have a DNS record pointing to the SES.

https://docs.aws.amazon.com/ses/latest/dg/mail-from.html

It is best practice to have a From: address you can receive mail in, but not required to receive the bounce notifications when using an SNS topic to receive the bounce notifications

AWS
SUPPORT ENGINEER
answered 2 years ago
  • @RichardW: Can you clarify/confirm that when using a custom MAIL FROM, SES handles configuration of the custom MAIL FROM domain as an accepted incoming domain automatically, and feedback notifications will automatically be piped to the SNS topics configured for feedback notifications? In other words, it is not necessary to add the custom MAIL FROM domain as a verified identity separately?

  • That clarifies all the details I was trying to understand, thanks! Although we use SNS to handle bounces, based on this feedback I ended up making sure we could receive email at our from address, so that we could receive recipient replies to our emails.

0

IIFC, SES only handles publishing feedback to the configured SNS topics for standard MAIL FROM domains. If you have defined a custom MAIL FROM for the Verified Identity, then you will need to create a Email Receiving Rule Set to accept mail for the custom MAIL FROM domain and publish it to the feedback topic(s).

answered 2 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions