Background: I was handed the reins for our company's AWS account to implement a process to make sure our SES delivery report notifications can get acted on instead of just being filed away or deleted.
That said, the first hurdle is that the email address associated with our company's helpdesk keeps receiving all Amazon SES notifications for bounces, complaints and delivery failures. This creates a mess for our support staff in having to wade through these emails individually, and our ticketing system doesn't have the capability of auto-forwarding emails even though I can categorize them based on rules when they arrive.
I have read through all the knowledge base articles for SES notifications as well as ~380 forum topics relating to email notifications, but I didn't see an answer posted this question even though it had been asked a handful of times.
What we've done:
Set up a dedicated email inbox for these requests so we can then process them correctly (that we want to divert these messages to).
Created an SNS topic with the new email address as its endpoint and applied it to all categories, but the emails still kept going to support, so that clearly wasn't the solution.
Removed all hard-coded references to these emails from our software code, but we still get individual Amazon SES notifications to the helpdesk (~30 a day).
Simple idea, but AWS is pretty intimidating especially for our small company where no one has taken the time to learn through the ins and outs after first setting it up (fire and forget).
Edit for clarity, the emails I'm trying to redirect are "Delivery Status Notification (Failure/Delay)" and "Undeliverable:..."
Here's how i got this to work:
Under "AWS SNS"
Create an SNS Topic
Create a subscription to the topic that sends an email to your desired "catch address"
Confirm this subscription by clicking the link sent by AWS to this address
Under "SES Management - Identity Mangement"
Verify a domain or email address
At the domain/email address go to Notification and DISABLE Email Feedback Forwarding
Same place select your SNS topic for Bounces and Complaints
Under "SES Managment - Email Receiving"
Create a Rule set and then create a rule with the domain or email address above
Make the action the SNS rule above
When sending mail be sure that the From address is using the domain/email address above. All bounces and complaints should now end up in the catch address inbox. ALL OF THIS must be setup in the same region.
These notifications are configured either at a verified Domain level or at a verified email address level. This page has info on it. At the bottom, it talks about how you can confirgue to have messages sent to email or a SNS topic. You probably have a notification setup on your domain or the specific email address you are using.
You'll find all this in the SES section of the AWS Console under the Identity Management section. Make sure you check both the Domains area and the Email Addresses area.
You make the feedback address differ from the sender by setting the Return-Path header in your message (subject to a few other rules):
From the developer guide:
If you used the SMTP interface to send the message, then notifications go to the address specified in the MAIL FROM command.
If you used the SendEmail API operation to send the message, then the notifications are delivered according to the following rules:
If you specified the optional ReturnPath parameter in your call to the SendEmail API, then notifications go to that address.
Otherwise, notifications go to the address specified in the required Source parameter of SendEmail.
If you used the SendRawEmail API operation to send the message, then the notifications are delivered according to the following rules:
If you specified a Source parameter in your call to the SendRawEmail API, then notifications go to that address. This is true even if you specified a Return-Path header in the body of the email.
Otherwise, if you specified a Return-Path header in the raw message, then notifications go to that address.
Otherwise, notifications go to the address in the From header of the raw message.
Related
this is a pretty specific case, but it drives me crazy...
We recently migrated our email service to google workspace. We do have an invoice#mydomain.com address which earlier was configured to forward emails to someinbox#datev.com. someinbox is a mail upload feature for tax related invoices of our company. The problem started when i was trying to set up the mail filter in Gmail.
All emails with an attachment should be forwarded to someinbox#datev.com. To forward emails with Gmail, google needs to verify that I am allowed to forward to that specific address. It therefore now sends a confirmation email with a link to that address. that email is being sent by eg. noreply-forwarding#google.com, which is being rejected (550 5.7.1 Security policy violation: sender address not authorized). The problem is, datev only accepts emails from "verified sender addresses". It does that verification by also sending an email verification to that "verified sender address". Which in my case now becomes the noreply-forwarding#google.com, which I obviously not maintain and therefore i am unable to verify that address.
So I am unable to add the forwarding email address in Gmail, because of the sender google uses to verify the forwarding address.
We use google workspace, so I am able to use the pretty cool routing feature of Gmail. First I created an email-alias called datev#mydomain.com. I then setup a rule which simply changes the envelope-sender to someinbox#datev.com if the envelope-sender is datev#mydomain.com. that part works. If I send an email from the invoice#mydomain.com to datev#mydomain.com it changes datev#mydomain.com to someinbox#datev.com.
The next problem was, every forwarding (which the Gmail filter was doing) works by sending the same email to someinbox#datev.com while keeping the original sender. That also happened when I tried to do the same workaround by creating a new email forwarder (or even a mailbox) on a different domain without google workspace. I also tried it using posteo. The original sender is being used as the sender address and therefore datev rejects it. It wouldn't be possible to register all sender address as we get a lot of invoices from business partners.
Does anybody know or see a way of doing this? Aren't there any secure email forwarder which replace the sender address to the one of the forwarder instead of keeping the original one? I know, this is in most cases a pretty nice feature as you can see who the email originally sent, in my case it makes me nuts.
I tried to send an email through sendgrid. I have a custom domain myself#contoso.com. If i try to send an email to user1#gmail.com with the from address as myself#contoso.com,then,the email is delivered to gmail with "via". When i try sending email to myself#contoso.com with the from address being myself#contoso.com the activity says the email is delivered however, in outlook client i have not received the email. What is it that I can try or do?
I have tried whitelisting contoso.com but it did not work
This is not an answer, as it doesn't help work out why the emails that are "Delivered" have not been received, but this is SendGrid's note on why Email messages with the “Delivered” status are not received:
Twilio SendGrid posts the Delivered event after the destination server accepts the message with a 250 OK response. Once an email is accepted by the destination server, we are unable to see what happens to the message. The receiving server could send it to the inbox, queue it for later delivery, put it into the spam folder, etc.
Often times, a recipient domain will initially accept a message for delivery, and then apply additional filtering afterwards. In this situation, we would have posted the Delivered event, but not have any insight into the additional filtering. Any additional Twilio SendGrid events for your email message would be triggered by recipient engagement (i.e. open/click events, unsubscribes, etc.).
Also note that at the time of writing, that answer had 26 downvotes (and zero upvotes) on the SendGrid website, probably indicating that many other users have experienced this problem.
I had several issue solving this problem. The most important part is to set "Sender Authentication" from sendgrid to your domain dns. There is a instruction here. I'm using godaddy, so the link to set dns is https://dcc.godaddy.com/manage//dns .
I am developing the application that receives emails from the different users and processes them in some way.
For this purpose, I started to use Amazon SES service. According to the documentation, I verified my domain (set up MX record, added email-smtp.us-east-1.amazonaws.com and so on). Also, I set up the rule for processing received an email (it is lambda function). I didn't add any IP Address Filter so it has to receive emails from all sources.
Now, I trying to send the email to a random address on my domain (for example, admin#mydomain.com) from my Gmail account. But my message isn't delivered and response from the remote server is 530 Authentication required.
I googled my error and saw only issues related to sending emails.
What have I missed with receiving email on AWS SES?
EDIT:
This how my records look. Name fields are mostly empty because system skip my domain name (for example: change _AMAZONSES.mydomain.ext to _AMAZONSES).
Given multi-tenant application, How are vendors implementing email notifications from an email account setup and programming perspective:
Sending emails could come from a generic account: eg notifications#VendorName.com or noreply#VendorName.com, this seems reasonable considering reply addresses and lilnks can be contained within the email contents.
Receiving Emails: How would an application receive email, for instance; to generate support tickets or assign comments in an email to a project/task. I have seen ID's within the subject and some reply to addresses containing the account name eg: notifications#AccountName.VendorName.com
I realise one can programatically connect to a pop3 server and receive emails and look for the IDs with the subject, but is there a way of setting up and receiving email to a single pop3 account from multiple sub-host name email addresses (not sure on terminology there) eg: noreply#AccountName1.VendorName.com or noreply#AccountName2.VendorName.com and check the Account Name from the address? (similar to checking subdomains on a URL)
Any practices, experience, comments or sughestions?
(not sure its relevant, but using C# asp.net-mvc and services etc)
For sending notification emails, we have a notification send to address associated with each account and simply send from our domain to that address. Our from address is monitored and replies end up in the CSR work queue.
For inbound emails, we use FogBugz (from the makers of Stack Overflow) for case tracking. That accepts new cases via email (e.g. cases#mycompany.com). Tickets are auto-created from the email. My only complaint there is that the customer needs to check an obscure link for case updates (no "my cases" web portal, but maybe that will come out in an upcoming version of FogBugz).
We have a custom field in FogBugz to indicate the customer the ticket is from. We could theoretically write a plugin to FogBugz that auto-assigns that using the senders domain, but I guess the CSR's haven't complained loudly enough yet :-)
We (at muHive) are an inbound email/social conversations management product. If you are looking at a handling inbound email or social media conversations from customers, we have an impressive toolset.
For our own outbound needs, the simplest way is to use an Email sending API. Don't bother with SMTP sending by yourself. We use Amazon SES and have also tried Sendgrid which gave us additional benefits like delivery status and email parsing.
There are two ways in which you can handle multiple accounts to a catch all email address. If your target system can differentiate between different customers and assign tasks to the correct representatives based on either the content/sender, ask all your customers to send an email to support#company.com.
As you rightly said, you could also create *accountName_support#company.com* email addresses and use different accounts on whatever CRM/Support solution use to manage these emails.
Another approach is to have your customers send you an email to support#company.com and you use a rule based system (like muHive) to forward these mails to the appropriate account executives based on the customer/account who sent the mail.
I have a web app that only registered users can use, therefore I should have a valid e-mail address for the creator of the message.
One part of this web app will allow a user to create and send a e-mail message to an e-mail address that the user enters. My web server will be creating and sending the e-mail, however if there is a delivery problem with the e-mail I would like the bounce to go to the user's e-mail address instead of the server. This will allow the user to know that there was a problem delivering the message and they can take the appropriate action.
Would setting the "return-path" attribute to the user's e-mail address handle this?
As RFC2821 says:
The primary purpose of the Return-path is to designate the address to which messages indicating non-delivery or other mail system failures are to be sent. For this to be unambiguous, exactly one return path SHOULD be present when the message is delivered.
So yes, all standard compliant servers should account for the Return-path you set.
You could set up windows service on your server to periodically check BadMail folder and parse the bounced messages and resend them to the original sender. This solution would work in most cases. I don't think return-path would help in every instance (if it would at all), because different mail servers handle bounces differently.