Why are some emails not being delivered through Amazon SES?

Key findings

• Internal suppression lists: Amazon SES maintains an account-level suppression list that can block emails to addresses that have previously resulted in bounces or complaints, even if not globally suppressed. This is a common, yet often overlooked, cause of non-delivery.
• Lack of customisation: Using SES without proper customisation, such as setting a custom return-path and configuring DKIM signing for your domain, can lead to deliverability issues.
• Recipient-side filtering: Despite a healthy sending reputation with SES, recipient mail servers (like Gmail, Yahoo, or Outlook) might still filter or silently drop emails due to their own internal spam detection algorithms or specific user preferences. This can sometimes lead to emails going missing or getting silently dropped.
• Configuration errors: Incorrect template data, unverified sending addresses, or misconfigured rule sets can prevent emails from being constructed or processed by SES, even if the sending request seems successful.

Key considerations

• Verify email addresses: Ensure all 'From' and 'Return-Path' addresses are verified in your SES account or that your account is out of sandbox mode to send to unverified addresses. You can find more information about this at the AWS knowledge center.
• Monitor SES metrics: Regularly check your SES reputation dashboard for bounces, complaints, and delivery failures to identify any rising trends or specific issues. While healthy, changes can indicate a problem.
• Examine SES logs and events: Configure SES to publish events to Amazon CloudWatch or Kinesis Firehose to gain visibility into opens, clicks, bounces, complaints, and deliveries. This granular data can help pinpoint why emails are not reaching recipients.
• Content and template validation: If using SES templates, verify that all variables are correctly supplied and that the template data is compliant to avoid emails being dropped due to rendering issues.

Key opinions

• Basic SES setup isn't enough: Just connecting to SES isn't sufficient for reliable delivery; custom return-paths and DKIM signing are crucial for optimal performance and reducing unexplained non-delivery.
• High non-delivery rates are concerning: A 50% non-receipt rate across major email providers (Gmail, Yahoo, Outlook) is a significant indicator of an underlying issue that isn't being reflected in bounce or complaint metrics.
• Suppression lists can be a silent killer: SES has its own account-level suppression list for addresses that have bounced or complained, which can prevent future deliveries to those addresses without explicit notification.
• The devil is in the details: Without specific details on the nature of the non-delivery (e.g., specific error messages, logs, or recipient domains), diagnosing the problem becomes highly speculative.

Key considerations

• Check SES configurations: Always ensure your custom return-path is configured and your domain is properly DKIM signed within SES. These settings are vital for reliable delivery and avoiding common pitfalls with Amazon SES.
• Investigate suppression lists: Even if global bounce rates are low, check your specific SES account-level suppression list for the affected addresses. This can often reveal why certain emails aren't going through.
• Look for domain patterns: Identify if non-delivery is concentrated at specific recipient domains (e.g., Microsoft Outlook or Hotmail, or others like Yahoo and AOL) as this can point to recipient-specific blockages or filtering rules.
• Verify sender identity: Ensure that the email address used in the 'From' header is correctly verified within SES, as unverified addresses can cause emails to fail or be dropped without notice.

Key opinions

• Suppression lists are critical: SES maintains a suppression list that will block mail to addresses that have previously bounced or complained, regardless of current sending behavior or global reputation.
• Advanced configuration is essential: Relying on default SES settings can lead to deliverability problems. Proper configuration of authentication records like SPF and DKIM, and utilizing custom return-paths, are vital.
• High non-delivery points to deep issues: A 50% non-delivery rate, particularly across multiple mailbox providers, signals a fundamental issue that needs immediate and thorough investigation, as it's not typical for a healthy SES setup.
• Visibility is key: Without detailed logs and insights into SES's internal processing and recipient responses, pinpointing the cause of non-delivery remains speculative.

Key considerations

• Implement DMARC: Beyond SPF and DKIM, implementing DMARC provides valuable feedback on authentication failures and helps identify unauthorized sending from your domain, which could impact deliverability through SES.
• Analyze recipient patterns: If a significant portion of emails are not reaching inboxes, analyze if there's a pattern among the recipients, such as specific domains or corporate networks that might be employing aggressive filtering.
• Leverage SES notifications: Set up SNS notifications for bounces, complaints, and deliveries to get real-time feedback and integrate this data into your CRM or marketing automation platform for better list hygiene and troubleshooting. This can help prevent delivery errors with no hard bounces.
• Review content and sending practices: Even with perfect technical setup, recipient filters can block emails based on content or sending patterns. Regularly review your email content for spammy keywords, broken links, or overly aggressive sending frequency that might trigger filters.

Key findings

• Account-level suppression: Amazon SES automatically adds email addresses that result in hard bounces or user complaints to an account-level suppression list, preventing future delivery to these addresses.
• Identity verification: All 'From' and 'Return-Path' email addresses and domains must be verified with SES, or your account must be out of sandbox mode to send to unverified recipients. Failure to do so can result in non-delivery.
• Recipient-side drops: Email service providers (ESPs) or recipient mail servers might drop emails if they fail their internal spam checks or policy requirements, even if SES successfully accepted the email for sending.
• Template and content issues: If email templates contain non-compliant or missing variables, SES might be unable to construct the email, leading to it being dropped before delivery attempt.

Key considerations

• Utilize event publishing: Set up SES event publishing to Amazon CloudWatch or Kinesis Firehose to capture detailed logs on deliveries, bounces, complaints, and rejections, allowing for precise troubleshooting. This can help investigate what happened to emails sent via SES.
• Check sending limits: Monitor your SES sending quotas and limits. Exceeding these limits can lead to emails being queued or dropped, affecting timely delivery.
• Configure authentication records: Properly configure SPF, DKIM, and DMARC records for your sending domains to enhance email authentication and improve deliverability. Amazon SES encourages these best practices.
• Review recipient feedback: If emails are not delivered to certain domains, investigate common reasons for rejection from those specific mail providers, as their policies can vary significantly.