Amazon Simple Email Service (Amazon SES) uses SMTP (Simple Mail Transfer Protocol) to send an email.Since SMTP itself does not provide authentication, a spammer can send emails that appear to be from someone else while hiding the actual source. By forging email headers and spoofing source IP addresses, spammers can fool recipients into believing that the email messages they receive are genuine.
Most ISPs that relay email traffic have taken steps to assess the seriousness of emails. One such measure ISPs take is to determine whether an email is authenticated. Authentication requires senders to verify that they are the owner of the sending account. Sometimes ISPs refuse to forward an email that is not authenticated. For optimal deliverability, we recommend that you authenticate your e-mail.
The following sections describe two authentication mechanisms that ISPs use - Sender Policy Framework (SPF) and DomainKeys Identified Mail (DKIM) - and provide instructions for using these standards with Amazon SES.
- For more information on SPF, which provides a way to trace an email message back to the system it was sent from, see Authenticating Your Email with SPF in Amazon SES.
- For more information about DKIM, a standard that lets you sign your email to show ISPs that your messages are legitimate and have not been altered in transit, see Authenticating Your Email with DKIM in Amazon SES.
- For more information on how to comply with Domain-based Message Authentication, Reporting and Conformance (DMARC), which relies on SPF and DKIM, see Complying with DMARC with Amazon SES.
See the AWSMessaging and Targeting blog for information and discussion on a range of topics related to Amazon SES. To browse and post questions, visit the Amazon SES Forum.