(arc342) designing & building an end-to-end email solution using aws
TRANSCRIPT
© 2015, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Mahae Koh, Amazon SES
Morgan Thomas, Amazon SES
October 2015
Closing the LoopBuilding Email Infrastructure and Applications with AWS
ARC342
The State and Scale of Email
- Email is not dead
- The Internet sends and receives 2 million emails per
second
The State and Scale of Email
- Classic email architectures require
- Postmasters
- Deliverability managers
- System administrators
- Engineers
A typical 1000-user organization will spend upwards of
$1.8 million a year just on managing spam
Source: Radicati Group
Postmasters
- Responsible for keeping inboxes clear of spam
- Configure DNS-based sender reputation systems
- Process complaints to identify false negatives
- Analyze senders to identify spammers and botnets
- Maintain sender reputation metrics
Postmasters
- Responsible for keeping inboxes clear of spam
- Configure DNS-based sender reputation systems
- Process complaints to identify false negatives
- Analyze senders to identify spammers and botnets
- Maintain sender reputation metrics
Deliverability Managers
- Ensure that marketing campaigns reach widest audience
possible
- Target campaigns based on user preferences
- Maintain high sender reputation
- Enforce compliance with email security standards
- Sender Policy Framework (SPF)
- DomainKeys Identified Mail (DKIM)
Deliverability Managers
- Ensure that marketing campaigns reach widest audience
possible
- Target campaigns based on user preferences
- Maintain high sender reputation
- Enforce compliance with email security standards
- Sender Policy Framework (SPF)
- DomainKeys Identified Mail (DKIM)
System Administrators and Developers
- Ensure that your email infrastructure runs smoothly
- Email firewall devices
- Security appliances
- Mailbox servers
- Build and manage applications
- Campaign management
- Customer support
- Archival
The State and Scale of Email
- Every business must navigate the email landscape to
communicate with customers
- Maintaining your position in the ecosystem as a sender
and receiver is critical
Email Architecture with AWS
Classic Email Architecture
Internet FirewallAppliances
Content Scanners
MailboxServers
Consumer Devices
Email Applications
Classic Email Architecture
Internet Firewall Appliances
Content Scanners
MailboxServers
Consumer Devices
Email Applications
Classic Email Architecture
Internet Firewall Appliances
Content Scanners
Mailbox Servers
Consumer Devices
Email Applications
Internet
Firewall Appliances
Content Scanners
Mailbox Servers
Consumer Devices
Amazon SESEmail
Applications
Sending Mail with Amazon SES
Internet
Firewall Appliances
Content Scanners
Mailbox Servers
Consumer Devices
Amazon SESEmail
Applications
Receiving Mail
Receiving Mail with Amazon SES
- Launched September 2015
- Postmaster as a service
- Easy programmatic access to receiving email
- Integrates with Amazon S3, AWS KMS, Amazon SNS,
Amazon WorkMail, and AWS Lambda
Internet
Firewall Appliances
Content Scanners
Mailbox Servers
Consumer Devices
Amazon SESEmail
Applications
Closing the Loop
Internet Amazon SES
MailboxServers
Consumer Devices
Email Applications
Closing the Loop
Internet Amazon SES
Amazon S3
AWS KMS
Email Architecture with AWS
Internet Amazon SES Amazon SNS Amazon SQS
Email Architecture with AWS
Internet Amazon SES AWS Lambda
Email Architecture with AWS
Internet Amazon SES AmazonWorkMail
Email Architecture with AWS
Amazon SES Receipt Rules
Internet Amazon SES
*@amzn.co
AmazonWorkMail
Customer Support
Amazon SES Receipt Filters
Internet Amazon SES
54.240.12.34
Inbox
173.194.33.150
Reject
✗
Amazon SES
- Works with postmasters and deliverability managers of
major email service providers
- Provides powerful tools for postmasters, deliverability
managers, systems administrators, and developers
- Makes email accessible for businesses
Building Email Applications
Building Email Applications
Use AWS to solve email-related business problems
Leverage the following services:
AWS LambdaAmazon SES Amazon
DynamoDB
and more…
Example Solutions Leveraging SES & AWS
• Automatically create support tickets from customer
email.
• Implement an email auto-responder.
• Process email bounces and complaints.
• Create an email archival solution.
• Receive files from customers via email.
Example Solution 1:Anonymous Email Communication
Anonymous Email
Seller BuyerProduct sale
Anonymous Email
Seller Buyer
Product sale
Email communication
Anonymous Email
Seller Buyer
Product sale
Email communication
Proxy
Anonymous Email
Anonymous Email — Requirements
• Protect customer information
• Utilize email standards
• Secure and resilient to abuse
• Fault tolerant
• Provide auditing and history
Anonymous Email — Traditional Architecture
Receiving email
servers
Spam & virus
scanning
Routing and
application logic
Database
Sending email
servers
Seller Buyer
Amazon DynamoDB or Amazon RDS
Anonymous Email — With AWS
Receiving email
servers
Spam & virus
scanning
Routing and
application logic
Database
Sending email
servers
Seller Buyer
Amazon SESAmazon EC2
Amazon SES
Amazon Lambda
Anonymous Email — SES Receipt Rule
Anonymous Email — SES Receipt Rule
Amazon S3
bucket
Amazon SES
AWS Lambda
function
SES receipt
rule
Anonymous Email — AWS Lambda Application
AWS Lambda
Filter abuseRead
message
Amazon S3
bucket
Determine recipient
DynamoDB
table
Forward message
Amazon SES
Amazon SES
From seller
To buyer
Anonymous Email — AWS Lambda Application
Anonymous Email — Improvements
• Disable communication after elapsed time
• Store transaction logs
• Emit metrics
• Time until response
• Unanswered emails
Anonymous Email — Savings
Customers using SES for this solution can expect to gain:
• Over 50% cost savings compared to EC2-based solution
• Reduction in operations and maintenance
• Effortless scaling from 100/day to 100MM/day
$150-$600/month
for multi-AZ EC2
instances & load balancer
$50/month
for 500,000 messages
with SES
Example Solution 2:List Unsubscribe Support
List Unsubscribe — The Problem
• Header in email messages, usually marketing
• Supported by email clients & providers (gmail, hotmail, etc.)
From: [email protected]
Subject: Monthly newsletter
Date: August 31, 2015 3:13:02 PM PDT
List-Unsubscribe: <mailto:[email protected]>
List Unsubscribe — The Solution
List Unsubscribe — Requirements
• Add List-Unsubscribe header to outgoing emails
• Accept email unsubscribe requests
• Manage subscriber preferences
• Secure and resilient to abuse
• Fault tolerant
• Unique identifier encapsulates customer ID or email
address
• Could optionally contain mailing or campaign ID for
detailed unsubscribe metrics
• HTTP URLs are also welcome
List Unsubscribe — Add header
From: [email protected]
Subject: Monthly newsletter
Date: August 31, 2015 3:13:02 PM PDT
List-Unsubscribe: <mailto:[email protected]>
List Unsubscribe — SES Receipt Rule
AWS Lambda
Amazon SESUnsubscribe
request
Lambda SES event object contains
information about the message received
SES receipt
rule
List Unsubscribe — Example SES Event"ses": {
"mail": {
"commonHeaders": {
"from": ["Morgan Thomas <[email protected]>"],
"to": ["Bobby <[email protected]>"],
"returnPath": "[email protected]",
"messageId": "j4ghdrd4gmvo00",
"date": "Thu, 10 Sep 2015 17:25:37 +0000",
"subject": "Monthly newsletter"
},
"headers": […],
"messageId": "f18rgld2sbme6gjpuhncr2gmlo00"
},
"receipt": {
"spamVerdict": { "status": ”FAIL” },
"virusVerdict": { "status": ”PASS” },
"dkimVerdict": { "status": "PASS” },
"spfVerdict": { "status": "PASS” },
"processingTimeMillis": 409
}
}
Commonly used headers
Complete list of headers
SES message ID
Information provided by
SES about the email
List Unsubscribe — AWS Lambda Application
AWS Lambda
Amazon SES
Parse recipient
Look up email address
Unsubscribe
DynamoDB
table
DynamoDB
table
Filter abuse
Unsubscribe request
Example Solution 3:Centralized Abuse Filtering
What’s in Common?
Filter abuse
Read Look up Forward
Parse Look upUnsub-scribe
Filter abuse
What’s in Common? — Abuse Filtering
• You don’t want spam
• You don’t want viruses
Optionally:
• You only want authenticated mail
• (valid SPF & DKIM)
• You only want mail for valid recipients
• (existing users in directory)
Active Rule Set
S3 action Lambda action
Lambda action
Amazon SES
List unsubscribe
Anonymous email
Abuse filter
mail.ses-example.com
unsubscribe.ses-example.com
1
2
3
(applies to all recipients)
Active Rule Set
S3 action Lambda action
Lambda action
Amazon SES
List unsubscribe
Anonymous email
Abuse filter
mail.ses-example.com
unsubscribe.ses-example.com
1
2
3
Lambda action Bounce action Stop action
Determine if mail is desired(is it spam?)
If desiredreturn
‘stop_rule’
If not desiredreturn
‘continue’
RequestResponse (synchronous)
Active Rule Set
S3 action Lambda action
Lambda action
Amazon SES
List unsubscribe
Anonymous email mail.ses-example.com
unsubscribe.ses-example.com
1
2
3
Abuse filter
Lambda action Bounce action Stop actionS3 action
Active Rule Set
S3 action Lambda action
Lambda action
Amazon SES
List unsubscribe
Anonymous email
mail.ses-example.com
unsubscribe.ses-example.com
1
2
3
Abuse filter
Lambda action Bounce action Stop actionS3 action
Your Future Rule Set
Amazon SES
????
• Share ideas and feature requests on the AWS forums
• forums.aws.amazon.com
• Follow announcements and email tips on the SES blog
• sesblog.amazon.com
Thank you!
Remember to complete
your evaluations!