© 2015, Amazon Web Services, Inc. or its Affiliates. All rights reserved.

Mahae Koh, Amazon SES

Morgan Thomas, Amazon SES

October 2015

Closing the LoopBuilding Email Infrastructure and Applications with AWS

ARC342

The State and Scale of Email

- Email is not dead

- The Internet sends and receives 2 million emails per

second

The State and Scale of Email

- Classic email architectures require

- Postmasters

- Deliverability managers

- System administrators

- Engineers

A typical 1000-user organization will spend upwards of

$1.8 million a year just on managing spam

Source: Radicati Group

Postmasters

- Responsible for keeping inboxes clear of spam

- Configure DNS-based sender reputation systems

- Process complaints to identify false negatives

- Analyze senders to identify spammers and botnets

- Maintain sender reputation metrics

Postmasters

- Responsible for keeping inboxes clear of spam

- Configure DNS-based sender reputation systems

- Process complaints to identify false negatives

- Analyze senders to identify spammers and botnets

- Maintain sender reputation metrics

Deliverability Managers

- Ensure that marketing campaigns reach widest audience

possible

- Target campaigns based on user preferences

- Maintain high sender reputation

- Enforce compliance with email security standards

- Sender Policy Framework (SPF)

- DomainKeys Identified Mail (DKIM)

Deliverability Managers

- Ensure that marketing campaigns reach widest audience

possible

- Target campaigns based on user preferences

- Maintain high sender reputation

- Enforce compliance with email security standards

- Sender Policy Framework (SPF)

- DomainKeys Identified Mail (DKIM)

System Administrators and Developers

- Ensure that your email infrastructure runs smoothly

- Email firewall devices

- Security appliances

- Mailbox servers

- Build and manage applications

- Campaign management

- Customer support

- Archival

The State and Scale of Email

- Every business must navigate the email landscape to

communicate with customers

- Maintaining your position in the ecosystem as a sender

and receiver is critical

Email Architecture with AWS

Classic Email Architecture

Internet FirewallAppliances

Content Scanners

MailboxServers

Consumer Devices

Email Applications

Classic Email Architecture

Internet Firewall Appliances

Content Scanners

MailboxServers

Consumer Devices

Email Applications

Classic Email Architecture

Internet Firewall Appliances

Content Scanners

Mailbox Servers

Consumer Devices

Email Applications

Internet

Firewall Appliances

Content Scanners

Mailbox Servers

Consumer Devices

Amazon SESEmail

Applications

Sending Mail with Amazon SES

Internet

Firewall Appliances

Content Scanners

Mailbox Servers

Consumer Devices

Amazon SESEmail

Applications

Receiving Mail

Receiving Mail with Amazon SES

- Launched September 2015

- Postmaster as a service

- Easy programmatic access to receiving email

- Integrates with Amazon S3, AWS KMS, Amazon SNS,

Amazon WorkMail, and AWS Lambda

Internet

Firewall Appliances

Content Scanners

Mailbox Servers

Consumer Devices

Amazon SESEmail

Applications

Closing the Loop

Internet Amazon SES

MailboxServers

Consumer Devices

Email Applications

Closing the Loop

Internet Amazon SES

Amazon S3

AWS KMS

Email Architecture with AWS

Internet Amazon SES Amazon SNS Amazon SQS

Email Architecture with AWS

Internet Amazon SES AWS Lambda

Email Architecture with AWS

Internet Amazon SES AmazonWorkMail

Email Architecture with AWS

Amazon SES Receipt Rules

Internet Amazon SES

*@amzn.co

AmazonWorkMail

support@amzn.co

Customer Support

Amazon SES Receipt Filters

Internet Amazon SES

54.240.12.34

Inbox

173.194.33.150

Reject

✗

Amazon SES

- Works with postmasters and deliverability managers of

major email service providers

- Provides powerful tools for postmasters, deliverability

managers, systems administrators, and developers

- Makes email accessible for businesses

Building Email Applications

Building Email Applications

Use AWS to solve email-related business problems

Leverage the following services:

AWS LambdaAmazon SES Amazon

DynamoDB

and more…

Example Solutions Leveraging SES & AWS

• Automatically create support tickets from customer

email.

• Implement an email auto-responder.

• Process email bounces and complaints.

• Create an email archival solution.

• Receive files from customers via email.

Example Solution 1:Anonymous Email Communication

Anonymous Email

Seller BuyerProduct sale

Anonymous Email

Seller Buyer

Product sale

Email communication

Anonymous Email

Seller Buyer

Product sale

Email communication

Proxy

Anonymous Email

Anonymous Email — Requirements

• Protect customer information

• Utilize email standards

• Secure and resilient to abuse

• Fault tolerant

• Provide auditing and history

Anonymous Email — Traditional Architecture

Receiving email

servers

Spam & virus

scanning

Routing and

application logic

Database

Sending email

servers

Seller Buyer

Amazon DynamoDB or Amazon RDS

Anonymous Email — With AWS

Receiving email

servers

Spam & virus

scanning

Routing and

application logic

Database

Sending email

servers

Seller Buyer

Amazon SESAmazon EC2

Amazon SES

Amazon Lambda

Anonymous Email — SES Receipt Rule

Anonymous Email — SES Receipt Rule

Amazon S3

bucket

Amazon SES

AWS Lambda

function

SES receipt

rule

Anonymous Email — AWS Lambda Application

AWS Lambda

Filter abuseRead

message

Amazon S3

bucket

Determine recipient

DynamoDB

table

Forward message

Amazon SES

Amazon SES

From seller

To buyer

Anonymous Email — AWS Lambda Application

Anonymous Email — Improvements

• Disable communication after elapsed time

• Store transaction logs

• Emit metrics

• Time until response

• Unanswered emails

Anonymous Email — Savings

Customers using SES for this solution can expect to gain:

• Over 50% cost savings compared to EC2-based solution

• Reduction in operations and maintenance

• Effortless scaling from 100/day to 100MM/day

$150-$600/month

for multi-AZ EC2

instances & load balancer

$50/month

for 500,000 messages

with SES

Example Solution 2:List Unsubscribe Support

List Unsubscribe — The Problem

• Header in email messages, usually marketing

• Supported by email clients & providers (gmail, hotmail, etc.)

From: josh@example.com

Subject: Monthly newsletter

Date: August 31, 2015 3:13:02 PM PDT

To: jasmine@example.com

List-Unsubscribe: <mailto:z8dfmiy1jd6ks9a@unsubscribe.example.com>

List Unsubscribe — The Solution

List Unsubscribe — Requirements

• Add List-Unsubscribe header to outgoing emails

• Accept email unsubscribe requests

• Manage subscriber preferences

• Secure and resilient to abuse

• Fault tolerant

• Unique identifier encapsulates customer ID or email

address

• Could optionally contain mailing or campaign ID for

detailed unsubscribe metrics

• HTTP URLs are also welcome

List Unsubscribe — Add header

From: josh@example.com

Subject: Monthly newsletter

Date: August 31, 2015 3:13:02 PM PDT

To: jasmine@example.com

List-Unsubscribe: <mailto:z8dfmiy1j4d9a@unsubscribe.ses-example.com>

List Unsubscribe — SES Receipt Rule

AWS Lambda

Amazon SESUnsubscribe

request

Lambda SES event object contains

information about the message received

SES receipt

rule

List Unsubscribe — Example SES Event"ses": {

"mail": {

"commonHeaders": {

"from": ["Morgan Thomas <morgan@example.com>"],

"to": ["Bobby <bobby@example.com>"],

"returnPath": "morgan@example.com",

"messageId": "j4ghdrd4gmvo00",

"date": "Thu, 10 Sep 2015 17:25:37 +0000",

"subject": "Monthly newsletter"

},

"headers": […],

"messageId": "f18rgld2sbme6gjpuhncr2gmlo00"

},

"receipt": {

"spamVerdict": { "status": ”FAIL” },

"virusVerdict": { "status": ”PASS” },

"dkimVerdict": { "status": "PASS” },

"spfVerdict": { "status": "PASS” },

"processingTimeMillis": 409

}

}

Commonly used headers

Complete list of headers

SES message ID

Information provided by

SES about the email

List Unsubscribe — AWS Lambda Application

AWS Lambda

Amazon SES

Parse recipient

Look up email address

Unsubscribe

DynamoDB

table

DynamoDB

table

Filter abuse

Unsubscribe request

Example Solution 3:Centralized Abuse Filtering

What’s in Common?

Filter abuse

Read Look up Forward

Parse Look upUnsub-scribe

Filter abuse

What’s in Common? — Abuse Filtering

• You don’t want spam

• You don’t want viruses

Optionally:

• You only want authenticated mail

• (valid SPF & DKIM)

• You only want mail for valid recipients

• (existing users in directory)

Active Rule Set

S3 action Lambda action

Lambda action

Amazon SES

List unsubscribe

Anonymous email

Abuse filter

mail.ses-example.com

unsubscribe.ses-example.com

1

2

3

(applies to all recipients)

Active Rule Set

S3 action Lambda action

Lambda action

Amazon SES

List unsubscribe

Anonymous email

Abuse filter

mail.ses-example.com

unsubscribe.ses-example.com

1

2

3

Lambda action Bounce action Stop action

Determine if mail is desired(is it spam?)

If desiredreturn

‘stop_rule’

If not desiredreturn

‘continue’

RequestResponse (synchronous)

Active Rule Set

S3 action Lambda action

Lambda action

Amazon SES

List unsubscribe

Anonymous email mail.ses-example.com

unsubscribe.ses-example.com

1

2

3

Abuse filter

Lambda action Bounce action Stop actionS3 action

Active Rule Set

S3 action Lambda action

Lambda action

Amazon SES

List unsubscribe

Anonymous email

mail.ses-example.com

unsubscribe.ses-example.com

1

2

3

Abuse filter

Lambda action Bounce action Stop actionS3 action

Your Future Rule Set

Amazon SES

????

• Share ideas and feature requests on the AWS forums

• forums.aws.amazon.com

• Follow announcements and email tips on the SES blog

• sesblog.amazon.com

Thank you!

Remember to complete

your evaluations!