How to Use Amazon Simple Email Service: Complete Guide
By Braincuber Team
Published on April 11, 2026
Managing email delivery on a traditional server can be frustrating and unreliable. When your Postfix or Sendmail configuration breaks, emails get stuck in queues, and connection timeouts prevent messages from reaching their destination. This complete tutorial shows you how to replace your server-based email system with Amazon Simple Email Service (SES) - a cloud-based solution that handles incoming and outgoing email without server maintenance headaches.
What You'll Learn:
- How to identify when to replace your email server with SES
- Step by step guide to creating an S3 bucket for incoming emails
- Beginner guide to configuring SNS topics for email notifications
- How to verify your domain and email addresses in SES
- Complete tutorial on adding MX records to Route 53
- How to configure DKIM for email authentication
- Best practices for managing SES email storage and access
Why Replace Your Email Server with Amazon SES?
Traditional email servers running Postfix, Sendmail, or other MTA (Mail Transfer Agent) software require constant maintenance. You need to manage server updates, monitor mail queues, handle deliverability issues, and deal with spam blacklistings. Even when everything works, port 25 restrictions from ISPs can block outgoing connections, causing delivery failures like the one shown here:
status=deferred (delivery temporarily suspended:
connect to alt2.gmail-smtp-in.l.google.com[219.8.202.27]:25:
Connection timed out)
Amazon SES eliminates these problems by providing a managed email service in the AWS cloud. With SES, you get reliable email delivery, automatic scaling, and reduced administrative overhead. The service handles incoming mail storage, sending, and authentication without requiring you to maintain any server infrastructure.
No Server Maintenance
Eliminate server updates, security patches, and hardware maintenance for your email infrastructure.
Reliable Delivery
AWS infrastructure ensures your emails reach destination servers without port 25 restrictions.
Built-in Authentication
DKIM and SPF support helps ensure your emails pass spam filters and verify your domain identity.
Cost Effective
Pay only for what you use with competitive pricing for both incoming and outgoing emails.
Amazon SES Architecture Overview
Before diving into configuration, understand the key components that make up an SES email solution. A complete SES setup typically involves:
| Component | Purpose | AWS Service |
|---|---|---|
| Email Storage | Store incoming emails for later retrieval | S3 Bucket |
| Notifications | Alert you when new emails arrive | SNS Topic |
| Email Handling | Receive and process incoming mail | SES |
| DNS Records | Route emails to SES servers | Route 53 |
| Authentication | Verify outgoing email sender identity | DKIM/SPF |
Step by Step Guide: Setting Up Amazon SES
Create an S3 Bucket for Incoming Emails
Beginner guide to creating storage for emails that are forwarded to your SES domain. Navigate to the AWS S3 console and create a new bucket with a descriptive name like my-domain-email. This bucket will store raw email files in MIME format.
Create an SNS Topic for Notifications
Step by step guide to creating a Simple Notification Service topic that alerts you whenever new email arrives. In the SNS console, create a new topic and optionally subscribe your email address to receive notifications directly in your inbox.
Configure SES for Your Email Domain
Complete tutorial on adding your domain to Amazon SES. Go to the SES console and add your domain. AWS will provide you with MX and TXT records that you need to add to your DNS settings.
Adding MX Record to Route 53
If your domain is managed in Amazon Route 53, adding the MX record is straightforward. The MX record tells other mail servers to deliver messages for your domain to AWS SES instead of your local server.
Record Name: yourdomain.com
Record Type: MX
Value: 10 inbound-smtp.us-east-1.amazonaws.com
TTL: 300
Important: Region-Specific Endpoint
The MX record value depends on your AWS region. Replace us-east-1 with your actual SES region. Check the AWS SES documentation for endpoints in other regions like us-west-2 or eu-west-1.
Verifying Email Addresses
After adding your domain, you need to verify individual email addresses you want to receive mail on. SES will send a verification email to each address, and you must click the link to confirm ownership.
Verify Email Addresses in SES
Step by step guide to verifying individual email addresses. In the SES console, go to Email Addresses and click "Verify a New Email Address." Enter the email address you want to use, then check for the verification email and click the confirmation link.
Configuring DKIM for Email Authentication
If you plan to send emails through SES, configuring DKIM (DomainKeys Identified Mail) is essential. DKIM adds a cryptographic signature to your outgoing emails that verifies your domain identity and helps messages pass spam filters.
Enable DKIM in SES
Beginner guide to enabling DKIM authentication. In the SES console, navigate to your domain settings and enable DKIM. AWS will generate three CNAME records that you must add to your DNS configuration. These records typically follow this pattern:
CNAME: selector1._domainkey.yourdomain.com
Value: selector1-domainkey.xxx.dkimfromamazon.com
CNAME: selector2._domainkey.yourdomain.com
Value: selector2-domainkey.xxx.dkimfromamazon.com
CNAME: selector3._domainkey.yourdomain.com
Value: selector3-domainkey.xxx.dkimfromamazon.com
Checking MX Records with dig
After adding your DNS records, verify they are propagating correctly using the dig command. This step by step guide shows how to check your MX records from the command line.
dig MX yourdomain.com
; <<>> DiG 9.10.6 <<>> MX yourdomain.com
;; ANSWER SECTION:
yourdomain.com. 300 IN MX 10 inbound-smtp.us-east-1.amazonaws.com.
Managing Incoming Emails from S3
When emails arrive at your SES domain, they are saved as raw MIME files in your S3 bucket. The SNS notification provides a heads-up that new mail has arrived, but the actual message content must be retrieved from S3.
Viewing Emails in S3
For occasional email access, you can view messages directly through the AWS Management Console S3 browser. Navigate to your bucket, find the object corresponding to the email timestamp, and download the raw MIME file to read its contents.
Automation Tip
For high-volume email scenarios, manually accessing S3 is not practical. Consider using AWS CLI with a Bash script to automatically download and process emails from your S3 bucket on a scheduled basis.
Complete SES Configuration Checklist
| Task | Service | Status |
|---|---|---|
| Create S3 bucket for email storage | S3 | Required |
| Create SNS topic for notifications | SNS | Required |
| Add domain to SES | SES | Required |
| Add MX record to DNS | Route 53 | Required |
| Add TXT record for domain verification | Route 53 | Required |
| Verify email addresses | SES | Required |
| Enable DKIM | SES | Recommended |
| Add DKIM CNAME records | Route 53 | Recommended |
Frequently Asked Questions
What is the cost of Amazon SES?
SES pricing is based on volume. You pay per email sent or received (typically $0.10 per 1,000 emails) with additional charges for S3 storage. The SES sandbox mode offers free sending for testing.
How do I access emails stored in S3?
Emails are stored as raw MIME files. You can view them via AWS Console, download via AWS CLI, or automate retrieval with a script that runs on a schedule using cron or AWS Lambda.
Why should I enable DKIM for SES?
DKIM adds cryptographic signatures to outgoing emails, verifying your domain identity. This improves deliverability and helps your emails pass spam filters at recipient servers.
What is the difference between SES sandbox and production?
Sandbox mode restricts sending to verified email addresses only. Production access removes these limits, allowing you to send to any recipient. Request production access through AWS support.
Can I use SES with domains not managed in Route 53?
Yes, SES works with any DNS provider. Simply add the MX and TXT records provided by SES to your DNS provider's management console, whether it is GoDaddy, Namecheap, Cloudflare, or others.
Need Help with Amazon SES Setup?
Setting up Amazon SES for the first time involves multiple AWS services and DNS configuration. We help businesses migrate from traditional email servers to cloud-based solutions. From domain verification to DKIM configuration and automation scripts, our team can help you get started quickly.