The document discusses setting up a secure email engine using Amazon Simple Email Service (SES). It describes how Vmoksha Technologies uses Amazon SES to automatically send emails. Amazon SES provides a reliable, cost-effective and scalable email distribution service. Key steps include verifying email addresses and domains, setting up SPF and DKIM authentication, and generating SMTP credentials to authenticate emails sent through Amazon SES.

1. Vmoksha Technologies
Commit-Deliver –Excel
“ Setting up a Secure Email Engine using
Amazon SES ’’

2. Vmoksha Technologies Pvt. Ltd.
Cloud computing, also known as on-the-line computing, is a kind of Internet-based computing that provides shared processing
resources and data to computers and other devices on demand. It is a model for enabling ubiquitous, on-demand access to a
shared pool of configurable computing resources (e.g., networks, storage, applications, servers, and services), which can be
rapidly provisioned and released with minimal management effort.
Cloud computing and storage solutions provide enterprises and users with various capabilities to store and process their data in
third-party data centers. It relies on sharing of resources to achieve coherence and economy of scale, similar to a utility (like the
electricity grid) over a network.
Cloud Computing ???

3. Amazon SES
Vmoksha Technologies Pvt. Ltd.
Amazon Web Services (AWS), a subsidiary of Amazon.com, which offers a suite of cloud computing services that make up
an on-demand cloud computing platform. The scope of this blog is confined to one of the efficient and effective services
which are a part of AWS – Amazon SES.
Amazon SES is a pay-per-use email distribution engine that provides AWS users with an easy, authentic, cost-effective,
reliable and consistent infrastructure for sending and receiving bulk email correspondence using your domain and email
addresses.

4. Why Vmoksha opts for Amazon SES?
Vmoksha Technologies Pvt. Ltd.
Amazon SES works with Elastic Compute Cloud also known as “EC2,” Lambda, Elastic Beanstalk and various other services. It is
available in different regions such as US-East, US-West, and EU-Ireland, which allow consumers close to these regions to deploy
their applications to ensure high availability and low latency.
Unlike other SMTP players in the market, Amazon SES provides competitive pricing and deliverability.
Listed below are certain benefits of using Amazon SES:
 Trusted by Internet Service Providers (ISP) as an authentic source
 Cost-Effective & Competitive Pay-per-use pricing
 Reliability and Scalability
 Bulk Messaging Engine
 Automation using Amazon Lambda functions
 Ensure deliverability and Active monitoring to make sure that the illegal or questionable content is not
being distributed
 No Infrastructure challenges
 Provides mailbox simulator application as a testing environment
 Real-time notifications via Amazon SNS.

5. How Vmoksha make use of Amazon SES?
Vmoksha Technologies Pvt. Ltd.
The Amazon SES service along with Amazon Lambda service is configured for sending emails automatically. The mail sent
via SES is verified by ISP and mail service provider such as Google and finally delivered to the employee(s). To ensure the
smooth delivery of the mail, Vmoksha undergoes certain workarounds, which are described in the following sections.
The following diagram explains the scenario:

6. Setting up Amazon Simple Email Service (SES):
Vmoksha Technologies Pvt. Ltd.
First, set-up Amazon Web Services (AWS) account to use this service
After signing up to the AWS account, log-in into the management console and look for SES under services section or log-in with
the URL, http://aws.amazon.com/ses
Steps to verify Email Addresses and Domain:
Steps to Configure Amazon SES
Go to SES home page, navigate to Identity management menu and choose your option to verify either your email domain or
list of addresses.
For example;
Email addresses – sales@abc.com, finance@abc.com and so on…
Domain – abc.com
The verification is managed using the Amazon SES console or Amazon SES API.
Note: Email address and domain verification status for each AWS region is separate.
Although, Email Addresses verification is quite an easy step, completed by opening the verification URL sent by SES.

7. Vmoksha Technologies Pvt. Ltd.
Domain verification steps
Domain verification demands the following steps
 Go to Domains under Identity Management, select Verify a New Domain.
 Enter the domain name and select Generate DKIM settings and Click Verify This Domain.
 List of DNS record details will be displayed, which needs to be added in the DNS Zone Files of your domain. Eg.
Godaddy DNS management
 Download the csv file of DNS Records. This contains the details of Text (TXT), Canonical Name (CNAME), and
Mail Exchange (MX) records that need to be added or amended in DNS records.
 Domain verification can be done by just adding a text (TXT) record in your DNS Zone File. But, it is highly
recommended to perform DKIM verification.
 TXT Records looks similar to this,
_amazonses.abc.com TXT pmBGN/7MjnfhTKUZ06Enqq1PeGUaOkw8lGhcfwefcHU=
 On propagating TXT record in domain, the domain verification status changes to verified
 To ensure that the mail is from a trusted source, DKIM verification is required. DKIM verification can be done by
adding CNAME records in DNS Control Panel.
 Once DNS changes are reflected, the domain is fully verified.

8. Authentication Mechanisms
Vmoksha Technologies Pvt. Ltd.
Email Authentication via SPF or DKIM:
Amazon SES uses Simple Mail Transfer Protocol (SMTP) to send an email. Since SMTP does not provide authentication by
itself, spammers can send messages pretending to be from the actual sender or domain. Most of the ISPs evaluate the email
traffic to check if the emails are legitimate.
Authentication Mechanisms:
There are two authentication mechanisms used by ISPs commonly:
 Email Authentication with SPF (Sender Policy Framework)
 Email Authentication with DKIM (DomainKeys Identified Mail)

9. Email Authentication with SPF:
Vmoksha Technologies Pvt. Ltd.
Setting up SPF Records and Generating SMTP credentials:
A Sender Policy Framework (SPF) Record indicates to ISPs that you have authorized Amazon SES to send mail for your
domain. SPF Record looks similar to this,
SMTP Credentials can be generated from SES management console under Email Sending section. It prompts to create an
IAM user and provides SMTP username and password upon creation of that IAM user. Another alternative way is to create a
separate IAM user with access to SES service using access key and secret key as SMTP credentials.
Note:
If SPF Record already exists, then, you can append “include:amazonses.com” to the existing record. Also to work with Google
apps, you need to add “include:_spf.google.com ~all”
If SPF record does not exist in the DNS Zone File, text (TXT) record can be added with the value as “v=spf1
include:amazonses.com -all.”
abc.com SPF “v=spf1 include:amazonses.com -all”

10. Email Authentication with DKIM:
Vmoksha Technologies Pvt. Ltd.
Email Authentication with DKIM:
DKIM (DomainKeys Identified Mail) is a standard that allows senders to sign their email messages & ISPs and use those
signatures to verify whether that messages are legitimate and cannot be modified by a third party in transit. DKIM setup can
be done by adding CNAME records provided by Amazon SES in DNS Zone File.
Here are the samples of CNAME records for DKIM Verification,
mvkw7orpsecw2._domainkey.abc.com CNAME mvkw7orpsecw2.dkim.amazonses.com
jp5x3nni3zf4uo6._domainkey.abc.com CNAME jp5x3nni3zf4uo6.dkim.amazonses.com
7i3j33udxinbhjf6._domainkey.abc.com CNAME7i3j33udxinbhjf6.dkim.amazonses.com
Finally, now it’s time to leave all SMTP servers and move on to AWS Simple Email Service (SES). This way Amazon
Web Services reduces the effort of DevOps and takes IT Revolution to the next level.

11. Vmoksha Technologies Pvt. Ltd.
 SPF Record Checker – http://spf.myisp.ch/
 SPF Record Validation – http://www.kitterman.com/spf/validate.html
 Overview of SPF Record – http://www.openspf.org/
 Essential Network Tools – http://mxtoolbox.com/NetworkTools.aspx
 Network Tools – http://network-tools.com/
 Mail Tester – https://www.mail-tester.com/
 SPF and DKIM Check – https://www.mail-tester.com/spf-dkim-check
 SPF Record Tool – http://www.mailcleaner.net/tools/test_spf.html
Useful Links

12. Thank You….
Our Official Website - www.vmokshagroup.com
Facebook Page - https://www.facebook.com/Vmokshagroup
Google + Page - https://plus.google.com/+VmokshaTechnologies
Twitter Page - https://twitter.com/InfoVmoksha
Pinterest Page - https://in.pinterest.com/vmokshagroup/
LinkedIn Page - https://www.linkedin.com/company/vmoksha-technologies
Instagram Page- https://www.instagram.com/vmoksha.technologies/
Contact Us - 080 4137 6300
Address - 2799 & 2800, Srinidhi, Sector-1, 27th Main, HSR Layout, Bengaluru, Karnataka 560102.
Vmoksha Technologies Pvt. Ltd.