Amazon SES and mailing lists
Question asked by terry - 4/5/2023 at 8:21 AM
We have a SmarterMail server running on an EC2 instance. We have been using SES as an outbound gateway and verified our domains. This works well.

One problem, we have a client running mailing lists. They want the emails to show the posters email address. When we enable that option, SES sees it as a non-verified email and rejects the send. (Same problem on Alias accounts).

Any ideas on how to solve this? Is there a better outgoing option?

Thanks in Advance;

3 Replies

Reply to Thread
Douglas Foster Replied
My guess is that Amazon is only looking at the SMTP MailFrom address, and you can solve the problem by choosing the option to enable SRS on forwards.  
System Admin... 
Gear Icon... 
Antispam (from left menu)... 
Options (section of Antispam page)... 
Enable SRS when forwarding messages: [ON]

Of course, none of this would be an problem if all of the members were in his domain.   Most mailing lists of this type use an external Mailing List Manager program, not the Mailing List feature of SmarterMail.

Now comes the tricky part:   Lists have ongoing trust issues with the filtering software at receiving domains.
Ideally, your configuration should ensure that the list does not allow impersonation.   This is tricky because:
  • the posts are arriving over unauthenticated SMTP, 
  • enforcing SPF PASS is difficult because many organizations have incorrect or non-existent SPF policies, and
  • DMARC-enforcing domains are a tiny subset of all domains that may subscribe..   
Presumably, posts to the list should come from personal messages, not mass mailers, so the domain of the message From address should match the domain of the SMTP MailFrom address.  (SMTP MailFrom addresses may be encoded with BATV, SRS, or equivalent, so it will be easier to prove same-domain than to prove same-user. )

You can turn on SPF and DMARC enforcement, but these are system level settings.   For the events that add weights, different domains could have different weights, but nothing is going to be tailored to the mailing list specifically.

Will the mailing list (or your spam filtering) add content to the mailing list messages?   Doing so will break DKIM signatures which can cause messages to be blocked by some recipients' mail filters.   Of course, if the list causes messages to be blocked for any reason,  your server's reputation can be affected, which could have ripple effects for other clients.    Ideally, the outbound messages should have a dedicated outbound gateway so that your other clients will not suffer if this occurs. 

In short, I would do everything in my power to isolate the list traffic from everything else.

terry Replied
SRS was already enabled. I am starting to think that mailing lists are more hassle than they are worth.
We have been using Postmarkapp.com for all of our servers for many years now, very easy to setup and really quick support, highly recommended.

We also tested many other providers but most of the time we where running in to some problems after a while or their software turned out to be to complicated.

Michael Gralke Augusto

Gralke Augusto - Business Communications

Reply to Thread