How can we deal with Amazon SES? - ORF Forums

How can we deal with Amazon SES? RSS Back to forum



We get hundreds of emails from * per day. Half are legit and half are spam. Obviously amazon hosted email solutions doesn't care about hosting spammers

My problem is, i dont know how to filter the good from the bad... block all and some people are badly affected... allow all and others complain about getting spam.

the message Id closely resembles the smtp-envelope address (orf log "sender" field), and ip addresses are shared and random, all 5.240.x.x/16.

a block of junk trying to sell discounted security cameras looks like:

(every id is slightly different)

HOWEVER... a block of legit emails look like:

it would be easy if amazon would stick their spammers on one subnet and keep their legit customers on another subnet, but they dont

any advice?

by Bryon 2 years ago

@Bryon: Hello Bryon,

The MXs of Amazon SES regularly end up on public DNS Blacklists due to the above-mentioned spam issue, so I really cannot fathom why would anyone rely on this service for business communications. That being said...

If you have all of the recommended DNSBLs enabled (see: and a lot of this "ses-spam" is still getting trough, then I think the best solution would be the following:

1) Add the IP ranges of the outbound SMTP's of to the IP Blacklist of ORF (Blacklists > IP Blacklist):;;

2) Whitelist the emails of legitimate senders that still use Amazon SES by adding the following regex pattern to the Keyword Blacklist of ORF with an “Email header (raw MIME)” search scope (Filter Properties tab):

To whitelist emails from a specific email address:
.*^From:[^\r\n]*\b[^\r\n][email protected]\.TLD\b[^\r\n]*\s$

To whitelist any email from a specific domain:

The regex above will match for the specified address in the 'From:' field of the message header. Make sure to replace the placeholder (UPPERCASE) text with the actual address you wish to whitelist, though.

3) Enable the 'SPF Test' in the Whitelist Test Exceptions dialog (Tests > Whitelist Test Exceptions | Configure) to mitigate the risk of spoofed emails getting through due to the new whitelist policy. NOTE: Tests that are enabled in the Whitelist Test Exception dialog are performed *before* any of the whitelist tests. Legitimate senders that fail the SPF test due to faulty SPF records should be added to the SPF exceptions lists (Blacklists > SPF Test > Settings > Exceptions tab).

I hope the above proves helpful to you, but let me know if you need further assistance.

by Daniel Novak (Vamsoft) 2 years ago
(in reply to this post)


@Daniel Novak (Vamsoft): Thank you for this, it's exactly what i was hoping for

by Bryon 2 years ago
(in reply to this post)


I am glad I was able to help.

by Daniel Novak (Vamsoft) 2 years ago

New comment

Fill in the form below to add a new comment. All fields are required. If you are a registered user on our site, please sign in first.

It will not be published.
hnp1 | hnp2