How can we deal with Amazon SES? RSS Back to forum
@Bryon:
Hello Bryon,
The MXs of Amazon SES regularly end up on public DNS Blacklists due to the above-mentioned spam issue, so I really cannot fathom why would anyone rely on this service for business communications. That being said...
If you have all of the recommended DNSBLs enabled (see: https://vamsoft.com/support/docs/knowledge-base/recommended-dnsbls-surbls-agents) and a lot of this "ses-spam" is still getting trough, then I think the best solution would be the following:
1) Add the IP ranges of the outbound SMTP's of amazonses.com to the IP Blacklist of ORF (Blacklists > IP Blacklist): 199.255.192.0/22; 199.127.232.0/22; 54.240.0.0/18
2) Whitelist the emails of legitimate senders that still use Amazon SES by adding the following regex pattern to the Keyword Blacklist of ORF with an “Email header (raw MIME)” search scope (Filter Properties tab):
To whitelist emails from a specific email address:
.*^From:[^\r\n]*\b[^\r\n]EXAMPLE@DOMAIN\.TLD\b[^\r\n]*\s$
To whitelist any email from a specific domain:
.*^From:[^\r\n]*\b[^\r\n]*@DOMAIN\.TLD\b[^\r\n]*\s$
The regex above will match for the specified address in the 'From:' field of the message header. Make sure to replace the placeholder (UPPERCASE) text with the actual address you wish to whitelist, though.
3) Enable the 'SPF Test' in the Whitelist Test Exceptions dialog (Tests > Whitelist Test Exceptions | Configure) to mitigate the risk of spoofed emails getting through due to the new whitelist policy. NOTE: Tests that are enabled in the Whitelist Test Exception dialog are performed *before* any of the whitelist tests. Legitimate senders that fail the SPF test due to faulty SPF records should be added to the SPF exceptions lists (Blacklists > SPF Test > Settings > Exceptions tab).
I hope the above proves helpful to you, but let me know if you need further assistance.
amazonses.com should be blocked, their practice is horrendous, they let indian spammers fill our inboxes every hour with tons and tons of unethical spam. Their spam does not have a working unsubscribe link, it's literally all BS. As a hosting provider, we decided today to COMPLETELY block all emails from amazonses.com. If a customer wants to receive spam from amazonses.com they can use GMAIL from now on. Problem solved.
I keep trying to block ALL *@amazonses.com - and it doesn't work.
I'm using Yahoo.com, and that usually works to block other similar type spamming, but not for them.
Does anyone have a method to block everything from amazonses.com?
@Cam:
Hello Cam,
If you want to block emails from Amazon SES servers, I recommend blacklisting the IP ranges of the outbound mail servers of amazonses.com:
> nslookup -type=txt amazonses.com
"v=spf1 ip4:199.255.192.0/22 ip4:199.127.232.0/22 ip4:54.240.0.0/18 ip4:69.169.224.0/20 ip4:23.249.208.0/20 ip4:23.251.224.0/19 ip4:76.223.176.0/20 ip4:54.240.64.0/19 ip4:54.240.96.0/19 ip4:52.82.172.0/22 -all"
You can copy-paste the list below into a TXT file and import it into ORF (ORF Administration Tool > Import> Sender Blacklist > Inclusion list...):
199.255.192.0/22
199.127.232.0/22
54.240.0.0/18
69.169.224.0/20
23.249.208.0/20
23.251.224.0/19
76.223.176.0/20
54.240.64.0/19
54.240.96.0/19
52.82.172.0/22
Hello
We get hundreds of emails from *@amazonses.com per day. Half are legit and half are spam. Obviously amazon hosted email solutions doesn't care about hosting spammers
My problem is, i dont know how to filter the good from the bad... block all and some people are badly affected... allow all and others complain about getting spam.
the message Id closely resembles the smtp-envelope address (orf log "sender" field), and ip addresses are shared and random, all 5.240.x.x/16.
a block of junk trying to sell discounted security cameras looks like:
(every id is slightly different)
HOWEVER... a block of legit emails look like:
it would be easy if amazon would stick their spammers on one subnet and keep their legit customers on another subnet, but they dont
any advice?