How can we deal with Amazon SES? - ORF Forums

How can we deal with Amazon SES? RSS Back to forum



We get hundreds of emails from * per day. Half are legit and half are spam. Obviously amazon hosted email solutions doesn't care about hosting spammers

My problem is, i dont know how to filter the good from the bad... block all and some people are badly affected... allow all and others complain about getting spam.

the message Id closely resembles the smtp-envelope address (orf log "sender" field), and ip addresses are shared and random, all 5.240.x.x/16.

a block of junk trying to sell discounted security cameras looks like:

(every id is slightly different)

HOWEVER... a block of legit emails look like:

it would be easy if amazon would stick their spammers on one subnet and keep their legit customers on another subnet, but they dont

any advice?

by Bryon 3 years ago

@Bryon: Hello Bryon,

The MXs of Amazon SES regularly end up on public DNS Blacklists due to the above-mentioned spam issue, so I really cannot fathom why would anyone rely on this service for business communications. That being said...

If you have all of the recommended DNSBLs enabled (see: and a lot of this "ses-spam" is still getting trough, then I think the best solution would be the following:

1) Add the IP ranges of the outbound SMTP's of to the IP Blacklist of ORF (Blacklists > IP Blacklist):;;

2) Whitelist the emails of legitimate senders that still use Amazon SES by adding the following regex pattern to the Keyword Blacklist of ORF with an “Email header (raw MIME)” search scope (Filter Properties tab):

To whitelist emails from a specific email address:
.*^From:[^\r\n]*\b[^\r\n][email protected]\.TLD\b[^\r\n]*\s$

To whitelist any email from a specific domain:

The regex above will match for the specified address in the 'From:' field of the message header. Make sure to replace the placeholder (UPPERCASE) text with the actual address you wish to whitelist, though.

3) Enable the 'SPF Test' in the Whitelist Test Exceptions dialog (Tests > Whitelist Test Exceptions | Configure) to mitigate the risk of spoofed emails getting through due to the new whitelist policy. NOTE: Tests that are enabled in the Whitelist Test Exception dialog are performed *before* any of the whitelist tests. Legitimate senders that fail the SPF test due to faulty SPF records should be added to the SPF exceptions lists (Blacklists > SPF Test > Settings > Exceptions tab).

I hope the above proves helpful to you, but let me know if you need further assistance.

by Daniel Novak (Vamsoft) 3 years ago
(in reply to this post)


@Daniel Novak (Vamsoft): Thank you for this, it's exactly what i was hoping for

by Bryon 3 years ago
(in reply to this post)


I am glad I was able to help.

by Daniel Novak (Vamsoft) 3 years ago
5 should be blocked, their practice is horrendous, they let indian spammers fill our inboxes every hour with tons and tons of unethical spam. Their spam does not have a working unsubscribe link, it's literally all BS. As a hosting provider, we decided today to COMPLETELY block all emails from If a customer wants to receive spam from they can use GMAIL from now on. Problem solved.

by should be blocked 6 months ago

I keep trying to block ALL * - and it doesn't work.

I'm using, and that usually works to block other similar type spamming, but not for them.

Does anyone have a method to block everything from

by Cam 1 month ago

@Cam: Hello Cam,

If you want to block emails from Amazon SES servers, I recommend blacklisting the IP ranges of the outbound mail servers of

> nslookup -type=txt

"v=spf1 ip4: ip4: ip4: ip4: ip4: ip4: ip4: ip4: ip4: ip4: -all"

You can copy-paste the list below into a TXT file and import it into ORF (ORF Administration Tool > Import> Sender Blacklist > Inclusion list...):

by Daniel Novak (Vamsoft) 1 month ago
(in reply to this post)


@Daniel Novak (Vamsoft): Thank you.

by Cam 1 month ago
(in reply to this post)


@Cam: Anytime.

by Daniel Novak (Vamsoft) 1 month ago
(in reply to this post)

New comment

Fill in the form below to add a new comment. All fields are required. If you are a registered user on our site, please sign in first.

It will not be published.
hnp1 | hnp2