stackoom
  简体   繁体   中英

AWS Elastic Beanstalk SPF Record & Amazon SES

 原文  2014-04-30 10:59:49       email/ amazon-web-services/ elastic-beanstalk/ amazon-ses

Question

Basically what we've got is an application running on the AWS Elastic Beanstalk platform. Given this, the application itself is on multiple servers and to ensure mail delivery from the system, we need to add a sufficient SPF record for the Amazon servers to ensure they're approved to send email for the domain.

I suppose my question is two part then. Firstly, do all AWS Elastic Beanstalk setups use the Amazon Simple Email Service (Amazon SES) by default and then in that case we can just use include:amazonses.com in the SPF record? If not the case, how can we ensure mails sent by the site from the Amazon servers are approved - can we just use an include:domain.com sort of record, or do we need to add some sort of include for an Amazon URL that encompasses the elastic setup?

1 answers

solution1
 4  2014-05-16 19:04:24

Applications running on AWS Elastic Beanstalk are not using Amazon SES automatically, rather simply use the SMTP facility available for the underlying regular Amazon EC2 instances, and SMTP on Amazon EC is indeed throttled and has less reputation with other providers, see eg Email Changes .

Amazon SES is an application level outbound-only email-sending service , which you'll need to integrate yourself by one of two means:

The latter implies that you can configure your OS to also use Amazon SES as the outbound SMTP destination in an EC2 instance directly, however, while Customizing and Configuring AWS Elastic Beanstalk Environments is possible, even down to Using Custom AMIs , usually it is much easier to target the SES SMTP endpoint from within your application instead.

However, if you really do not want to dive into SES and rather just use what's available via EC2, Sending Email from EC2 Instances provides a detailed list of actions you should take in order to host/send you email from EC2 , including 4. Set up SPF (Sender Policy Framework) DNS Records :

[...] Create the following SPF record (which is a DNS TXT entry) to state that only hosts with an MX record for your domain (ie hosts which receive mail for your domain) are allowed to send email on behalf of it: - 

 @ IN TXT "v=spf1 mx -all"

You can also optionally allow other specific hosts, such as Googlemail may also send email on behalf of your domain: 

 @ IN TXT "v=spf1 mx a:mail.google.com -all"

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Multiple SPF record for gmail and amazon SES What is the correct SPF record for using both Amazon SES and Google Apps Amazon SES SPF Setup - when using -all how do you setup a record for your servers IP How to know if the SPF config is working (Amazon SES/Route53)? Elastic Email SPF configuration on AWS Route 53 How to maximize deliverability through Amazon SES? DKIM, SPF, Sender Id or all of them? AWS Elastic Beanstalk - MAIL (Sending and receiving emails ) Email issues with Wordpress running on AWS Elastic Beanstalk Sending emails to AWS SES from EC2 with no elastic ip Amazon AWS: Sending email via SES beyond painfully slow
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM