Amazon SES Extension

Amazon SES is a powerful email delivery service which can be used to send a massive number of emails from the Amazon cloud. Amazon provides a second service, Amazon SNS, to receive notifications about failed deliveries.  The extension magically simplifies the configuration of those services.

Please note:
Amazon SDK requires at least PHP version 5.3.3 with curl, zlib ans ssl.
– New Amazon SES accounts are put in sandbox mode to prevent frauds, after the verification remember to unlock your account following the guide at this page.

Generating the Amazon Key and Secret

Once your Amazon account is active, you should generate the Key and the Secret which let the extension talk directly with Amazon. Enter Amazon “Your Security Credentials” page, then proceed pressing the “Create New Access Key”. See screenshot below for reference.


You’ll get the popup as shown in the picture below. Copy exactly the two values in the configuration panel and remember to select the correct Amazon region.


Verify your sending address

Before sending your emails with Amazon, the SES service requires a validation of the email address you want to use as sender address. Your sender address is configured in the main Newsletter configuration.

The extension does everything automatically, just press the “check” button: a check is made with SES service and eventually a verification button is displayed.

If needed, start the verification: an email is delivered by Amazon at the sender address (so a real mailbox must be associated with it) with a link to confirm. Just follow the instructions message.

To check if the address has been correctly verified you can use the “check status” button or enter the SES console in the right Amazon region to see if your sender address is listed as verified.

How to run a test

If everything is  configured correctly, you can run a test. A message is sent to all your test subscribers using the Amazon SES service (even if the extension is not enabled).

When the test is positive you can enable the extension so Newsletter will use it to send every email.

How to handle bounces

Amazon handles bounce notification in a rather complex way. This extension simplifies the configuration reducing it to a button: “Activate the bounce tracking”.

Once tracking is active, Amazon starts to notify the bounced addresses directly to this extension which in turn marks the notified address as bounced so it won’t be contacted anymore. You can the bounced addresses in your database checking their status.

The notification is asynchronous. It could take few seconds as well as days. Infact a formally correct address is invalid when the delivery of a message to that address fails. Amazon can try to deliver the message for few hours before determining the address is not valid. Or it needs to receive a DSN from the remote system to understand there is not an available mailbox or the mailbox is blocked (typically for exeeded quota).

Amazon usually sends back also an DSN (Delivery Status Notification) email message to the sender address. This could be quite annoying, so you can disable this Amazon feature directly in the Amazon SES console. See the screenshot below.


Hard and soft bounces

Amazon distinguishes between hard bounces (non recoverable delivery errors) and soft bounces (possibly recoverable errors, like full mailbox). If you prefer to mark as bounced even the addresses with recoverable errors, you can activate the processing of soft bounces.

Using IAM users

On Amazon AWS you can create different users with specific permissions. If you want to use a specific user with its access id and secret keys you must enable that user to the SES and SNS services otherwise the extension cannot work.

To create or edit an existing IAM users, go to the IAM users console ( – pay attention to select the correct region). Then enter the user details and add the required permissions. A new users starts with no permissions at all.

Note: Amazon SES extension can automatically setup the connection but it can only use the root IAM account. If you create different accounts with their key pair, you then need to manually add the permissions.