Amazon SES SMTP Configuration
Use these exact values when configuring any email client or application to send through Amazon SES servers.
| Parameter | Value |
|---|---|
| SMTP Host | email-smtp.us-east-1.amazonaws.com (varies by region) |
| SMTP Port | 587 (TLS) or 465 (SSL, deprecated but still functional) |
| Encryption | STARTTLS on port 587, SSL on port 465 |
| Username | SMTP credentials from your SES dashboard (AKIA...) |
| Password | SMTP secret key from your SES dashboard |
Important: SMTP credentials for Amazon SES are separate from AWS access keys. You must create SMTP credentials specifically for SES in the SES console or via the AWS CLI. Regular AWS credentials will not work for SES SMTP.
Step-by-Step Setup
Follow these steps in order to configure SMTP access for Amazon SES.
1. Verify Your Sending Domain
In the AWS SES console, add and verify your sending domain. This requires adding DKIM, SPF, and MX DNS records to your domain. Until verified, you can only send to sandbox email addresses.
2. Create SMTP Credentials
Go to SES Console > SMTP Settings > Create My SMTP Credentials. These are separate from AWS access keys and are specific to SES. Copy the username (starts with AKIA) and password.
3. Request Production Access
New SES accounts are in sandbox mode by default. Request production access via AWS Support to remove daily sending limits. Until then, you can only send to verified email addresses.
4. Configure Your Application
Enter your regional SMTP host (e.g., email-smtp.us-east-1.amazonaws.com), port 587 with TLS, your SES SMTP username and password.
Common Errors and Solutions
Most Amazon SES SMTP issues fall into a handful of categories. Here's how to fix them quickly.
Sandbox Restrictions
New SES accounts can only send to verified email addresses in sandbox mode. To send to any address, request production access via AWS Support > Create Case > Service Limit Increase. Include your expected sending volume.
Wrong Credentials
SES SMTP credentials are separate from AWS access keys. Use the SMTP-specific credentials (AKIA...) created in the SES console, not your standard AWS access key ID and secret.
Connection Timeout
Port 587 may be blocked by your network. Try port 465 with SSL. Also verify you're using the correct SMTP endpoint for your AWS region. Endpoints are region-specific.
Email Address Not Verified
In sandbox mode, both sender and recipient must be verified. In production mode, only the sender domain needs verification. Verify email addresses in SES Console > Verified Email Addresses.
Best Practices for Amazon SES SMTP
Keep your account secure and your messages deliverable with these recommended approaches.
Configure Proper Authentication
Enable SPF and DKIM signing for your domain in SES. Configure custom MAIL FROM domain to improve deliverability and prevent your messages from being flagged as forged.
Use AWS IAM for Credentials
Store SES SMTP credentials securely using AWS Secrets Manager or Parameter Store. Don't hardcode credentials in applications. Rotate credentials regularly for security.
Monitor Bounce and Complaint Rates
Set up SNS notifications for bounces and complaints. High bounce rates can get your SES account suspended. Use the SES dashboard to monitor your sender statistics.
Use the Correct Region Endpoint
SES endpoints are region-specific. If your SES resources are in us-east-1, your SMTP host must be email-smtp.us-east-1.amazonaws.com. Using the wrong region is a common configuration error.
When Amazon SES SMTP Needs an Alternative
Amazon SES provides powerful infrastructure at low cost, but it requires significant configuration and AWS expertise to use effectively. SES gives you raw infrastructure, not a complete email platform. If you need ready-made features like automatic bounce handling, webhook analytics, and intelligent routing without managing AWS infrastructure yourself, a dedicated email API platform is more practical.
For teams already invested in AWS, SES is a solid choice. For teams wanting managed email infrastructure with better support and features, an SMTP relay service may be more cost-effective when you factor in operational overhead. Learn more about email deliverability and how proper authentication affects inbox placement.
Frequently Asked Questions
What are Amazon SES SMTP sending limits?
In production, SES can send up to 14 emails per second by default (can be increased). There is no hard daily limit, but SES will throttle you if your bounce rate is too high or you violate policies. Sandbox mode limits you to 200 emails per day.
How do I move out of SES sandbox mode?
Request production access via AWS Support > Create Case > Service Limit Increase. Select "SES Production Access" and provide your expected sending volume and use case. Approval typically takes 1-2 business days.
Can I use SES SMTP with custom domains?
Yes. Verify your custom domain in SES to send from any address within that domain. You can add multiple domains and configure custom MAIL FROM subdomains for better deliverability.
My SES SMTP is being rejected. What should I do?
Verify you're using SMTP credentials (AKIA...), not AWS access keys. Confirm your domain is verified in SES. If in sandbox mode, verify both sender and recipient addresses. Check you're using the correct regional endpoint.
Is Amazon SES suitable for transactional emails?
Yes, SES is well-suited for high-volume transactional email sending. It offers raw infrastructure at very low cost (~$0.10 per 1,000 emails). However, it requires more setup and AWS expertise than managed alternatives.
Ready to move to reliable email infrastructure?
Start free with no card, or talk to sales for high-volume and enterprise.
Start SendingTalk to Sales