The Spamhaus Project

blog

Amazon SES works with Spamhaus to protect its network and reputation

Maintaining a reputable network for reliable service without problems is EVERYTHING to email service provider, Amazon Simple Email Service (SES). Proactively managing millions of IPs and domains, SES is committed to delivering exceptional service and deliverability. Learn more about how SES works with Spamhaus to protect its network and reputation when at risk.

by The Spamhaus TeamJuly 05, 20245 minutes reading time

Jump to

Introduction

Amazon SES has a long-standing relationship with Spamhaus, working closely to prevent suspicious IPs and domains from impacting their network. With an established, repeatable, and scalable process, the anti-abuse and email deliverability teams for Amazon SES take the lead in supporting SES’ vast network. When Amazon SES detects a customer exhibiting poor sending practices, they ensure that the remediation process is swift and effective. Let’s take a closer look.

Implementing IP and domain reputation best practices

As far as managing IP and domain reputation is concerned, SES follows email industry best practices, ensuring a secure and reliable sender service. These include implementing authentication protocols, configuring reverse DNS (rDNS) properly, setting up bounce processing, and implementing outbound virus and spam filtering.

However, managing reputation requires more than establishing an optimized email-sending infrastructure. Amazon SES builds secure infrastructures with a four-pillar framework focused on:

  • Prevention
  • Monitoring
  • Analysis
  • Response

From day one, customers are educated on abuse prevention, with clear setup rules, service terms, and acceptable use policies.

SES tracks metrics, such as bounces, complaints, abuse reports, and mailbox provider status codes. They also monitor and analyze customer activity, a sender’s history, and reputation from external providers. This approach lets SES quickly act to maintain its positive sender reputation when metrics decline. Where Amazon SES really shines is in how it protects its customers when their email reputation is at risk, such as when an IP address is listed by services like Spamhaus.

Here's how Amazon SES responds

For over two decades, Spamhaus has produced datasets aligned with well-considered and consistent policies, developed together with the wider industry. Our intelligence is trusted by global organizations, so when Spamhaus detects an IP address exhibiting malicious behavior, and a listing is created, SES begins to take action. The listing triggers an on-call notification that is received by Amazon SES and action is taken within 15 minutes for public listings.

First, the Amazon SES team identifies the customer and immediately contacts them to understand the root cause. Once identified, SES provides guidance to help customers implement the necessary fixes to prevent recurrence.

If the customer fails to respond or has not corrected the issues, SES reviews the data and takes appropriate action, including contacting the customer or placing them under review. During the review period, the customer should make changes to their email sending practices to correct the issue. If SES does not believe the problem can be corrected, or if the issue is severe, they may pause the account's ability to send email until the sender's reputation and security of the network are no longer at risk of further degradation.

Once promptly resolved, Spamhaus receives a request to remove the IP from the list with assurance of remediation steps taken to mitigate future issues.

The anti-abuse and email deliverability team mobilizes quickly. Having an established process, they are prepared to remediate actions brought to their attention, ensuring a swift resolution of customer detections.

Let’s take a closer look at an example…

Network: Amazon SES
SBL Listing: Spam source (Informational only)
Notification sent: Apr 16th 12:53:58
AWS first engaged: Apr 16th 14:54:35
Listing removed: Apr 17th 21:20:42

The AWS team swiftly identified the affected customer the same day the listing arose. They provided personalized guidance on resolving the issue, a timeline for remediation, and recommendations for improving email practices. With the team's attentive support, the customer acknowledged and addressed the concerns within one day. This collaborative effort allowed for a quick resolution, enabling the customer to successfully resume email delivery.

Perhaps you’re thinking, “That’s only an informational listing?” While informational listings are only indicative and do not result in IPs being filtered, a 'hard' listing could have been made without further action. However, SES treats informational listings with the same urgency, indicating its proactive approach to protect the security of its network for users.

How does Amazon SES compare?

Compared to other email delivery platforms, Amazon SES stands out for its proactive approach in handling detections, even with its extensive footprint of IPs. At the time of publication Amazon SES has single digit listings, most of which are only a few days old. Meanwhile, another major US-based email delivery platform has over 200 listings, some of which are months old. This stark contrast demonstrates the effectiveness of SES’s approach in identifying risks and resolving abuse before it escalates to a bigger problem.

Taking steps to move from reactive to proactive

Spamhaus and Amazon SES work together with other AWS teams to keep the internet safe by creating a secure environment for customers. AWS' vigilance and ability to rapidly adapt controls demonstrated excellence in protecting its cloud ecosystem.

Amazon SES constantly monitors reputation data, beyond the binary DNSBLs, to identify risks and prevent incidents by implementing various internal processes on their network, machine learning, and monitoring sign-up patterns. Dustin Taylor, Software Development Manager of Anti-Abuse & Email Deliverability at Amazon Simple Email Service (SES), emphasizes the company's commitment to constant improvement and prevention of incidents:

“Email reputation is hard-earned yet easily lost. Maintaining a good reputation requires continuously enhancing processes alongside trusted partners to mitigate threats from bad actors. Vigilant collaboration and a forward-thinking approach are crucial.”

Putting IP and domain reputation into practice

Amazon SES sets a great example of proactive IP and domain reputation management, upholding industry standards, and raising the bar for ESPs and organizations at large. You can learn more about how they manage IP and domain reputation with their customers and the best practices they follow here.