# Monitoring your Amazon SES sender reputation
Amazon SES actively tracks several metrics that may cause your reputation as a sender to be damaged, or that could cause your email delivery rates to decline. Two important metrics that we consider in this process are the bounce and complaint rates for your account. If the bounce or complaint rates for your account are too high, we might place your account under review or pause your account's ability to send email.
Because your bounce and complaint rate are so important to the health of your account, Amazon SES includes a reputation metrics page in the Amazon SES console that you can use to track these metrics. Reputation metrics can also display information about factors unrelated to bounces or complaints that could damage your sender reputation. For example, if you send email to a known [spamtrap](https://en.wikipedia.org/wiki/Spamtrap), you will see a message on this dashboard.
This section contains information about accessing reputation metrics, interpreting the information it contains, and setting up systems to actively notify you of factors that could impact your sender reputation.
**Topics**
+ [Using reputation metrics to track bounce and complaint rates](reputation-dashboard-dg.md)
+ [Reputation metrics messages](reputationdashboardmessages.md)
+ [Creating reputation monitoring alarms using CloudWatch](reputationdashboard-cloudwatch-alarm.md)
+ [SNDS metrics for dedicated IPs](snds-metrics-dedicated-ips.md)
+ [Automatically pausing email sending](monitoring-sender-reputation-pausing.md)
# Using reputation metrics to track bounce and complaint rates
The reputation metrics console page contains the same information that the Amazon SES team sees when determining the health of individual accounts.
**To view reputation metrics**
1. Sign in to the AWS Management Console and open the Amazon SES console at [https://console.aws.amazon.com/ses/](https://console.aws.amazon.com/ses/).
1. In the navigation pane on the left side of the screen, choose **Reputation metrics**.
The dashboard displays the following information:
+ **Account status** – A summary of the combined health of your bounce and complaint rates. Possible values include:
+ **Healthy** – There are no issues currently impacting your account.
+ **Under review** – Your account is under review. If the issues that caused us to place your account under review aren't resolved by the end of the review period, we might pause your account's ability to send email.
+ **Pending end of review decision** – Your account is under review. Because of the nature of the issues that caused us to place your account under review, we need to perform a manual review of your account before we take any further action.
+ **Sending paused** – We've paused your account's ability to send email. While your account's ability to send email is paused, you won't be able to send email using Amazon SES. You can request that we review this decision. To learn more about requesting a review, see [Amazon SES Sending review process FAQs](faqs-enforcement.md).
+ **Pending sending pause** – Your account is under review. The issues that caused us to place your account under review haven't been resolved. In this situation, we typically pause your account's ability to send email. However, because of the nature of your account, we need to review your account before any further action is taken.
+ **Bounce Rate** – The percentage of emails sent from your account that resulted in a hard bounce. See [how your bounce rate's calculated](reputationdashboardmessages.md#calculate-bounce).
+ **Complaint Rate** – The percentage of emails sent from your account that resulted in recipients reporting them as spam. See [how your complaint rate's calculated](reputationdashboardmessages.md#calculate-complaint)
**Note**
The **Bounce Rate** and **Complaint Rate** sections also include status messages for their respective metrics. The following is a list of status messages that may be displayed for these metrics:
**Healthy** – The metric is within normal levels.
**Almost healed** – The metric caused your account to be placed under review. Since the review period began, the metric has stayed below the maximum rate. If the metric remains below the maximum rate, the status of this metric changes to **Healthy** before the review period ends.
**Under review** – The metric caused your account to be placed under review, and is still above the maximum rate. If the issue that caused the metric to exceed the maximum rate is not resolved by the end of the review period, we might pause your account's ability to send email.
**Sending pause** – The metric caused us to pause your account's ability to send email. While your account's ability to send email is paused, you can't send email using Amazon SES. You can request that we review this decision. To learn more about submitting a request for review, see [Amazon SES Sending review process FAQs](faqs-enforcement.md).
**Pending sending pause** – The metric caused us to place your account under review. The issues that caused this review period haven't been resolved. These issues might cause us to pause your account's ability to send email. A member of the Amazon SES team has to review your account before we take any further action.
+ *Other Notifications* – If your account is experiencing reputation-related issues that are not related to bounces or complaints, a brief message will be shown here. For more information about the notifications that can be shown in this area, see [Reputation metrics messages](reputationdashboardmessages.md).
# Reputation metrics messages
The Amazon SES Reputation metrics console page provides important metrics related to your account. The following sections describe the messages that might be displayed in this dashboard, and provide tips and information that you might be able to use to resolve issues related to your sender reputation.
This section contains information about the following types of notifications:
+ [Status Messages](#reputationdashboard-account-status)
+ [Bounce Rate Notification](#reputationdashboard-bounce)
+ [Complaint Rate Notification](#reputationdashboard-complaint)
+ [Anti-Spam Organization Notification](#reputationdashboard-antispamorg)
+ [Listbombing Notification](#reputationdashboard-listbombing)
+ [Direct Feedback Notification](#reputationdashboard-directfeedback)
+ [Domain Blocklist Notification](#reputationdashboard-domainblocklist)
+ [Internal Review Notification](#reputationdashboard-internalreview)
+ [Mailbox Provider Notification](#reputationdashboard-mailboxprovider)
+ [Recipient Feedback Notification](#reputationdashboard-recipientfeedback)
+ [Related Account Notification](#reputationdashboard-relatedaccount)
+ [Spamtrap Notification](#reputationdashboard-spamtrap)
+ [Vulnerable Site Notification](#reputationdashboard-vulnerablesite)
+ [Compromised Credentials Notification](#reputationdashboard-compromised)
+ [Other Notification](#reputationdashboard-other)
## Status Messages
When you use the reputation metrics console page, you see a message describing the status of your Amazon SES account. The following is a list of possible account status values:
+ **Healthy** – There are no issues currently impacting your account.
+ **Under review** – Your account is under review. If the issues that caused us to place your account under review aren't resolved by the end of the review period, we might pause your account's ability to send email.
+ **Pending end of review decision** – Your account is under review. Because of the nature of the issues that caused us to place your account under review, we need to perform a manual review of your account before we take any further action.
+ **Sending paused** – We've paused your account's ability to send email. While your account's ability to send email is paused, you won't be able to send email using Amazon SES. You can request that we review this decision. To learn more about requesting a review, see [Amazon SES Sending review process FAQs](faqs-enforcement.md).
+ **Pending sending pause** – Your account is under review. The issues that caused us to place your account under review haven't been resolved. In this situation, we typically pause your account's ability to send email. However, because of the nature of your account, we need to review your account before any further action is taken.
Additionally, the **Bounce Rate** and **Complaint Rate** sections of the reputation metrics page display status summaries for their respective metrics. The following is a list of possible metric status values:
+ **Healthy** – The metric is within normal levels.
+ **Almost healed** – The metric caused your account to be placed under review. Since the review period began, the metric has stayed below the maximum rate. If the metric remains below the maximum rate, the status of this metric changes to **Healthy** before the review period ends.
+ **Under review** – The metric caused your account to be placed under review, and is still above the maximum rate. If the issue that caused the metric to exceed the maximum rate is not resolved by the end of the review period, we might pause your account's ability to send email.
+ **Sending pause** – The metric caused us to pause your account's ability to send email. While your account's ability to send email is paused, you can't send email using Amazon SES. You can request that we review this decision. To learn more about submitting a request for review, see [Amazon SES Sending review process FAQs](faqs-enforcement.md).
+ **Pending sending pause** – The metric caused us to place your account under review. The issues that caused this review period haven't been resolved. These issues might cause us to pause your account's ability to send email. A member of the Amazon SES team has to review your account before we take any further action.
## Bounce Rate Notification
This section contains additional information about bounce rate notifications shown in the Amazon SES reputation metrics page.
### Why you received this notification
You received this notification because the bounce rate for your account was too high. The bounce rate is based on the number of hard bounces generated by your Amazon SES account. Email providers interpret a high bounce rate as a sign that a sender isn't properly managing their recipient list, and that the sender might be sending unsolicited email.
A hard bounce occurs when an email is sent to an address that doesn't exist. Amazon SES doesn't consider soft bounces (which occur when a recipient's address is temporarily unable to receive messages) in this calculation. Bounced emails that you send to verified addresses and domains, as well as emails that you send to the [Amazon SES inbox simulator](send-an-email-from-console.md#send-email-simulator), also aren't considered in this calculation.
We calculate your bounce rate based on a *representative volume* of email. A representative volume is an amount of email that represents your typical sending practices. To be fair to both high- and low-volume senders, the representative volume is different for each account and changes as the account's sending patterns change.
For best results, maintain a bounce rate below 5%. Higher bounce rates can impact the delivery of your emails. If your bounce rate is 5% or greater, we automatically place your account under review. If your bounce rate is 10% or greater, we might pause your account's ability to send additional email until you resolve the issue that caused the high bounce rate.
### What you can do to resolve the issue
If you haven't done so already, put a process in place to capture and manage bounces and complaints. All Amazon SES accounts are required to have these processes in place. For more information, see [Email program success metrics](success-metrics.md).
Next, determine which email addresses are bouncing, and create and implement a plan for reducing or eliminating these bounces. If your account's ability to send email has already been paused, sign into the AWS Management Console and go to AWS Support. Reply to the case we opened on your behalf.
### If your account is under review
At the end of the review period, if the bounce rate for your account remains above 10%, we might pause your account's ability to send email until you resolve the issue.
If you have implemented changes that you believe will resolve the issue, sign into the AWS Console and go to Support Center. Reply to the case we opened on your behalf. In your response to the case, describe the changes you implemented. If we agree that the changes will reduce your bounce rate, we adjust our calculations to only consider bounces received after your changes were implemented.
### If your account's ability to send email is paused
You can request that we reconsider this decision. For more information, see [Amazon SES Sending review process FAQs](faqs-enforcement.md).
When you implement changes that you believe will resolve the issue, sign into the AWS Console and go to Support Center. Reply to the case we opened on your behalf. Include details of the actions you have taken to resolve this issue, as well as details of your plans to ensure that this issue doesn't occur again. After we receive your request, we review the information that you provided and change the status of your account if necessary.
## Complaint Rate Notification
This section contains additional information about complaint rate notifications shown in the Amazon SES reputation metrics page.
### Why you received this notification
You received this notification because the complaint rate for your account was too high. The complaint rate is based on the number of complaints generated by your Amazon SES account. Email providers interpret a high complaint rate as a sign that a sender isn't properly managing their recipient list, and that the sender might be sending unsolicited email.
A complaint occurs when a recipient identifies an email that you sent as spam. This usually occurs when the recipient uses the Report Spam button in their email client. Complaints that are generated by emails that you send to the [Amazon SES inbox simulator](send-an-email-from-console.md#send-email-simulator) aren't considered in this calculation.
We calculate your complaint rate based on a *representative volume* of email. A representative volume is an amount of email that represents your typical sending practices. To be fair to both high- and low-volume senders, the representative volume is different for each account and changes as the account's sending patterns change.
For best results, maintain a complaint rate below 0.1%. Higher complaint rates can impact the delivery of your emails. If your complaint rate is 0.1% or greater, we automatically place your account under review. If your complaint rate is 0.5% or greater, we might pause your account's ability to send additional email until you resolve the issue that caused the high complaint rate.
### What you can do to resolve the issue
If you haven't done so already, put a process in place to capture and manage bounces and complaints. All Amazon SES accounts are required to have these processes in place. For more information, see [Email program success metrics](success-metrics.md).
Next, determine which messages you are sending that result in complaints, and implement a plan for reducing these complaints. If your account's ability to send email has already been paused, sign into the AWS Console and go to Support Center. Reply to the case we opened on your behalf
While you should immediately stop sending to addresses that have complained, it is important that you identify the factors that are causing recipients to issue complaints. After you identify these factors, adjust your email sending behaviors to address them.
### If your account is under review
At the end of the review period, if the complaint rate for your account remains above 0.5%, we might pause your account's ability to send email until you resolve the issue.
If you have implemented changes that you believe will resolve the issue, sign into the AWS Console and go to Support Center. Reply to the case we opened on your behalf. In your response to the case, describe the changes you implemented. If we agree that the changes will reduce your complaint rate, we adjust our calculations to only consider the complaints that were received after you implemented the changes.
### If your account's ability to send email is paused
You can request that we reconsider this decision. For more information, see [Amazon SES Sending review process FAQs](faqs-enforcement.md).
When you have implemented changes that you believe will resolve the issue, sign into the AWS Console and go to Support Center. Reply to the case we opened on your behalf. Include details of the actions you have taken to resolve this issue, as well as details of your plans to ensure that this issue doesn't occur again. After we receive your request, we review the information that you provided and change the status of your account if necessary.
## Anti-Spam Organization Notification
This section contains additional information about anti-spam organization notifications shown in the Amazon SES reputation metrics page.
### Why you received this notification
A reputable anti-spam organization has reported that some of the content being sent from your Amazon SES account has been flagged as unsolicited or problematic by their systems.
We're unable to provide information about the specific messages that caused the anti-spam organization to flag your content as problematic. We can't provide the name of the organization that issued the report. Typically, anti-spam organizations consider a combination of the following factors: recipient feedback, message engagement metrics, attempted deliveries to invalid addresses, content that is flagged by their spam filters, and spamtrap hits. This isn't an exhaustive list; other factors might cause these organizations to flag your content.
### What you can do to resolve the issue
To resolve this issue, you need to determine what aspects of your email sending program might be causing the anti-spam organization to flag your email as problematic. You then need to change your sending program to address those issues.
### If your account is under review
At the end of the review period, if the anti-spam organization continues to identify the email sent from your account as problematic, we might pause your account's ability to send email until you resolve the issue.
If you have implemented changes that you believe will resolve the issue, sign into the AWS Console and go to Support Center. Reply to the case we opened on your behalf. In your message, provide details of the changes you made. When we receive this information, we will extend the review period to ensure that we're only analyzing the anti-spam organization notifications we have received after you implemented your changes. At the end of this extended review period, your account is no longer listed by the anti-spam organization, we will remove the review period for your account.
### If your account's ability to send email is paused
You can request that we reconsider this decision. For more information, see [Amazon SES Sending review process FAQs](faqs-enforcement.md).
When you have implemented changes that you believe will resolve the issue, sign into the AWS Console and go to Support Center. Reply to the case we opened on your behalf. Include details of the actions you have taken to resolve this issue, as well as details of your plans to ensure that this issue doesn't occur again. After we receive your request, we review the information that you provided and change the status of your account if necessary.
## Listbombing Notification
This section contains additional information about Listbombing notifications shown in the Amazon SES reputation metrics page.
### Why you received this notification
An anti-spam organization has identified that your email-sending processes are vulnerable to "listbombing." Listbombing is a form of abuse in which an attacker registers a very large number of email addresses on a web-based form. Listbombing can result in service disruptions for users of impacted email services. It can also result in your email being blocked by email providers.
Anti-spam organizations use proprietary methods to identify sites that are vulnerable to listbombing. For this reason, we can't provide additional details about the issue that led the anti-spam organization to identify your email-sending process as problematic. We also can't share the name of the organization that identified the issue.
### What you can do to resolve the issue
You should examine all of your web-based sign-up forms to ensure that they aren't vulnerable to this kind of abuse. Every form should include a CAPTCHA to prevent automated scripts from submitting subscription requests. Additionally, when new users sign up for your product or service, send them an email to confirm that they did, in fact, intend to sign up. Don't send any additional email to customers unless they explicitly opt in to your communications.
Finally, you should perform a "permission pass" on your email list. In a permission pass, you send an email to all of your customers asking them if they still want to receive email from you. Only send email to customers who verify that they want to continue to receive email from you.
### If your account is under review
At the end of the review period, if the anti-spam organization continues to identify the email sent from your account as problematic, we might pause your account's ability to send email until you resolve the issue.
If you have implemented changes that you believe will resolve the issue, sign into the AWS Console and go to Support Center. Reply to the case we opened on your behalf. In your message, provide details of the changes you made. When we receive this information, we will extend the review period to ensure that we're only analyzing the anti-spam organization notifications we have received after you implemented your changes. At the end of this extended review period, your account is no longer listed by the anti-spam organization, we will remove the review period for your account.
### If your account's ability to send email is paused
You can request that we reconsider this decision. For more information, see [Amazon SES Sending review process FAQs](faqs-enforcement.md).
When you have implemented changes that you believe will resolve the issue, sign into the AWS Console and go to Support Center. Reply to the case we opened on your behalf. Include details of the actions you have taken to resolve this issue, as well as details of your plans to ensure that this issue doesn't occur again. After we receive your request, we review the information that you provided and change the status of your account if necessary.
## Direct Feedback Notification
This section contains additional information about direct feedback notifications shown in the Amazon SES reputation metrics page.
### Why you received this notification
A significant number of users have contacted Amazon SES directly to report messages that they received from an address or domain associated with your Amazon SES account. This type of feedback isn't visible in the complaints reported by mailbox providers directly, and isn't included in the bounce and complaint metrics shown on the reputation metrics page.
To protect the privacy of the users who reported these issues, we can't provide their email addresses.
Recipients can complain to Amazon SES when they receive messages that they didn't sign up to receive, when they don't receive the type of mail they expected to receive, when they don't find the email they receive to be useful or interesting, when they don't recognize that the messages are something that they signed up for, or when they are receiving too many messages. This list isn't exhaustive; the factors that are relevant in your case depend on your specific email sending program.
### What you can do to resolve the issue
We recommend that you implement a double opt-in strategy, as described in [Building and maintaining your lists](tips-and-best-practices.md#building-and-maintaining-lists), for acquiring new addresses, and that you only send email to addresses that complete the double opt-in process.
Additionally, you should purge your lists of addresses that haven't interacted with your emails recently. You can use open and click tracking, as described in [Monitoring your Amazon SES sending activity](monitor-sending-activity.md), to determine which users are viewing and interacting with the content you send.
### If your account is under review
At the end of the review period, if Amazon SES continues to receive a significant number of direct complaints about messages sent from your account, we might pause your account's ability to send email until you resolve the issue.
If you have implemented changes that you believe will resolve the issue, sign into the AWS Console and go to Support Center. Reply to the case we opened on your behalf. Provide detailed information about the steps you've taken to resolve the issue, and describe how these steps prevent the issue from happening again in the future. If we agree that the changes you've made appropriately address the issue, we cancel the review period on your account.
### If your account's ability to send email is paused
You can request that we reconsider this decision. For more information, see [Amazon SES Sending review process FAQs](faqs-enforcement.md).
When you have implemented changes that you believe will resolve the issue, sign into the AWS Console and go to Support Center. Reply to the case we opened on your behalf. Include details of the actions you have taken to resolve this issue, as well as details of your plans to ensure that this issue doesn't occur again. After we receive your request, we review the information that you provided and change the status of your account if necessary.
## Domain Blocklist Notification
This section contains additional information about domain blocklist notifications shown in the Amazon SES reputation metrics page.
### Why you received this notification
Emails sent from your Amazon SES account contain references to domains that have been listed on a reputable Domain Blocklist. Domains on these lists are typically associated with abusive or malicious behavior. The domains in question might or might not be the domains from which you are sending email. Messages that include references or links to a domain on a blocklist, or that include images hosted on such a domain, might also be flagged.
We're unable to provide the names of the domains that are causing your messages to be flagged, or to identify which emails were flagged in this way.
### What you can do to resolve the issue
First, create a list of all of the domains referenced in the emails you send through Amazon SES. Next, use the [Spamhaus Domain Lookup tool](https://www.spamhaus.org/lookup/) to determine which domains in your email are on the domain blocklist. More than one domain referenced in the emails you send might be on this blocklist.
The Spamhaus Domain Blocklist isn't affiliated with Amazon SES or AWS. We make no guarantees about the accuracy of the domains on this list. The Spamhaus Domain Blocklist and Domain Lookup Tool are owned, operated, and maintained by the [Spamhaus Project](https://www.spamhaus.org/).
### If your account is under review
We look for references to domains that have been used for malicious purposes in the emails that you send during the review period. If your emails still contain a significant number of references to these domains, we might pause your account's ability to send email until you resolve the issue.
If you have implemented changes that you believe will resolve the issue, sign into the AWS Console and go to Support Center. Reply to the case we opened on your behalf. In your message, provide details of the changes you made. When we receive this information, we extend the review period to ensure that we're only analyzing the number of blocklisted domains present in your email after you put your changes in place. At the end of this extended review period, if the number of domain blocklist notifications has been reduced or eliminated, and we believe that you've taken steps to prevent this issue from occurring again in the future, we cancel the review period for your account.
### If your account's ability to send email is paused
You can request that we reconsider this decision. For more information, see [Amazon SES Sending review process FAQs](faqs-enforcement.md).
When you have implemented changes that you believe will resolve the issue, sign into the AWS Console and go to Support Center. Reply to the case we opened on your behalf. Include details of the actions you have taken to resolve this issue, as well as details of your plans to ensure that this issue doesn't occur again. After we receive your request, we review the information that you provided and change the status of your account if necessary.
## Internal Review Notification
This section contains additional information about internal review notifications shown in the Amazon SES reputation metrics page.
### Why you received this notification
A comprehensive review of your account identified several characteristics that may cause mailbox providers or recipients to identify your messages as spam.
To protect our abuse detection process, we can't reveal the specific factors that led to your account being flagged in this way.
Common factors that can lead to this determination include the following:
+ Messages being flagged by commercial anti-spam systems.
+ Message content that implies the recipient hasn't explicitly requested the email.
+ Mismatches between the message sender and the branding within the email body.
+ Content that doesn't make it obvious who the sender is.
+ Sending messages that deal with content that is associated with unsolicited email.
+ Formatting patterns associated with unsolicited email.
+ Sending from or making reference to domains with poor reputations.
This isn't a comprehensive list. The specific reason for this notification might be a combination of any of these factors, or the reason might be something not listed.
### What you can do to resolve the issue
The following suggestions might help reduce the severity of the issue:
+ Ensure that the only recipients you are contacting are those who have explicitly asked to receive email from you.
+ Never purchase, rent, or borrow lists of email recipients.
+ Don't attempt to hide your identity or the purpose of your communication in the messages you send.
+ Create a list of all of the domains referenced in the emails you send through Amazon SES, and then use the Spamhaus Domain Lookup tool at [https://www.spamhaus.org/lookup/](https://www.spamhaus.org/lookup/) to determine if any of those domains are on the Spamhaus Domain Blocklist.
+ Ensure that you are following industry best practices when designing your emails.
This list isn't exhaustive, but it should help you identify some of the most common factors that might lead to your email being flagged.
The Spamhaus Domain Blocklist isn't affiliated with Amazon SES or AWS. We make no guarantees about the accuracy of the domains on this list. The Spamhaus Domain Blocklist and Domain Lookup Tool are owned, operated, and maintained by the [Spamhaus Project](https://www.spamhaus.org/).
### If your account is under review, or if your account's ability to send email is paused
When you have implemented changes that you believe will resolve the issue, sign into the AWS Console and go to Support Center. Reply to the case we opened on your behalf. Provide detailed information about the steps you've taken to resolve the issue, and describe how these steps prevent the issue from happening again in the future. If we agree that the changes you've made appropriately address the issue, we cancel the review period or remove the sending pause from your account.
If we remove a review period or sending pause from your account, and we observe the same issue at a later time, we might place your account under review or pause your ability to send email again. In extreme cases, or if we observe repeated instances of the same issue, we might permanently suspend your account's ability to send email.
See [Amazon SES Sending review process FAQs](faqs-enforcement.md) for more information about what to do if your account is under review, or your account's ability to send email is paused.
## Mailbox Provider Notification
This section contains additional information about mailbox provider notifications shown in the Amazon SES reputation metrics page.
### Why you received this notification
A major mailbox provider has reported to us that unsolicited or malicious email is being sent from an address or domain associated with your Amazon SES account.
We can't share the identity of the organization that issued this report. Additionally, we don't have information about the specific factors that caused the mailbox provider to issue the report. Typically, mailbox providers make this kind of determination based on customer feedback, customer engagement metrics, attempted deliveries to invalid addresses, and content that is flagged by spam filters. This list isn't exhaustive; there might be other factors that caused the mailbox provider to flag your content.
### What you can do to resolve the issue
To resolve this issue, you need to determine which aspects of your email sending program might have caused mailbox providers to flag your mail as being problematic. You must then change your sending program to address those issues.
### If your account is under review
At the end of the review period, if the mailbox provider continues to identify the email sent from your account as being problematic, we might pause your account's ability to send email until you resolve the issue.
If you have implemented changes that you believe will resolve the issue, sign into the AWS Console and go to Support Center. Reply to the case we opened on your behalf. In your message, provide details of the changes you made. When we receive this information, we will extend the review period to ensure that we're only analyzing the number of mailbox provider notifications we receive after you implement your changes. At the end of this extended review period, if the mailbox provider no longer reports your account as being problematic, we might remove the review from your account.
### If your account's ability to send email is paused
You can request that we reconsider this decision. For more information, see [Amazon SES Sending review process FAQs](faqs-enforcement.md).
When you have implemented changes that you believe will resolve the issue, sign into the AWS Console and go to Support Center. Reply to the case we opened on your behalf. Include details of the actions you have taken to resolve this issue, as well as details of your plans to ensure that this issue doesn't occur again. After we receive your request, we review the information that you provided and change the status of your account if necessary.
## Recipient Feedback Notification
This section contains additional information about recipient feedback notifications shown in the Amazon SES reputation metrics page.
### Why you received this notification
A major mailbox provider has reported to us that large numbers of their users are reporting mail sent from your Amazon SES account as unsolicited. This type of feedback isn't visible in the complaints reported by mailbox providers directly, and isn't included in the Amazon SES bounce and complaint notifications.
A large number of complaints can have a negative impact on all Amazon SES users. To protect your reputation and that of other Amazon SES customers, we take immediate action when an account receives a certain number of complaints.
We are unable to provide a list of the specific email addresses that are reporting your email as unsolicited. Additionally, we're unable to share the name of the mailbox provider that has reported this issue to us.
### What you can do to resolve the issue
To resolve this issue, you need to determine which aspects of your email sending program might be causing your recipients to issue complaints against the email messages they receive from you. After you identify these factors, change your email sending practices to correct them.
To acquire new addresses, we recommend that you implement a double opt-in strategy, as described in [Building and maintaining your lists](tips-and-best-practices.md#building-and-maintaining-lists). We recommend that you only send email to addresses that have completed the double opt-in process.
Additionally, you should purge your lists of addresses that haven't interacted with your emails recently. You can use open and click tracking, as described in [Monitoring your Amazon SES sending activity](monitor-sending-activity.md), to determine which users are viewing and interacting with the content you send.
### If your account is under review
At the end of the review period, if the mailbox provider continues to report a significant number of complaints, we might pause your account's ability to send email until you resolve the issue.
If you have implemented changes that you believe will resolve the issue, sign into the AWS Console and go to Support Center. Reply to the case we opened on your behalf. In your message, provide details of the changes you made. When we receive this information, we extend the review period to ensure that we're only analyzing the number of mailbox provider complaints that we receive after you implement your changes. At the end of this extended review period, if the number of mailbox provider complaints has been reduced or eliminated, we might remove the review from your account.
### If your account's ability to send email is paused
You can request that we reconsider this decision. For more information, see [Amazon SES Sending review process FAQs](faqs-enforcement.md).
When you have implemented changes that you believe will resolve the issue, sign into the AWS Console and go to Support Center. Reply to the case we opened on your behalf. Include details of the actions you have taken to resolve this issue, as well as details of your plans to ensure that this issue doesn't occur again. After we receive your request, we review the information that you provided and change the status of your account if necessary.
## Related Account Notification
This section contains additional information about related account notifications shown in the Amazon SES reputation metrics page.
### Why you received this notification
We have detected serious problems related to emails sent from another Amazon SES account. We believe that the problematic account is related to your AWS account, so we have taken action to avoid similar problems.
### What you can do to resolve the issue
When we pause an account's ability to send email, we always send information about the reasons for the sending pause to the owner of that account. Refer to the email we sent to the owner of the related account for more information.
You should address the issues with the related account first. After you implement changes that you believe will resolve the issue, sign into the AWS Console and go to Support Center. Reply to the case we opened on your behalf. Provide detailed information about the steps you've taken to resolve the issue, and describe how these steps prevent the issue from happening again in the future. If we agree that the changes you've made appropriately address the issue, we cancel the review period or remove the sending pause from your account.
## Spamtrap Notification
This section contains additional information about spamtrap notifications shown in the Amazon SES reputation metrics page.
### Why you received this notification
A third-party anti-spam organization has reported to us that their spamtrap addresses recently received email from a verified address or domains associated with your Amazon SES account.
A spamtrap is a dormant email address that is used exclusively to lure unsolicited email (spam). A large number of spamtrap reports can have a negative impact on all Amazon SES users. To protect your reputation and that of other Amazon SES customers, we take immediate action when an account sends a particular volume of email to spamtrap addresses.
### What you can do to resolve the issue
We can't reveal the email addresses associated with the spamtrap you encountered. These addresses are closely guarded by the organizations that own them, and once the addresses are known, they become worthless.
Sending email to spamtrap addresses typically indicates that there is an issue with how you acquire your customers' email addresses. For example, purchased lists of email addresses can contain spamtrap addresses, which is why sending to purchased or rented lists is prohibited by the Amazon SES terms of service. To acquire new addresses, we recommend that you implement a double opt-in strategy, as described in [Building and maintaining your lists](tips-and-best-practices.md#building-and-maintaining-lists). We recommend that you only send email to addresses that have completed the double opt-in process.
Additionally, you should purge your lists of addresses that haven't interacted with your emails recently. You can use open and click tracking, as described in [Monitoring your Amazon SES sending activity](monitor-sending-activity.md), to determine which users are viewing and interacting with the content you send.
### If your account is under review
At the end of the review period, if messages are still being sent to spamtrap addresses from your account, we might pause your account's ability to send email until you resolve the issue.
If you have implemented changes that you believe will resolve the issue, sign into the AWS Console and go to Support Center. Reply to the case we opened on your behalf. In your message, provide details of the changes you made. When we receive this information, we extend the review period to ensure that we're only analyzing the number of spamtrap reports we receive after you implement your changes. At the end of this extended review period, if the number of spamtrap reports has been reduced or eliminated, we might remove the review from your account.
### If your account's ability to send email is paused
You can request that we reconsider this decision. For more information, see [Amazon SES Sending review process FAQs](faqs-enforcement.md).
When you have implemented changes that you believe will resolve the issue, sign into the AWS Console and go to Support Center. Reply to the case we opened on your behalf. Include details of the actions you have taken to resolve this issue, as well as details of your plans to ensure that this issue doesn't occur again. After we receive your request, we review the information that you provided and change the status of your account if necessary.
## Vulnerable Site Notification
This section contains additional information about vulnerable site notifications shown in the Amazon SES reputation metrics page.
### Why you received this notification
A comprehensive review has found that messages are being sent from your account that we don't believe you intended to send. These messages are highly likely to be flagged as spam by mailbox providers and recipients.
Most often in these situations, a third party is abusing a feature of your website to send unwanted email. For example, if your website contains an "email to a friend," "contact us," "invite a friend," or similar feature, a third party can use that feature to send unsolicited email.
### What you can do to resolve the issue
First, identify features of your website or applications that might allow third parties to send emails using Amazon SES without your knowledge. In your Support Center case, you can request a sample of the messages we believe were sent in this manner.
Next, modify your application or website to prevent unsolicited sending. For example, add a CAPTCHA, limit the rate at which emails can be sent, remove the ability of users to submit custom content, require users to log in to send email, and remove the ability for the application to generate multiple simultaneous notifications.
### If your account is under review, or if your account's ability to send email is paused
When you have implemented changes that you believe will resolve the issue, sign into the AWS Console and go to Support Center. Reply to the case we opened on your behalf. Include details of the actions you have taken to resolve this issue, as well as details of your plans to ensure that this issue doesn't occur again. After we receive your request, we review the information that you provided and change the status of your account if necessary.
If we remove a review period or sending pause from your account, and we observe the same issue later, we might place your account under review or pause your ability to send email again. If we observe extreme issues or repeated instances of the same issue, we might permanently suspend your account's ability to send email.
See [Amazon SES Sending review process FAQs](faqs-enforcement.md) for more information about what to do if your account is under review, or your account's ability to send email is paused.
## Compromised Credentials Notification
This section contains additional information about compromised credentials site notifications shown in the Amazon SES reputation metrics page.
### Why you received this notification
A comprehensive review has found that messages are being sent from your account that we don't believe you intended to send. These messages are highly likely to be flagged as spam by mailbox providers and recipients.
Some common causes are compromised IAM access keys, compromised SMTP passwords, or other security vulnerabilities.
### What you can do to resolve the issue
You should perform a comprehensive security review of your SES utilization mechanisms. Ensure that you have rotated any applicable or SMTP passwords and that you have removed any unauthorized users or resources from your account. Ensure that you are not storing sensitive information such as passwords or access keys on third party web sites or repositories. It is now recommended that you don't use IAM access keys for users, and never for the root user. If you are still using them, you should migrate them over to mechanisms that provide temporary credentials such as creating an user in AWS IAM Identity Center.
### If your account is under review, or if your account's ability to send email is paused
When you have implemented changes that you believe will resolve the issue, sign into the AWS Console and go to Support Center. Reply to the case we opened on your behalf. Include details of the actions you have taken to resolve this issue, as well as details of your plans to ensure that this issue doesn't occur again. After we receive your request, we review the information that you provided and change the status of your account if necessary.
If we remove a review period or sending pause from your account, and we observe the same issue later, we might place your account under review or pause your ability to send email again. If we observe extreme issues or repeated instances of the same issue, we might permanently suspend your account's ability to send email.
See [Amazon SES Sending review process FAQs](faqs-enforcement.md) for more information about what to do if your account is under review, or your account's ability to send email is paused.
## Other Notification
This section contains additional information about other notifications shown in the Amazon SES reputation metrics page.
### Why you received this notification
An automatic or human review has identified issues that aren't listed in the previous sections of this document.
### What you can do to resolve the issue
Refer to the Support Center case that we opened on your behalf for details on the specific issue. To access Support Center, sign into the AWS Management Console and then choose Support Center. In your response to the case, describe the changes you implemented. Depending on your specific situation and the nature of the issues we discovered, we might end the review period or restore your account's ability to send email.
# Creating reputation monitoring alarms using CloudWatch
Amazon SES automatically publishes a series of reputation-related metrics to Amazon CloudWatch. You can use these metrics to create alarms that notify you when your bounce or complaint rates reach levels that could impact your account's ability to send email.
**Note**
The CloudWatch portion of the procedures in this section are intended to just present the core steps for setting up a CloudWatch alarm to monitor your SES sender reputation. They don't explore advanced configurations regarding optional settings for CloudWatch alarms. For complete information about configuring CloudWatch alarms, see [Using Amazon CloudWatch alarms](https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/AlarmThatSendsEmail.html) in the *Amazon CloudWatch User Guide*.
**Prerequisites**
+ Create an Amazon SNS topic, and then subscribe to it using your preferred endpoint (such as email or SMS). For more information, see [Creating an Amazon SNS topic](https://docs.aws.amazon.com/sns/latest/dg/sns-tutorial-create-topic.html) and [Subscribing to an Amazon SNS topic](https://docs.aws.amazon.com/sns/latest/dg/sns-tutorial-create-subscribe-endpoint-to-topic.html) in the *Amazon Simple Notification Service Developer Guide*.
+ If you've never sent an email in the current Region, you might not see the **SES** namespace. To ensure that you have metrics, send a test email to the [mailbox simulator](send-an-email-from-console.md#send-email-simulator).
**To create a CloudWatch alarm to monitor sending reputation**
1. Sign in to the AWS Management Console and open the Amazon SES console at [https://console.aws.amazon.com/ses/](https://console.aws.amazon.com/ses/).
1. In the navigation pane on the left side of the screen, choose **Reputation metrics**.
1. On the **Reputation metrics** page under the **Account-level** tab, in either the **Bounce rate** or **Complaint rate** pane, choose **View in CloudWatch** - this will open the CloudWatch console with your chosen metric.
1. Under the **Graphed metrics** tab, on the line of your chosen metric, for this example, **Reputation.BounceRate**, choose the *alarm bell* icon in the **Actions** column (see image below) - this will open the **Specify metric and conditions** page.
![\[CloudWatch metrics graph with Reputation.BounceRate metric and alarm bell icon highlighted.\]](http://docs.aws.amazon.com/ses/latest/dg/images/cw_alarm_for_reputation.png)
1. Scroll down to the **Conditions** pane, and choose **Static** in the **Threshold type** field.
1. In the **Whenever *metric* is...** field, choose **Greater/Equal**.
1. In the **than...** field, specify the value that should cause CloudWatch to raise an alarm.
+ If you're creating an alarm to monitor your bounce rate, note that Amazon SES recommends that you maintain a bounce rate under 5%. If the bounce rate for your account is greater than 10%, we might pause your account's ability to send email. For this reason, you should configure CloudWatch to send you a notification when the bounce rate for your account is greater than or equal to 0.05 (5%).
+ If you're creating an alarm to monitor your complaint rate, note that Amazon SES recommends that you maintain a complaint rate under 0.1%. If the complaint rate for your account is greater than 0.5%, we might pause your account's ability to send email. For this reason, you should configure CloudWatch to send you a notification when the complaint rate for your account is greater than or equal to 0.001 (0.1%).
1. Expand **Additional configuration** and choose **Treat missing data as ignore (maintain the alarm state)** in the **Missing data treatment** field.
1. Choose **Next**.
1. On the **Configure actions** pane, choose **In Alarm** in the **Alarm state trigger** field.
1. Choose **Select an existing SNS topic** in the **Select an SNS topic** field.
1. Choose the topic that you created and subscribed to in the prerequisites in the **Send a notification to...** search box.
1. Choose **Next**.
1. On the **Add name and description** pane, enter a name and description for the alarm, and then choose **Next**.
1. On the **Preview and create** pane, confirm your settings, and if satisfied, choose **Create alarm**. If there's something you'd like to change, select the **Previous** button for each section you'd like to go back to and edit.
# SNDS metrics for dedicated IPs
You can view Smart Network Data Services (SNDS) data for leased dedicated IP addresses in each AWS Region where you use Amazon SES. This SNDS data is available through the Amazon CloudWatch console.
SNDS is an Outlook program that allows IP owners to help prevent spam within their IP space. Amazon SES provides this important data for those who lease dedicated IPs. The SNDS data provides insight into the IP’s mail sending behavior and calls out areas of concern for your sender reputation.
**Note**
When referring to Outlook, this covers all the domains they track. For example, this can cover Hotmail.com, Outlook.com, and Live.com.
**To view SNDS data for your dedicated IP addresses**
1. Sign in to the Amazon CloudWatch console at [https://console.aws.amazon.com/cloudwatch/](https://console.aws.amazon.com/cloudwatch/).
1. In the navigation pane, expand **Metrics** and choose **All metrics**.
*(Directions are given for the new CloudWatch console interface.)*
1. Under the **Browse** tab in the **Metrics** container, select your AWS Region, then choose **SES**.
1. Choose **IP Metrics** which will show you all of your dedicated IPs tracked by SNDS.
*(Note: if there are no dedicated IP addresses associated with your account in the selected region, **IP Metrics** will not appear in the CloudWatch console.)*
1. View all of your dedicated IPs tracked by SNDS in this list, or select an individual IP address to view only its metrics.
The following metrics are provided for each dedicated IP address and defined by Outlook. For more information, see Outlook’s SNDS [FAQs](https://sendersupport.olc.protection.outlook.com/snds/FAQ.aspx#DataProvided).
**Note**
These metrics represent an activity period that provides updated data once a day. The metrics also have a corresponding timestamp, which reflects a 24-hour period.
+ **SNDS.RCPTCommands** - This is the number of RCPT commands perceived by SNDS for the specific IP address during the activity period. RCPT commands are part of the SMTP protocol used to send mail, which specifies the recipient address to which you are trying to deliver email.
+ **SNDS.DATACommands** - The number of DATA commands perceived by SNDS for the specific IP address during the activity period. DATA commands are part of the SMTP protocol used to send mail, specifically that part which actually transmits the message to the previously established intended recipient(s).
+ **SNDS.MessageRecipients** - The number of recipients on messages perceived by SNDS for the specific IP address during the activity period.
+ **SNDS.SpamRate** - Displays the aggregate results of the spam filtering applied to all messages sent by the IP address during the given activity period.
+ A SpamRate of 0 means the IP address has less than 10% spam.
+ A SpamRate of 0.5 means that between 10% and 90% spam is generated from the IP address.
+ A SpamRate of 1 means 90% or more spam is generated from the IP address.
+ **SNDS.ComplaintRate** - This is the fraction of the time that a message received from the IP is complained about by an Outlook user during the activity period.
+ A ComplaintRate of 1 means a 100% complaint rate.
+ A ComplaintRate of 0.05 would mean a 5% complaint rate, for example.
+ A ComplaintRate of 0 means the rate is less than 0.1%.
+ **SNDS.TrapHits** - Displays the number of messages sent to "trap accounts." Trap accounts are accounts maintained by Outlook that don't solicit any mail. Thus, any messages sent to trap accounts are very likely to be spam.
## Troubleshooting questions
**Q1. Why does data not populate every day? Either of the following scenarios could apply:**
+ SNDS data is dependent on Outlook’s SNDS program.
+ There is a minimum threshold of emails SNDS needs to receive to calculate a value. Data may not be available at times where email volume on an IP was low.
**Q2. Why are the SNDS.SpamRate and SNDS.ComplaintRate metrics changing, and what do I do if the rate changes to a value of 1?**
This is an indicator that something in your sending behavior has triggered a negative response from the Outlook SNDS program. In this case, you want to check other Internet Service Providers (ISPs) as well as your engagement numbers to make sure it isn’t a global problem. If it is a global problem, you may see issues with multiple ISPs, which would suggest a list, content, distribution, or permissions problem. If it is specific to Outlook, review [how to best deliver to Outlook](https://sendersupport.olc.protection.outlook.com/pm/).
**Q3. What actions will AWS Support take if my SNDS.SpamRate changes from a value of 0 (or 0.5) to 1?**
AWS does not have any control over SNDS and therefore has no influence over SNDS. All mitigation requests need to filed directly with Outlook via their [New support request form](https://support.microsoft.com/en-us/supportrequestform/8ad563e3-288e-2a61-8122-3ba03d6b8d75).
# Automatically pausing email sending
To protect your sender reputation, you can temporarily pause email sending for messages sent using specific configuration sets, or for all messages sent from your Amazon SES account in a specific AWS Region.
By using Amazon CloudWatch and Lambda, you can create a solution that automatically pauses your email sending when your reputation metrics (such as bounce rate or complaint rate) exceed certain thresholds. This topic contains procedures for setting up this solution.
**Topics**
+ [Automatically pausing email sending for your entire Amazon SES account](monitoring-sender-reputation-pausing-account.md)
+ [Automatically pausing email sending for a configuration set](monitoring-sender-reputation-pausing-configuration-set.md)
# Automatically pausing email sending for your entire Amazon SES account
The procedures in this section explain the steps to set up Amazon SES, Amazon SNS, Amazon CloudWatch, and AWS Lambda to automatically pause email sending for your Amazon SES account in a single AWS Region. If you send email from multiple regions, repeat the procedures in this section for each region in which you want to implement this solution.
**Topics**
+ [Part 1: Create an IAM Role](#monitoring-sender-reputation-pausing-account-part-1)
+ [Part 2: Create the Lambda Function](#monitoring-sender-reputation-pausing-account-part-2)
+ [Part 3: Re-Enable Email Sending for Your Account](#monitoring-sender-reputation-pausing-account-part-3)
+ [Part 4: Create an Amazon SNS Topic and Subscription](#monitoring-sender-reputation-pausing-account-part-4)
+ [Part 5: Create a CloudWatch Alarm](#monitoring-sender-reputation-pausing-account-part-5)
+ [Part 6: Test the solution](#monitoring-sender-reputation-pausing-account-part-6)
## Part 1: Create an IAM Role
The first step in configuring automatic pausing of email sending is to create an IAM role that can execute the `UpdateAccountSendingEnabled` API operation.
**To create the IAM role**
1. Open the IAM console at [https://console.aws.amazon.com/iam/](https://console.aws.amazon.com/iam/).
1. In the navigation pane, choose **Roles**.
1. Choose **Create role**.
1. On the **Select trusted entity** page, choose **AWS service** for the **Trusted entity type**.
1. Under **Use case**, choose **Lambda**, then choose **Next**.
1. On the **Add permissions** page, choose the following policies:
+ **AWSLambdaBasicExecutionRole**
+ **AmazonSESFullAccess**
**Tip**
Use the search box under **Permission policies** to quickly locate these policies, but note that after searching for and selecting the first policy, you must choose **Clear filters** before searching and selecting the second policy.
Then choose **Next**.
1. On the **Name, review, and create** page, under **Role details**, enter a meaningful name for the policy in the **Role name** field.
1. Verify that the two policies you selected are listed in the **Permissions policy summary** table, then choose **Create role**.
## Part 2: Create the Lambda Function
After you create an IAM role, you can create the Lambda function that pauses email sending for your account.
**To create the Lambda function**
1. Open the AWS Lambda console at [https://console.aws.amazon.com/lambda/](https://console.aws.amazon.com/lambda/).
1. Use the region selector to choose the region in which you want to deploy this Lambda function.
**Note**
This function only pauses email sending in the AWS Region you select in this step. If you send email from more than one region, repeat the procedures in this section for each region in which you want to automatically pause email sending.
1. Choose **Create function**.
1. Under **Create function**, choose **Author from scratch**.
1. Under **Basic information**, complete the following steps:
+ For **Function name**, type a name for the Lambda function.
+ For **Runtime**, choose **Node.js 18x** (or the version currently offered in the select list).
+ For **Architecture**, keep the preselected default, **x86\$164**.
+ Under Permissions, expand **Change default execution role** and choose **Use an existing role**.
+ Click inside the **Existing role** list box, and choose the IAM role you created in [Part 1: Create an IAM Role](#monitoring-sender-reputation-pausing-account-part-1).
Then choose **Create function**.
1. Under **Code source**, in the code editor, paste the following code:
```
'use strict';
const { SES } = require("@aws-sdk/client-ses")
// Create a new SES object.
var ses = new SES({});
// Specify the parameters for this operation. In this case, there is only one
// parameter to pass: the Enabled parameter, with a value of false
// (Enabled = false disables email sending, Enabled = true enables it).
var params = {
Enabled: false
};
exports.handler = (event, context, callback) => {
// Pause sending for your entire SES account
ses.updateAccountSendingEnabled(params, function(err, data) {
if(err) {
console.log(err.message);
} else {
console.log(data);
}
});
};
```
Then choose **Deploy**.
1. Choose **Test**. If the **Configure test event** window appears, type a name in the **Event name** field, and then choose **Save**.
1. Expand the **Test** drop box and select the name of the event you just created, and then choose **Test**.
1. The **Execution results** tab will appear - just below it and to the right, ensure that `Status: Succeeded` is displayed. If the function failed to execute, do the following:
+ Verify that the IAM role you created in [Part 1: Create an IAM Role](#monitoring-sender-reputation-pausing-account-part-1) contains the correct policies.
+ Verify that the code in the Lambda function does not contain any errors. The Lambda code editor automatically highlights syntax errors and other potential issues.
## Part 3: Re-Enable Email Sending for Your Account
A side effect of testing the Lambda function in [Part 2: Create the Lambda Function](#monitoring-sender-reputation-pausing-account-part-2) is that email sending for your Amazon SES account is paused. In most cases, you do not want to pause sending for your account until the CloudWatch alarm is triggered.
The procedures in this section re-enable email sending for your Amazon SES account. To complete these procedures, you must install and configure the AWS Command Line Interface. For more information, see the [AWS Command Line Interface User Guide](https://docs.aws.amazon.com/cli/latest/userguide/).
**To re-enable email sending**
1. At the command line, type the following command to re-enable email sending for your account. Replace *sending\$1region* with the name of the Region in which you want to re-enable email sending.
```
aws ses update-account-sending-enabled --enabled --region sending_region
```
1. At the command line, type the following command to check the email sending status for your account:
```
aws ses get-account-sending-enabled --region sending_region
```
If you see the following output, then you have successfully re-enabled email sending for your account:
```
{
"Enabled": true
}
```
## Part 4: Create an Amazon SNS Topic and Subscription
For CloudWatch to execute your Lambda function when an alarm is triggered, you must first create an Amazon SNS topic and subscribe the Lambda function to it.
**To create the Amazon SNS topic and subscribe the Lambda function to it**
1. Open the Amazon SNS console at [https://console.aws.amazon.com/sns/v3/home](https://console.aws.amazon.com/sns/v3/home).
1. [Create a topic](https://docs.aws.amazon.com/sns/latest/dg/sns-create-topic.html) by following the steps in the *Amazon Simple Notification Service Developer Guide*.
1. The **Type** must be **Standard** (not **FIFO**).
1. [Subscribe to the topic](https://docs.aws.amazon.com/sns/latest/dg/sns-create-subscribe-endpoint-to-topic.html) by following the steps in the *Amazon Simple Notification Service Developer Guide*.
1. For **Protocol** choose **AWS Lambda**.
1. For **Endpoint**, choose the Lambda function you created in [Part 2: Create the Lambda Function](#monitoring-sender-reputation-pausing-account-part-2).
## Part 5: Create a CloudWatch Alarm
This section contains procedures for creating an alarm in CloudWatch that is triggered when a metric reaches a certain threshold. When the alarm is triggered, it delivers a notification to the Amazon SNS topic you created in [Part 4: Create an Amazon SNS Topic and Subscription](#monitoring-sender-reputation-pausing-account-part-4), which then executes the Lambda function you created in [Part 2: Create the Lambda Function](#monitoring-sender-reputation-pausing-account-part-2).
**To create a CloudWatch alarm**
1. Open the CloudWatch console at [https://console.aws.amazon.com/cloudwatch/](https://console.aws.amazon.com/cloudwatch/).
1. Use the region selector to choose the region in which you want to automatically pause email sending.
1. In the navigation pane, choose **Alarms**.
1. Choose **Create Alarm**.
1. On the **Create Alarm** window, under **SES Metrics**, choose **Account Metrics**.
1. Under **Metric Name**, choose one of the following options:
+ **Reputation.BounceRate** – Choose this metric if you want to pause email sending for your account when the overall hard bounce rate for your account crosses a threshold that you define.
+ **Reputation.ComplaintRate** – Choose this metric if you want to pause email sending for your account when the overall complaint rate for your account crosses a threshold that you define.
Choose **Next**.
1. Complete the following steps:
+ Under **Alarm Threshold**, for **Name**, type a name for the alarm.
+ Under **Whenever: Reputation.BounceRate** or **Whenever: Reputation.ComplaintRate**, specify the threshold that causes the alarm to trigger.
**Note**
Your account is automatically placed under review if your bounce rate exceeds 5%, or if your complaint rate exceeds 0.1%. When you specify the bounce or complaint rate that causes the CloudWatch alarm to trigger, we recommend that you use values that are below these rates to prevent your account from being placed under review.
+ Under **Actions**, for **Whenever this alarm**, choose **State is ALARM**. For **Send notification to**, choose the Amazon SNS topic you created in [Part 4: Create an Amazon SNS Topic and Subscription](#monitoring-sender-reputation-pausing-account-part-4).
Choose **Create Alarm**.
## Part 6: Test the solution
You can now test the alarm to ensure that it executes the Lambda function when it enters the `ALARM` state. You can use the `SetAlarmState` API operation to temporarily change the state of the alarm.
The procedures in this section are optional, but we recommend that you complete them to ensure that the entire solution is configured correctly.
1. At the command line, type the following command to check the email sending status for your account. Replace *region* with the name of the Region.
```
aws ses get-account-sending-enabled --region region
```
If sending is enabled for your account, you see the following output:
```
{
"Enabled": true
}
```
1. At the command line, type the following command to temporarily change the alarm state to `ALARM`: **aws cloudwatch set-alarm-state --alarm-name *MyAlarm* --state-value ALARM --state-reason "Testing execution of Lambda function" --region *region***
Replace *MyAlarm* in the preceding command with the name of the alarm you created in [Part 5: Create a CloudWatch Alarm](#monitoring-sender-reputation-pausing-account-part-5), and replace *region* with the Region in which you want to automatically pause email sending.
**Note**
When you execute this command, the status of the alarm switches from `OK` to `ALARM` and back to `OK` within a few seconds. You can view these status changes on the alarm's **History** tab in the CloudWatch console, or by using the [DescribeAlarmHistory](https://docs.aws.amazon.com/AmazonCloudWatch/latest/APIReference/API_DescribeAlarmHistory.html) operation.
1. At the command line, type the following command to check the email sending status for your account.
```
aws ses get-account-sending-enabled --region region
```
If the Lambda function executed successfully, you see the following output:
```
{
"Enabled": false
}
```
1. Complete the steps in [Part 3: Re-Enable Email Sending for Your Account](#monitoring-sender-reputation-pausing-account-part-3) to re-enable email sending for your account.
# Automatically pausing email sending for a configuration set
You can configure Amazon SES to export reputation metrics that are specific to emails that are sent using a specific configuration set to Amazon CloudWatch. You can then use these metrics to create CloudWatch alarms that are specific to these configuration sets. When these alarms exceed certain thresholds, you can automatically pause the sending of emails that use the specified configuration sets, without impacting the overall email sending capabilities of your Amazon SES account.
**Note**
The solution described in this section pauses email sending for a specific configuration set in a single AWS Region. If you send email from multiple regions, repeat the procedures in this section for each region in which you want to implement this solution.
**Topics**
+ [Part 1: Enable Reputation Metric Reporting for the Configuration Set](#monitoring-sender-reputation-pausing-configuration-set-part-1)
+ [Part 2: Create an IAM Role](#monitoring-sender-reputation-pausing-configuration-set-part-2)
+ [Part 3: Create the Lambda Function](#monitoring-sender-reputation-pausing-configuration-set-part-3)
+ [Part 4: Re-Enable Email Sending for the Configuration Set](#monitoring-sender-reputation-pausing-configuration-set-part-4)
+ [Part 5: Create an Amazon SNS Topic](#monitoring-sender-reputation-pausing-configuration-set-part-5)
+ [Part 6: Create a CloudWatch Alarm](#monitoring-sender-reputation-pausing-configuration-set-part-6)
+ [Part 7: Test the solution](#monitoring-sender-reputation-pausing-configuration-set-part-7)
## Part 1: Enable Reputation Metric Reporting for the Configuration Set
Before you can configure Amazon SES to automatically pause email sending for a configuration set, you must first enable the export of reputation metrics for the configuration set.
To enable the export of bounce and complaint metrics for the configuration set, complete the steps in [Viewing and exporting reputation metrics](configuration-sets-export-metrics.md).
## Part 2: Create an IAM Role
The first step in configuring automatic pausing of email sending is to create an IAM role that can execute the `UpdateConfigurationSetSendingEnabled` API operation.
**To create the IAM role**
1. Open the IAM console at [https://console.aws.amazon.com/iam/](https://console.aws.amazon.com/iam/).
1. In the navigation pane, choose **Roles**.
1. Choose **Create role**.
1. Under **Select type of trusted entity**, choose **AWS service**.
1. Under **Choose the service that will use this role**, choose **Lambda**. Choose **Next: Permissions**.
1. On the **Attach permissions policies** page, choose the following policies:
+ **AWS LambdaBasicExecutionRole**
+ **AmazonSESFullAccess** (We recommend you use a custom role tailored to your needs that includes permissions to call [https://docs.aws.amazon.com/ses/latest/APIReference/API_UpdateConfigurationSetSendingEnabled.html](https://docs.aws.amazon.com/ses/latest/APIReference/API_UpdateConfigurationSetSendingEnabled.html).)
**Tip**
Use the search box at the top of the list of policies to quickly locate these policies.
Choose **Next: Review**.
1. On the **Review** page, for **Name**, type a name for the role. Choose **Create role**.
## Part 3: Create the Lambda Function
After you create an IAM role, you can create the Lambda function that pauses email sending for the configuration set.
**To create the Lambda function**
1. Open the AWS Lambda console at [https://console.aws.amazon.com/lambda/](https://console.aws.amazon.com/lambda/).
1. Use the region selector to choose the region in which you want to deploy this Lambda function.
**Note**
This function only pauses email sending for configuration sets in the AWS Region you select in this step. If you send email from more than one region, repeat the procedures in this section for each region in which you want to automatically pause email sending.
1. Choose **Create function**.
1. Under **Create function**, choose **Author from scratch**.
1. Under **Author from scratch**, complete the following steps:
+ For **Name**, type a name for the Lambda function.
+ For **Runtime**, choose **Node.js 14x** (or the version currently offered in the select list).
+ For **Role**, choose **Choose an existing role**.
+ For **Existing role**, choose the IAM role you created in [Part 2: Create an IAM Role](#monitoring-sender-reputation-pausing-configuration-set-part-2).
Choose **Create function**.
1. Under **Function code**, in the code editor, paste the following code:
```
'use strict';
import {
SES
}
from 'aws-sdk';
const ses = new SES();
const configSet = 'CONFIG_SET_NAME_HERE';
const params = {
ConfigurationSetName: configSet,
Enabled: false
};
export const handler = async (event) => {
try {
const data = await ses.updateConfigurationSetSendingEnabled(params).promise();
console.log('Configuration Set Update:', data);
return {
statusCode: 200,
body: JSON.stringify({
message: 'Successfully paused email sending for configuration set.',
data
}),
};
}
catch (err) {
console.error('Error:', err.message);
return {
statusCode: 500,
body: JSON.stringify({
message: 'Failed to pause email sending for configuration set.',
error: err.message
}),
};
}
};
```
Replace *ConfigSet* in the preceding code with the name of the configuration set. Choose **Save**.
1. Choose **Test**. If the **Configure test event** window appears, type a name in the **Event name** field, and then choose **Create**.
1. Ensure that the notification bar at the top of the page says `Execution result: succeeded`. If the function failed to execute, do the following:
+ Verify that the IAM role you created in [Part 2: Create an IAM Role](#monitoring-sender-reputation-pausing-configuration-set-part-2) contains the correct policies.
+ Verify that the code in the Lambda function does not contain any errors. The Lambda code editor automatically highlights syntax errors and other potential issues.
## Part 4: Re-Enable Email Sending for the Configuration Set
A side effect of testing the Lambda function in [Part 3: Create the Lambda Function](#monitoring-sender-reputation-pausing-configuration-set-part-3) is that email sending for the configuration set is paused. In most cases, you do not want to pause sending for the configuration set until the CloudWatch alarm is triggered.
The procedures in this section re-enable email sending for your configuration set. To complete these procedures, you must install and configure the AWS Command Line Interface. For more information, see the [AWS Command Line Interface User Guide](https://docs.aws.amazon.com/cli/latest/userguide/).
**To re-enable email sending**
1. At the command line, type the following command to re-enable email sending for the configuration set:
```
aws ses update-configuration-set-sending-enabled \
--configuration-set-name ConfigSet \
--enabled
```
In the preceding command, replace *ConfigSet* with the name of the configuration set for which you want to pause email sending.
1. At the command line, type the following command to ensure that email sending is enabled:
```
aws ses describe-configuration-set \
--configuration-set-name ConfigSet \
--configuration-set-attribute-names reputationOptions
```
The command produces output that resembles the following example:
```
{
"ConfigurationSet": {
"Name": "ConfigSet"
},
"ReputationOptions": {
"ReputationMetricsEnabled": true,
"SendingEnabled": true
}
}
```
If the value of `SendingEnabled` is `true`, then email sending for the configuration set was successfully re-enabled.
## Part 5: Create an Amazon SNS Topic
For CloudWatch to execute the Lambda function when an alarm is triggered, you must first create an Amazon SNS topic and subscribe the Lambda function to it.
**To create the Amazon SNS topic**
1. Open the Amazon SNS console at [https://console.aws.amazon.com/sns/v3/home](https://console.aws.amazon.com/sns/v3/home).
1. Use the region selector to choose the region in which you want to automatically pause email sending.
1. In the navigation pane, choose **Topics**.
1. Choose **Create new topic**.
1. On the **Create new topic** window, for **Topic name**, type a name for the topic. Optionally, you can type a more descriptive name in the **Display name** field.
Choose **Create topic**.
1. In the list of topics, check the box next to the topic you created in the previous step. On the **Actions** menu, choose **Subscribe to topic**.
1. On the **Create subscription** window, make the following selections:
+ For **Protocol**, choose **AWS Lambda**.
+ For **Endpoint**, choose the Lambda function you created in [Part 3: Create the Lambda Function](#monitoring-sender-reputation-pausing-configuration-set-part-3).
+ For **Version or alias**, choose **default**.
1. Choose **Create subscription**.
## Part 6: Create a CloudWatch Alarm
This section contains procedures for creating an alarm in CloudWatch that is triggered when a metric reaches a certain threshold. When the alarm is triggered, it delivers a notification to the Amazon SNS topic you created in [Part 5: Create an Amazon SNS Topic](#monitoring-sender-reputation-pausing-configuration-set-part-5), which then executes the Lambda function you created in [Part 3: Create the Lambda Function](#monitoring-sender-reputation-pausing-configuration-set-part-3).
**To create a CloudWatch alarm**
1. Open the CloudWatch console at [https://console.aws.amazon.com/cloudwatch/](https://console.aws.amazon.com/cloudwatch/).
1. Use the region selector to choose the region in which you want to automatically pause email sending.
1. In the navigation pane on the left, choose **Alarms**.
1. Choose **Create Alarm**.
1. On the **Create Alarm** window, under **SES Metrics**, choose **Configuration Set Metrics**.
1. In the **ses:configuration-set** column, locate the configuration set for which you want to create an alarm. Under **Metric Name**, choose one of the following options:
+ **Reputation.BounceRate** – Choose this metric if you want to pause email sending for the configuration set when the overall hard bounce rate for the configuration set crosses a threshold that you define.
+ **Reputation.ComplaintRate** – Choose this metric if you want to pause email sending for the configuration set when the overall complaint rate for the configuration set crosses a threshold that you define.
Choose **Next**.
1. Complete the following steps:
+ Under **Alarm Threshold**, for **Name**, type a name for the alarm.
+ Under **Whenever: Reputation.BounceRate** or **Whenever: Reputation.ComplaintRate**, specify the threshold that causes the alarm to trigger.
**Note**
If the overall bounce rate for your Amazon SES account exceeds 10%, or if the overall complaint rate for your Amazon SES account exceeds .5%, your Amazon SES account is automatically placed under review. When you specify the bounce or complaint rate that causes the CloudWatch alarm to trigger, we recommend that you use values that are far below these rates to prevent your account from being placed under review.
+ Under **Actions**, for **Whenever this alarm**, choose **State is ALARM**. For **Send notification to**, choose the Amazon SNS topic you created in [Part 5: Create an Amazon SNS Topic](#monitoring-sender-reputation-pausing-configuration-set-part-5).
Choose **Create Alarm**.
## Part 7: Test the solution
You can now test the alarm to ensure that it executes the Lambda function when it enters the `ALARM` state. You can use the `SetAlarmState` operation in the CloudWatch API to temporarily change the state of the alarm.
The procedures in this section are optional, but we recommend that you complete them to verify that the entire solution is configured correctly.
**To test the solution**
1. At the command line, type the following command to check the email sending status for the configuration set:
```
aws ses describe-configuration-set --configuration-set-name ConfigSet
```
If sending is enabled for the configuration set, you see the following output:
```
{
"ConfigurationSet": {
"Name": "ConfigSet"
},
"ReputationOptions": {
"ReputationMetricsEnabled": true,
"SendingEnabled": true
}
}
```
If the value of `SendingEnabled` is `true`, then email sending is currently enabled for the configuration set.
1. At the command line, type the following command to temporarily change the alarm state to `ALARM`:
```
aws cloudwatch set-alarm-state \
--alarm-name MyAlarm \
--state-value ALARM \
--state-reason "Testing execution of Lambda function"
```
Replace *MyAlarm* in the preceding command with the name of the alarm you created in [Part 6: Create a CloudWatch Alarm](#monitoring-sender-reputation-pausing-configuration-set-part-6).
**Note**
When you execute this command, the status of the alarm switches from `OK` to `ALARM` and back to `OK` within a few seconds. You can view these status changes on the alarm's **History** tab in the CloudWatch console, or by using the [DescribeAlarmHistory](https://docs.aws.amazon.com/AmazonCloudWatch/latest/APIReference/API_DescribeAlarmHistory.html) operation.
1. At the command line, type the following command to check the email sending status for the configuration set:
```
aws ses describe-configuration-set \
--configuration-set-name ConfigSet
```
If the Lambda function executed successfully, you see output that resembles the following example:
```
{
"ConfigurationSet": {
"Name": "ConfigSet"
},
"ReputationOptions": {
"ReputationMetricsEnabled": true,
"SendingEnabled": false
}
}
```
If the value of `SendingEnabled` is `false`, then email sending for the configuration set is disabled, indicating that the Lambda function executed successfully.
1. Complete the steps in [Part 4: Re-Enable Email Sending for the Configuration Set](#monitoring-sender-reputation-pausing-configuration-set-part-4) to re-enable email sending for the configuration set.