Amazon SES emails no longer sending

8
votes

Im having a problem with sending emails using Amazon SES. I have an Amazon EC2 instance.

It worked for the first couple of days but I just noticed last week all emails now fail. I have tried sending using Node and the Amazon SES sdk and from within AWS where you can send a test email. I have the following code in Node:

var aws = require('aws-sdk');

// load aws config
aws.config.loadFromPath('email_config.json');

// load AWS SES
var ses = new aws.SES({
    apiVersion: '2010-12-01'
});

ses.sendEmail({
    Source: from,
    Destination: {
        ToAddresses: to
    },
    Message: {
        Subject: {
            Data: 'Somebody registered'
        },
        Body: {
            Html: {
                Data: body,
            }
        }
    }
}, function(err, data) {

    console.log('email err is ', err, ' and data is ', data);

});

The result of the log is:

email err is  null  and data is  { ResponseMetadata: { RequestId: 'ad28f526-0b15-11e6-ad87-1108d652684a' },
MessageId: '010101544ebc41b3-f7bd43dd-0505-4eb2-a056-219ce6180fc5-000000' }

But the email doesnt deliever and I then receive an email from Amazon saying:

An error occurred while trying to deliver the mail to the following recipients: < my email address >

This contains an attachment with the following text:

From: < my email address >
To: < my email address >
Subject: Somebody registered
MIME-Version: 1.0
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: 7bit
Message-ID: <010101544ebc41b3-f7bd43dd-0505-4eb2-a056-219ce6180fc5-000000@us-west-2.amazonses.com>
Date: Mon, 25 Apr 2016 18:44:01 +0000
X-SES-Outgoing: 2016.04.25-54.240.27.56
Feedback-ID: 1.us-west-2.GkIUmTTEDEIC5VBoooumwcKSnMDcLT8S4Zd3/deS/BU=:AmazonSES
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/simple;
    s=gdwg2y3kokkkj5a55z2ilkup5wp5hhxx; d=amazonses.com; t=1461609841;
    h=From:To:Subject:MIME-Version:Content-Type:Content-Transfer-Encoding:Message-ID:Date:Feedback-ID;
    bh=fHqQiK/2DJ+B7zddmElFttCiWFnADDSNj5umLJQCPJs=;
    b=ZI/358zmcRHVBKTdA6qbQky5nj5z/YWw215KvkZ+oD73N0booHbl+jx+O05FdcKR
    irDjmyEDppGkp7rToZSTt/NHDeRrbERixT/ZCjGo/KOxvShovD7Z5mnDViRmkS5sTz5
    qo0oO0NuRz1lGVPkT5ONHNhKhWs7ncC9id0ycm34=

When I actually log into AWS and send a test email through the console, I get the same failure.

I have verified the senders email address and I have an approved sending limit for the region.

Any ideas what this could be?

EDIT

I just noticed in my AWS control panel > SES Home > Domains it says my domain is 'pending verification'. Could this be it? It says I need to add a TXT DNS record with a name of xxx and value of yyy. I already did this on Register365. Maybe I did it wrong? Register365 doesnt provide name and value fields for a TXT record, only a 'result' field. So I added a TXT record with the 'result' field of: xxx=yyy. Is this the correct approach? This was weeks ago though and its still pending verification....

EDIT

I've since added a TXT record to my Register 365 control panel, and still my domain cannot be verified. The record looks like:

enter image description here

Amazon provided me with the following TXT record to verify my domain:

TXT Name*: _amazonses.mydomain.com
TXT Value: u1qHYT6/2KV9Kl1VLKsApXjwcPqVXKJ8KeXj50k=

So in the Register 365 control panel "result" field I've added the record in the form name=value i.e "_amazonses.mydomain.com=u1qHYT6/2KV9Kl1VLKsApXjwcPqVXKJ8KeXj50k="

I then ran nslookup to find the record but got the message:

server can't find _amazonses.mydomain.com: NXDOMAIN

What am I doing wrong?

EDIT

I have now changed the TXT record to:

enter image description here

But after 3 days I have gotten another email from Amazon saying they have failed to verify the domain. Im utterly baffled now, I've been trying to verify it for 6 weeks!

My SES account is not in sandbox mode - i've already been approved to send email via SES. I've also verified my sender email address.

Are there any other options open to me? The Amazon SES service seems absolutely dire.

Also when I run:

nslookup -type=TXT  _amazonses.redmatterapp.com ns-478.awsdns-59.com

I'm still seeing:

server can't find _amazonses.redmatterapp.com: NXDOMAIN

When I run:

nslookup -type=TXT  redmatterapp.com ns-478.awsdns-59.com

I get:

Can't find redmatterapp.com: No answer

Why is this happening? My DNS is with Register 365

EDIT

Seems like the nameservers I was using with nslookup were wrong. When I run nslookup, i know get:

_amazonses.redmatterapp.com text = "u1qN5cbTEDb/2EV9Bhd67YHT5jjqVXKJ8KeXj50k="

Which looks right. Yet still verification for my domain fails...

4
node.jsamazon-web-servicesamazon-ec2
TXT records require double quotes: "xxx=yyy".Michael - sqlbot
this didnt work...Mark
I want to clarify on this. I revisited the amazon SES site and click "Verify a new Domain", it only shows 1 textbox for domain. Do you see "Host name, Type, and Result"? I haven't seen that one.dee.ronin
@dee.ronin The screenshot of "Host name, Type, and Result" is from my DNS Administration panel with Register 365.....Mark
I see, have you tried verifying your domain using the amazon SES site?dee.ronin

4 Answers

6
votes

As Michael, the SQL Bot pointed out, you need a hostname (_amazonses) on the left, and the value on the right. That will help to validate the domain.

However, there are a number of other possible reasons for failure. Is SES still in sandbox mode? If that's the case, you'll need to verify the TO and the FROM email addresses.

It might be easier to verify individual email addresses if you can't get the domain verification working. So create them in SES, and go through the validation process. Once you create those (or, if you manage to get the domain verified) create an SNS topic that sends you email, and then configure the Bounce, Complaint, and Delivery notifications to that SNS topic - you should end up with an email for every delivery attempt, regardless of whether it succeeds or not.

The last thing to consider is the possibility that your email address has been added to the supression list. If you generate a lot of errors, SES will add you to a "do not email" list. There is an ability to request removal from this list in the SES console.

4
votes

The hostname part is _amazonses (left column, next to the number 2)

The value is "u1qHY..."

3
votes

I think you're on the right track in that last image, only I believe the host name is _amazonses, and u1qHYT6/2KV9Kl1VLKsApXjwcPqVXKJ8KeXj50k= is the result, instead of putting everything in the result field in the form "_amazonses.yourdomain.com=u1qHYT6/2KV9Kl1VLKsApXjwcPqVXKJ8KeXj50k=". Iiuc, the idea is that AWS will curl _amazonses.yourdomain.com, expecting your key to be served as a TXT file, but currently you're serving a TXT file with the contents _amazonses.yourdomain.com=u1qHYT6/2KV9Kl1VLKsApXjwcPqVXKJ8KeXj50k= (I can't quite read, as its cut off; pardon my guess) on yourdomain.com instead.

The reason I believe this is that you're getting the error NXDOMAIN, which means the domain _amazonses.yourdomain.com doesn't exist, which makes sense if you hadn't set up a TXT record for _amazonses.yourdomain.com, but instead set up a txt record for http://yourdomain.com instead with the value _amazonses.yourdomain.com=u1qHYT6/2KV9Kl1VLKsApXjwcPqVXKJ8KeXj50k=. Its also what the other two answers seem to suggest, which makes me feel more confident.

2
votes

I recently verified a domain for the company I work for successfully, it is set as follows in my domain DNS (as a TXT record):

Amazon SES DNS

It may be worth you reading Amazon's troubleshooting page if you're still having issues.

Adding to my answer:

I've just checked in my AWS console, if you open up SES > Domains and click on your domain name. Scroll down then click DKIM, I had to verify some more there:

AWS DKIM

And add them as CNAME records as follows:

DKIM DNS

One thing people forget with this process is the fact that, Amazon requires you to leave the TXT record in place even after the verification. Otherwise they will revoke the domain.

Hope this helps!

Yet another edit (sorry)

When I run nslookup -type=TXT _amazonses.redmatterapp.com ns-1471.awsdns-55.org to try and find your TXT record, it comes back:

Server:     ns-1471.awsdns-55.org
Address:    205.251.197.191#53

** server can't find _amazonses.redmatterapp.com: NXDOMAIN

This shows that the TXT record is not setup correctly.