Node AWS-SDK SES email send verification fail

2
votes

I am using aws-sdk using Node to send AWS SES emails and I was able to successfully send emails using AWS CLI. However, from my Node script, verification for my email fails for some reason.

Below is the code:

const aws = require('aws-sdk')
const ses = new aws.SES()

const message = {
        Destination: {
            ToAddresses: ['[email protected]']
        },
        Message: {
            Body: {
                Text: {
                    Charset: 'UTF-8',
                    Data: 'Test body'
                }
            },
            Subject: {
                Charset: 'UTF-8',
                Data: 'Test subject'
            }
        },
        Source: '[email protected]'
    }

ses.sendEmail(message, function (err, data) {
    if (err) console.log(err);
    else console.log(data);
});

Below is the error:

message: 'Email address is not verified. The following identities failed the check in region US-EAST-1: [email protected]',
  code: 'MessageRejected',
  time: 2017-12-15T15:37:26.312Z,
  requestId: 'random-id',
  statusCode: 400,
  retryable: false,
  retryDelay: 15.030260565173382

Please help! Thank you!

2
node.jsamazon-web-servicesaws-sdkamazon-ses
Sanity Check: I presume you're not literally using [email protected] -- is your actual email address an SES verified sender in the us-east-1 region?Anthony Neace
@AnthonyNeace Thanks for asking! Yes, it is use-east-1 and I was able to successfully send out an email using AWS CLI from terminal.Young
Next troubleshooting step: Are you still in SES sandbox mode, where the recipient email address may also be required to be an SES verified sender in that region?Anthony Neace
@AnthonyNeace I put the same email address for both sender and receiver and using AWS CLI, I was able to receive the email.Young

2 Answers

3
votes

Per AWS troubleshooting documentation:

Email address is not verified. The following identities failed the check in region (region): (identity1), (identity2), (identity3) — You are trying to send email from an email address or domain that you have not verified with Amazon SES. This error could apply to the "From", "Source", "Sender", or "Return-Path" address.

If your account is still in the sandbox, you also must verify every recipient email address except for the recipients provided by the Amazon SES mailbox simulator. If Amazon SES is not able to show all of the failed identities, the error message ends with an ellipsis.

Note: Amazon SES has endpoints in multiple AWS regions, and email address verification status is separate for each AWS region. You must complete the verification process for each sender in the AWS region(s) you want to use.

I strongly suspect that your application's configuration does not 100% match the configuration you used to successfully send your test email via the CLI.

Check the following configuration:

  • The 'Source' address must be an SES verified sender in the us-east-1 region. Check that the source address that you expect to send email from is a verified sender in each region that you intend to send email from.
  • If SES sandbox mode is enabled, email recipients (the 'ToAddresses' value) must also be SES verified senders in the us-east-1 region. See 'Moving Out of the Amazon SES Sandbox' for instructions on how to remove this restriction.
  • Make sure all clients you're testing with are being tested in the same region, since configuration needs to be distinct per-region. The error message mentioned the application attempted to hit SES in us-east-1, so explicitly perform your CLI test in the us-east-1 region again by using the --region option. It is possible that the initial CLI test was flawed if the CLI default region was used, and that region happened to not be us-east-1.
  • If all of the above looks correct, carefully review your node application. Make sure the SES client is configured for the region you expect to use, and that the client is correctly writing the emails that you expect to the SES request.

Further Reading

0
votes

Here is my code using node.js with express, ejs and npm package node-ses

The solution is mentioned above, but is easy to miss. It's the third part, after key and secret, the callback to amazon - the url needs to be there and it needs to be customised for your region, in my case eu-west-1, the other two choices are us-east-1 or us-west-2.

The key and the secret was found in IAM - User. Once you have set up a user with Programmatic access and AmazonSESFullAccess permissions. Select your User and then select the "Security credentials" tab. Scoot down and click on Create Access Key.

You will only be given access to your Secret Password once. When you get access, highlight the Secret Password, copy it and paste it somewhere safely along with your Key.

Your from email must be related to the domain registered on the AWS SES page. If you don't host with Route 53, you will need to register and verify the email on the AWS SES page as well.

Here's the router code:

app.post('/email', function(req, res) {
        var ses = require('node-ses'), 
          client = ses.createClient({ 
             key: 'xxx', 
             secret: 'xxx',
             amazon: 'https://email.eu-west-1.amazonaws.com'});
        client.sendEmail({
            to: 'xxx'
          , from: 'xxx'
          , cc: ''
          , bcc: ''
          , subject: 'greetings'
          , message: 'your <b>message</b> goes here'
          , altText: 'plain text'
         }, function (err, data, res) {
            if (err) {
                console.log('Email send Error: ',JSON.stringify(err, null, 2));
            } else {
                console.log('Email send Success: ', JSON.stringify(data,null,2));
            }
         });
    });