If you have read our previous post about email deliverability, you may have been surprised by your own results. Don’t worry, it’s possible to improve them 🙂 Amazon SES could be one of the simplest and more efficient solution for you.

Amazon Simple Email Service (Amazon SES) is a service which can be used to send e-mails from your domain name. This solution could be very useful for you to increase the deliverability of your e-mails and reach a 10/10 score on Mail Tester.

Here what you need:

  • An AWS account; click here to signup
  • An access to the DNS settings of your domain name; in this post, our example domain name is managed with CloudFlare


Add your domain to Amazon SES

The first step is to add your domain to Amazon SES:

You will be asked to type your domain name. Check the box Generate DKIM Settings. DKIM is an e-mail athentication method to detect e-mail spoofing. Using it will improve your e-mail deliverability: the recipient will able to check that the e-mail coming from the specific domain has been authorized by the owner of that domain.

Amazon SES will now ask you to add in the domain’s DNS settings:

  • One TXT record for domain verification
  • Three CNAME records for DKIM
  • One MX record for e-mail receiving: DON’T ADD IT! we are setting Amazon SES for sending e-mails ONLY


Verify your domain by adding the records to the domain’s DNS settings

In your domain’s DNS settings, create a new TXT record for the domain verification:

Then, create the three CNAME records for DKIM:

You will receive from Amazon two automatic e-mails at the same time when your DNS records will be detected as valid:

  • one e-mail for the verification record
  • another e-mail for the DKIM setup


Add the Sender Policy Framework (SPF) record to the domain’s DNS settings

SPF is a method for recipients to check your domain registry where you have authorized your host or your sending service to deliver e-mails on your behalf. In our case, we want to add Amazon SES as an allowed host. To do so, create a new TXT record with an empty name (to apply on the root domain name) with the following content:

v=spf1 include:amazonses.com ~all

Configure the MAIL FROM Domain

To avoid the mail from address appear with the amazonses.com domain name, it’s possible to use your own domain name instead. Actually, we will use a subdomain instead of the root domain: it will be easier to intercept a potential error message without editing the main MX record for the domain root.

Click on Set MAIL FROM Domain:

Then, type a dedicated subdomain; you can choose amazonses:

Amazon SES will now ask you to add these records in the domain’s DNS settings:

The first record is a MX record:

The MX record type is a bit special, you need to specify a priority like this:

And you also need to create a new TXT record for SPF on this subdomain:

You will receive an automatic e-mail from Amazon when your DNS records will be detected as valid.

Get your Credentials

We recommend to use Amazon API Keys instead of SMTP Credentials, but we detail the two options.

Get your Credentials : Amazon API Keys

From the IAM service, create a new user with Programmatic access and choose Attach existing policies directly:

Then search for the AmazonSESFullAccess policy and check it:

Amazon will generate the API Keys for this new user.


Get your Credentials : SMTP Credentials

This is the easiest way to get creadentials; go to the SMTP Settings from the SES service:


Raise the limit imposed by Amazon

When you are a new user at Amazon SES, you are placed in the Amazon SES sandbox. It means that there are some limits about the features of the service. For example, you can only send e-mails to verified domains… Great for testing, but not very useful for production!

To move out of the Amazon SES sandbox, see these instructions:


Use Amazon SES on your WordPress website

Once your domain name is verified, you have tested the service and move out of the Amazon SES sandbox, here some plugins to use Amazon SES on your own WordPress website:

  • WP SES: it’s our favorite. It redirects all outgoing WordPress e-mails through Amazon SES; you will need Amazon API Keys.
  • WP Mail SMTP: this famous plugin reconfigures the wp_mail() function to use the SMTP server you specify. In this case, you will need your Amazon SMTP Credentials.