# Using configuration sets in Amazon SES
Configuration sets are groups of rules that you can apply to your verified identities. A verified identity is a domain, subdomain, or email address you use to send email through Amazon SES. When you apply a configuration set to an email, all of the rules in that configuration set are applied to the email.
You can use configuration sets to apply the following types of rules to your email sending and can contain one, both, or neither of these types:
+ *Event destinations* – Allow you to publish email sending metrics, including the numbers of sends, deliveries, opens, clicks, bounces, and complaints to other AWS products for each email you send. For example, you can send your email metrics to an Amazon Data Firehose destination, and then analyze it using Amazon Managed Service for Apache Flink. Alternatively, you can send bounce and complaint information to Amazon SNS and receive notifications immediately when those events occur.
+ *IP pool management* – If you lease dedicated IP addresses to use with Amazon SES, you can create groups of these addresses called *dedicated IP pools* to be used for sending specific types of email. For example, you can associate these dedicated IP pools with configuration sets and use one for sending marketing communications, and another for sending transactional emails. Your sender reputation for transactional emails is then isolated from that of your marketing emails.
To associate a configuration set with a verified identity can be done in the following ways:
+ Include a reference to the configuration set in the headers of the email. For more information about specifying configuration sets in your emails, see [Specifying a configuration set when you send email](using-configuration-sets-in-email.md).
+ Specify an existing configuration set to be used as the identity's *default configuration set*, either at the time of identity creation, or later while editing a verified identity. See [Understanding default configuration sets](managing-configuration-sets.md#default-config-sets).
**Topics**
+ [
# Creating configuration sets in SES
](creating-configuration-sets.md)
+ [
# Managing configuration sets in Amazon SES
](managing-configuration-sets.md)
+ [
# Specifying a configuration set when you send email
](using-configuration-sets-in-email.md)
+ [
# Viewing and exporting reputation metrics
](configuration-sets-export-metrics.md)
# Creating configuration sets in SES
You can use the SES console, the `CreateConfigurationSet` action in the Amazon SES API v2, or the `aws sesv2 create-configuration-set` command in the Amazon SES CLI v2 to create a new configuration set. This section shows how to create configuration sets using the SES console and the Amazon SES CLI v2.
## Create a configuration set (console)
To create a configuration set using the SES console, follow these steps:
1. Sign in to the AWS Management Console and open the Amazon SES console at [https://console.aws.amazon.com/ses/](https://console.aws.amazon.com/ses/).
1. In the navigation pane, under **Configuration**, choose **Configuration sets**.
1. Choose **Create set**.
1. **General details** – This section provides options to customize your configuration set:
+ **Configuration set name** – The name for your configuration set. The name can contain up to 64 alphanumeric characters, including letters, numbers, hyphens (-) and underscores (\$1) only.
+ **Sending IP pool** – When you send email using this configuration set, messages are sent from the dedicated IP addresses in the assigned pool. Select an IP pool from the list.
**Note**
The **default** (ses-default-dedicated-pool) contains dedicated IP addresses that haven't been assigned to any other pool. To learn more about managing IP pools, see [Assign IP pools](managing-ip-pools.md).
+ **Tracking options**
+ **Use a custom redirect domain** – Select the check box to use a custom redirect domain to handle open and click tracking for email sent with this configuration set.
+ **Custom redirect domain** – Select a verified domain from the *Choose a verified domain* list to be your custom redirect domain. You can also enter a subdomain in the *Enter a subdomain* field.
**Note**
Custom redirect domains can be specified as follows:
You must first create and verify a custom redirect domain in the AWS Region you want to send and track email, as well as set up a Content Delivery Network (CDN). This is explained in [Configuring custom domains to handle open and click tracking](configure-custom-open-click-domains.md).
Then, to use your custom redirect domain for open and click tracking, you must indicate it while creating or editing your configuration set here in this step.
Finally, after specifying your custom redirect domain, **View DNS records** will appear in the configuration set's **General details** container. If you expand it, you'll see the CNAME record that contains the tracking domain being used in your AWS Region. For example, if your custom subdomain is called *marketing.example.com* and it was created in the AWS Region `us-east-1`, expanding **View DNS records** would reveal a CNAME record with the following values: **Name** = *marketing.example.com* and **Value** = *r.us-east-1.awstrack.me*.
You can use this information simply as a confirmation that you chose the correct tracking domain from the table when you set up your CDN as explained in [Configuring custom domains to handle open and click tracking](configure-custom-open-click-domains.md), or you can do this first, and use the CNAME record values from here to use in your CDN setup.
+ **HTTPS policy** – Select an HTTPS policy option for the protocol of the open and click tracking links for your custom redirect domain:
+ **Optional** – (Default behavior) Open tracking links will be wrapped using HTTP. Click tracking links will be wrapped using the original protocol of the link.
+ **Required** – Open and Click tracking links will both be wrapped using HTTPS.
+ **Required for opens** – Open tracking links will be wrapped using HTTPS. Click tracking links will be wrapped using the original protocol of the link.
+ **Advanced delivery options** – Choose the arrow on the left to expand the advanced delivery options section.
+ **Transport Layer Security (TLS)** – To require SES to establish a secure connection with the receiving mail server, and send emails using the TLS protocol, select the **Required** check box.
**Note**
SES supports TLS 1.2 and recommends TLS 1.3. To learn more, see [Infrastructure security in SES](infrastructure-security.md).
+ **Maximum delivery duration** – To specify a time limit for SES to attempt email delivery through this configuration set, enter a value in seconds ranging from 300 and up to 50,400.
**Note**
Setting a custom maximum delivery limit (shorter than the SES default of 14 hours), can be useful in such cases as time-sensitive emails (like those containing a one-time-password), transactional emails, and email that you want to ensure isn't delivered during non-business hours.
To calculate minutes to seconds, multiply by 60, e.g., 7 minutes \$1 60 = 420 seconds.
To calculate hours to seconds, multiply by 3600, e.g., 2 hours \$1 3600 = 7200 seconds.
1. **Reputation options** – This section provides for setting up reputation metrics:
+ **Reputation metrics** – Used to track bounce and complaint metrics in CloudWatch for emails sent using this configuration set. *(Additional charges apply, see [Price per metric for CloudWatch](event-publishing-add-event-destination-cloudwatch.md#cw-add-pricing).)*
+ **Enabled** – Select this check box to enable reputation metrics for the configuration set.
1. **Suppression list options** – This section provides a decision set to define customized suppression starting with the option to use this configuration set to override your account-level suppression. The [configuration set-level suppression logic map](sending-email-suppression-list-config-level.md) will help you understand the effects of the override combinations. These multitiered selections of overrides can be combined to implement three different levels of suppression:
1. **Use account-level suppression:** Do not override your account-level suppression and do not implement any configuration set-level suppression - basically, any email sent using this configuration set will just use your account-level suppression. To do this:
1. In **Suppression list settings**, uncheck the **Override account level settings** box.
1. **Do not use any suppression:** Override your account-level suppression without enabling any configuration set-level suppression - this means any email sent using this configuration set will not use any of your account-level suppression; in other words, all suppression is cancelled. To do this:
1. In **Suppression list settings**, check the **Override account level settings** box.
1. In **Suppression list**, uncheck the **Enabled** box.
1. **Use configuration set-level suppression:** Override your account-level suppression with custom suppression list settings defined in this configuration set - this means any email sent using this configuration set will only use its own suppression settings and ignore any account-level suppression settings. To do this:
1. In **Suppression list settings**, check the **Override account level settings** box.
1. In **Suppression list**, check **Enabled**.
1. In **Specify the reason(s)...**, select one of the suppression reasons for this configuration set to use.
1. **Virtual Deliverability Manager options** – This section will only be present if you have Virtual Deliverability Manager features enabled. Here, you can define custom settings for how this configuration set will use engagement tracking and optimized shared delivery by overriding how they’ve been defined in your Virtual Deliverability Manager settings at the account level:
1. To disable both engagement tracking and optimized shared delivery for this configuration set:
1. Check the **Override account level settings** box.
1. Ensure **Enabled** is unchecked for both *Engagement tracking* and *Optimized shared delivery*, then choose **Save changes**.
1. To enable or disable either, or both, engagement tracking and optimized shared delivery for this configuration set:
1. Check the **Override account level settings** box.
1. Check or uncheck **Enabled** for either or both *Engagement tracking* and *Optimized shared delivery*, then choose **Save changes**.
1. To revert back to your Virtual Deliverability Manager account level settings for engagement tracking and optimized shared delivery for this configuration set:
1. Uncheck the **Override account level settings** box, then choose **Save changes**.
1. **Archiving options** – This section provides the option to archive email sent from this configuration set:
1. Select the **Enabled** check box.
1. Click inside the **Archive** field and select an archive from the list followed by **Save changes**, or choose **Create archive** and continue with the remaining steps.
1. Enter a unique name in the **Archive name** field.
1. (Optional) Select a retention period in the **Retention period** field to override the default retention period of 180 days.
1. (Optional) You can encrypt your archive either by entering your own AWS KMS key into the **KMS key ARN** field, or by selecting **Create an AWS KMS key**.
1. Choose **Create archive**.
1. **Tags** – In this section, you can optionally add one or more tags to your configuration set:
1. Choose **Add new tag**.
1. Enter the tag **Key**.
1. Enter the tag **Value** (optional).
To remove a tag you've entered, choose **Remove** for that tag. You can enter a maximum of 50 tags.
1. Choose **Create set** to create your configuration set.
Now that you’ve created your configuration set, you have the option to define event destinations for your configuration set which enables event publishing that is triggered on the event types you specify for the event destination. A configuration set can have multiple event destinations with multiple event types defined. See [Creating Amazon SES event destinations](event-destinations-manage.md).
## Create a configuration set (AWS CLI)
You can create a configuration set using a JSON file as input to the `aws sesv2 create-configuration-set` command in the AWS CLI.
1.
**Create a CLI input JSON file**
Use your favorite file editing tool to create a JSON file with the following keys, plus values that are valid for your environment, or use the SES API v2 `aws sesv2 create-configuration-set` command with the `--generate-cli-skeleton` option with no value specified to print a sample JSON structure to standard output.
This example uses a file named `create-configuration-set.json`:
```
{
"ConfigurationSetName": "sample-configuration-set",
"TrackingOptions": {
"CustomRedirectDomain": "some.domain.com",
"HttpsPolicy": "REQUIRE"
},
"DeliveryOptions": {
"TlsPolicy": "REQUIRE",
"SendingPoolName": "sending pool",
"MaxDeliverySeconds": 300
},
"ReputationOptions": {
"ReputationMetricsEnabled": true,
"LastFreshStart": timestamp
},
"SendingOptions": {
"SendingEnabled": true
},
"Tags": [
{
"Key": "tag key",
"Value": "tag value"
}
],
"SuppressionOptions": {
"SuppressedReasons": ["BOUNCE","COMPLAINT"]
},
"ArchivingOptions": {
"ArchiveArn": "arn:aws:ses:us-east-1:123456789012:mailmanager-archive/MyArchiveID"
}
}
```
**Note**
You must include the `file://` notation at the beginning of the JSON file path.
The path for the JSON file should follow the appropriate convention for the base operating system where you are running the command. For example, Windows uses the backslash (\$1) to refer to the directory path, and Linux uses the forward slash (/).
1. Run the following command, using the file you created as input.
```
aws sesv2 create-configuration-set --cli-input-json file://create-configuration-set.json
```
**Note**
To review the AWS CLI reference for this command, see [create-configuration-set](https://docs.aws.amazon.com/cli/latest/reference/sesv2/create-configuration-set.html).
# Managing configuration sets in Amazon SES
After creating a configuration set, you can manage it with the view, edit, and delete options using the SES console, the Amazon SES API v2, and the Amazon SES CLI v2. Configuration sets can also be assigned to a verified identity as its default configuration set that is applied every time email is sent from the identity.
**Topics**
+ [
## View, edit, & delete configuration set (console)
](#console-detail-configuration-sets)
+ [
## List configuration sets (AWS CLI)
](#cli-list-configuration-sets)
+ [
## Get configuration set details (AWS CLI)
](#cli-get-configuration-set)
+ [
## Delete a configuration set (AWS CLI)
](#cli-delete-configuration-set)
+ [
## Stop sending email from a configuration set (AWS CLI)
](#cli-configuration-set-stop-sending)
+ [
## Understanding default configuration sets
](#default-config-sets)
+ [
# Creating Amazon SES event destinations
](event-destinations-manage.md)
+ [
# Assigning IP pools in Amazon SES
](managing-ip-pools.md)
+ [
# Configuring custom domains to handle open and click tracking
](configure-custom-open-click-domains.md)
## View, edit, & delete configuration set (console)
**Access an existing configuration set's detail page**
1. Sign in to the AWS Management Console and open the Amazon SES console at [https://console.aws.amazon.com/ses/](https://console.aws.amazon.com/ses/).
1. In the navigation pane, under **Configuration**, choose **Configuration sets**.
1. Select a **Name** from the configuration set list to open its details page in the **Overview** tab where you can view, edit, or disable the options you've selected. The same can be done for **Events destination** options by selecting its tab. For more information about each option and their fields, see the related section in [Create a configuration set (console)](creating-configuration-sets.md#config-sets-create-console).
1. At the top of each configuration set's details page, visible from either the **Overview** or **Events destination** tab, are the following options:
+ **Delete** – this button will delete your configuration set.
+ **Disable sending** – this button will stop sending emails from your configuration set.
## List configuration sets (AWS CLI)
You can use the **list-configuration-sets** command in the AWS CLI to generate a list of all the configuration sets associated with your account in the current Region, as follows:
```
aws sesv2 list-configuration-sets
```
## Get configuration set details (AWS CLI)
You can use the **get-configuration-set** command in the AWS CLI to get details for a specific configuration set, as follows:
```
aws sesv2 get-configuration-set --configuration-set-name name
```
## Delete a configuration set (AWS CLI)
You can use the **delete-configuration-set** command in the AWS CLI to delete a specific configuration set, as follows:
```
aws sesv2 delete-configuration-set --configuration-set-name name
```
## Stop sending email from a configuration set (AWS CLI)
You can use the **put-configuration-set-sending-options** command in the AWS CLI to stop sending email from a specific configuration set, as follows:
```
aws sesv2 put-configuration-set-sending-options --configuration-set-name name --no-sending-enabled
```
To start sending again, run the same command with the `--sending-enabled` option instead, as follows:
```
aws sesv2 put-configuration-set-sending-options --configuration-set-name name --sending-enabled
```
## Understanding default configuration sets
The concept of assigning a configuration set as the default to be used by a verified identity is explained in this section to help understand the benefits and use case.
A default configuration set automatically applies its rules to all messages that you send from the email identity associated with that configuration set. You can apply default configuration sets to both email address and domain identities during the creation of the identity or after the fact as an edit function of an existing identity.
**Default configuration set considerations**
+ The configuration set must be created first before associating it with an identity.
+ Default configuration sets will only be applied if the identity is verified.
+ An email identity can be associated with only one configuration set at a time. However, you can apply the same configuration set to multiple identities.
+ A default configuration set at the email address level overrides a default configuration set at the domain level. For example, a default configuration set associated with *joe@example.com* overrides the configuration set for the domain of *example.com*.
+ A default configuration set at the domain level applies to all email addresses for that domain (unless you verify specific addresses for the domain).
+ If you delete a configuration set that's designated as the default configuration set for an identity, and then attempt to send email through that identity, your call to Amazon SES fails with a "bad request" error.
+ A default configuration set cannot be assigned to a verified identity that's being used by a [delegate sender](sending-authorization-overview.md).
+ How to specify an existing configuration set to be used as the identity's default configuration set is actually a function of verified identities, so instructions are given in the identity workflows accordingly:
+ **Specify a default configuration set during identity creation** – follow the instructions given in the optional Step 6 for either [Domain identity default configuration set](creating-identities.md#verified-domain-identity-default-config-set) or [Email identity default configuration set](creating-identities.md#verified-email-identity-default-config-set) located in the [Creating and verifying identities in Amazon SES](creating-identities.md) chapter.
+ **Specify a default configuration set for an existing identity** – follow the steps in [Edit an identity using the console](edit-verified-domain.md) along with these details for Step 5:
1. Choose the **Configuration set** tab.
1. Choose **Edit** in the **Default configuration set** container.
1. Select the list box and choose an existing configuration set to be used as the default.
1. Continue with the remaining steps in [Edit an identity using the console](edit-verified-domain.md).
**Note**
If the configuration set you assign as a default has reputation metrics enabled, additional charges will be incurred for any mail sent using the default configuration set, see [Price per metric for CloudWatch](event-publishing-add-event-destination-cloudwatch.md#cw-add-pricing).
# Creating Amazon SES event destinations
Event destinations allow you to publish the following outgoing email tracking actions to other AWS services for monitoring:
+ Sends
+ Rendering failures
+ Rejects
+ Deliveries
+ Hard bounces
+ Complaints
+ Delivery delays
+ Subscriptions
+ Opens
+ Clicks
To learn more about setting up event publishing, see [Monitor email sending using Amazon SES event publishing](monitor-using-event-publishing.md).
## Creating an event destination
After you’ve created a configuration set, you have the option to create event destinations for your configuration set which enables event publishing that is triggered on the event types you specify for the event destination. A configuration set can have multiple event destinations with multiple event types defined.
If you haven't created a configuration set, see [Creating configuration sets in SES](creating-configuration-sets.md).
The following steps show how to create or add an event destination to a configuration set.
**To create or add and event destination using the SES console:**
1. Sign in to the AWS Management Console and open the Amazon SES console at [https://console.aws.amazon.com/ses/](https://console.aws.amazon.com/ses/).
1. In the navigation pane, under **Configuration**, choose **Configuration sets**.
1. Choose a configuration set's name from the **Name** column to access its details.
1. Select the **Event destinations** tab.
1. Choose **Add destination**.
1.
**Select event types**
Email sending events are metrics relating to your sending activity that you can measure using Amazon SES. In this step, you select which types of email sending events you would like Amazon SES to publish to your event destination.
To learn more about event types, see [Monitoring your Amazon SES sending activity](monitor-sending-activity.md).
1. Choose **Event types** to publish
+ **Sending and delivery** – to choose event types to publish, select their respective check boxes, or choose **Select all** to publish all of the event types.
**Event types**
+ **Sends** – the send request was successful and Amazon SES will attempt to deliver the message to the recipient’s mail server.
+ **Rendering failures** – the email wasn't sent because of a template rendering issue. This event type can occur when template data is missing, or when there is a mismatch between template parameters and data. (This event type only occurs when you send email using the [https://docs.aws.amazon.com/ses/latest/APIReference/API_SendTemplatedEmail.html](https://docs.aws.amazon.com/ses/latest/APIReference/API_SendTemplatedEmail.html) or [https://docs.aws.amazon.com/ses/latest/APIReference/API_SendBulkTemplatedEmail.html](https://docs.aws.amazon.com/ses/latest/APIReference/API_SendBulkTemplatedEmail.html) API operations.)
+ **Rejects** – Amazon SES accepted the email, but determined that it contained a virus and didn’t attempt to deliver it to the recipient’s mail server.
+ **Deliveries** – Amazon SES successfully delivered the email to the recipient's mail server.
+ **Hard bounces** – the recipient's mail server permanently rejected the email. (*Soft bounces* are only included when Amazon SES fails to deliver the email after retrying for a period of time.)
+ **Complaints** – the email was successfully delivered to the recipient’s mail server, but the recipient marked it as spam.
+ **Delivery delays** – the email couldn't be delivered to the recipient’s mail server because a temporary issue occurred. Delivery delays can occur, for example, when the recipient's inbox is full, or when the receiving email server experiences a transient issue. *(This event type not supported by Amazon Pinpoint.)*
+ **Subscriptions** – the email was successfully delivered, but the recipient updated the subscription preferences by clicking `List-Unsubscribe` in the email header or the `Unsubscribe` link in the footer. *(This event type not supported by Amazon Pinpoint.)*
+ **Open and click tracking** – to measure subscriber engagement, choose one or both of the check boxes to track **Opens** and **Clicks**.
+ **Opens** – the recipient received the message and opened it in their email client.
+ **Clicks** – the recipient clicked one or more links in the email.
**Note**
*Open and click event publishing* defined here, or in any other configuration set, does not affect engagement tracking options for Virtual Deliverability Manager dashboard; these are defined through either [Virtual Deliverability Manager's account settings](vdm-settings.md#vdm-settings-console) or configuration set overrides. For example, if you have engagement tracking disabled through Virtual Deliverability Manager, it will not disable the open and click event publishing you have set up here in SES event destinations.
+ **Configuration set redirect domain** – this field will appear and be prepopulated with the name of the custom redirect domain if you assigned one when creating the configuration set.
**Note**
You can update the **Custom redirect domain** in the configuration set for open and click tracking under that domain—see [Tracking options](creating-configuration-sets.md#create-config-set-step-4) in Step 4 of [Create configuration sets](creating-configuration-sets.md). For more information about configuring custom open and click domains see [Configuring custom domains to handle open and click tracking](configure-custom-open-click-domains.md).
1. Choose **Next** to continue.
1.
**Specify destination**
An event destination is an AWS service to which email sending events can be published. Choosing the appropriate destination depends on the level of detail you want to capture and how you want to receive the data.
1.
**Destination options**
+ **Destination type** – when you select the radio button next to the AWS service to publish your events to, a details panel will appear with fields respective to the service. Selecting the links below will give instructions about the service's detail panel:
+ [Amazon CloudWatch](event-publishing-add-event-destination-cloudwatch.md) *(Additional charges apply, see [Price per metric for CloudWatch](event-publishing-add-event-destination-cloudwatch.md#cw-add-pricing).)*
+ [Amazon Data Firehose](event-publishing-add-event-destination-firehose.md)
+ [Amazon EventBridge](event-publishing-add-event-destination-eventbridge.md)
+ [Amazon Pinpoint](event-publishing-add-event-destination-pinpoint.md) *(Does not support **Delivery delays** or **Subscriptions** event types.)*
+ [Amazon SNS](event-publishing-add-event-destination-sns.md)
To learn more about using the event publishing model to monitor your email operation, see [Monitor email sending using Amazon SES event publishing](monitor-using-event-publishing.md).
+ **Name** – enter the name of the destination for this configuration set. The name can include letters, numbers, dashes, and hyphens.
+ **Event publishing** – to turn on event publishing for this destination, select the **Enabled** check box.
1. Choose **Next** to continue.
1.
**Review**
When you are satisfied that your entries are correct, choose **Add destination** to add your event destination.
You can also create an event destination using the Amazon SES console, the Amazon SES API v2, or the Amazon SES CLI v2.
**To create an event destination using the SES API:**
+ For creating an event destination using the SES API, see [https://docs.aws.amazon.com/ses/latest/APIReference/API_CreateConfigurationSetEventDestination.html](https://docs.aws.amazon.com/ses/latest/APIReference/API_CreateConfigurationSetEventDestination.html).
## Editing, disabling/enabling, or deleting an event destination
Follow these steps to edit, disable/enable, or delete an event destination using the SES console:
**To edit, disable/enable, or delete an event destination using the SES console:**
1. Sign in to the AWS Management Console and open the Amazon SES console at [https://console.aws.amazon.com/ses/](https://console.aws.amazon.com/ses/).
1. In the navigation pane, under **Configuration**, choose **Configuration sets**.
1. Choose a configuration set's name from the **Name** column to access its details.
1. Select the configuration set's **Event destinations** tab.
1. Select the event destination's name under the **Name** column.
1.
+ **To edit** – Choose the **Edit** button on the respective panel for the set of fields you want to edit and make your changes followed by **Save changes**.
+ **To disable or enable** – Choose the button that's either labeled **Disable** or **Enable** in the upper-right corner.
+ **To delete** – Choose the **Delete** button in the upper-right corner.
You can also edit, disable/enable, or delete an event destination using the Amazon SES console, the Amazon SES API v2, or the Amazon SES CLI v2.
**To edit, disable/enable, or delete an event destination using the SES API:**
1. For disabling/enabling an event destination using the SES API, see [https://docs.aws.amazon.com/ses/latest/APIReference/API_UpdateConfigurationSetEventDestination.html](https://docs.aws.amazon.com/ses/latest/APIReference/API_UpdateConfigurationSetEventDestination.html).
1. For deleting an event destination using the SES API, see [https://docs.aws.amazon.com/ses/latest/APIReference/API_DeleteConfigurationSetEventDestination.html](https://docs.aws.amazon.com/ses/latest/APIReference/API_DeleteConfigurationSetEventDestination.html).
# Assigning IP pools in Amazon SES
You can use IP pools to create groups of dedicated IP addresses for sending specific types of email. You can also use a pool of IP addresses that are shared by all Amazon SES customers.
When assigning an IP pool to a configuration set, you can choose from the following options:
+ *A specific dedicated IP pool* – When you select an existing dedicated IP pool, emails that use the configuration set are sent using only the dedicated IP addresses that belong to that pool. For procedures on how to create:
+ new *standard* IP pools, see [Creating standard dedicated IP pools for dedicated IPs (standard)](dedicated-ip-pools.md).
+ new *managed* IP pools, see [Creating a managed IP pool to enable dedicated IPs (managed)](managed-dedicated-sending.md#dedicated-ip-pools-mds).
+ **ses-default-dedicated-pool** – This pool contains all of the dedicated IP addresses for your account that do not already belong to an IP pool. If you send an email using a configuration set that is not associated with a pool, or if you send an email without specifying a configuration set at all, the email is sent from one of the addresses in this default pool. This pool is automatically managed by SES and cannot be edited.
+ **ses-shared-pool** – This pool contains a large set of IP addresses that are shared among all Amazon SES customers. This option may be useful when you need to send email that doesn't align with your usual sending behaviors.
## Assigning an IP pool to a configuration set
This section references the procedures for assigning and modifying IP pools in a configuration set using the Amazon SES console.
+ **To assign an IP pool to a configuration set using the console**...
+ **while creating a new configuration set** – see [Sending IP pool](creating-configuration-sets.md#create-config-set-step-4) in Step 4 of [Create configuration sets](creating-configuration-sets.md)
+ **while modifying an existing configuration set** – select the **Edit** button in the **General details** panel of the selected configuration set, and follow the directions for [Sending IP pool](creating-configuration-sets.md#create-config-set-step-4) in Step 4 of [Create configuration sets](creating-configuration-sets.md)
# Configuring custom domains to handle open and click tracking
When you use [event publishing](monitor-using-event-publishing.md) to capture open and click events, Amazon SES makes minor changes to the emails you send. To capture open events, SES adds a 1 pixel by 1 pixel transparent GIF image in each email sent through SES which includes a unique file name for each email, and is hosted on a server operated by SES; when the image is downloaded, SES can tell exactly which message was opened and by whom.
By default, this pixel is inserted at the bottom of the email; however, some email providers’ applications truncate the preview of an email when it exceeds a certain size and may provide a link to view the remainder of the message. In this scenario, the SES pixel tracking image does not load and will throw off the open rates you’re trying to track. To get around this, you can optionally place the pixel at the beginning of the email, or anywhere else, by inserting the `{{ses:openTracker}}` placeholder into the email body. Once SES receives the message with the placeholder, it will be replaced with open tracking pixel image.
**Important**
Any `{{ses:openTracker}}` placeholders in excess of one will be removed at sending by SES.
Only add one `{{ses:openTracker}}` placeholder if you're using them in an email template, as more than one will result in a `400 BadRequestException` error code being returned.
To capture link click events, SES replaces the links in your emails with links to a server operated by SES. This immediately redirects the recipient to his or her intended destination. The total size of headers, including cookies, of requests made to this server must not exceed 8192 bytes, else a `400 BadRequestException` error code is returned.
You also have the option to use your own domains, rather than domains owned and operated by SES, to create a more cohesive experience for your recipients, meaning all SES indicators are removed. You can configure multiple custom domains to handle open and click tracking events. These custom domains are associated with configuration sets. When you send an email using a configuration set, if that configuration set is configured to use a custom domain, then the open and click links in that email automatically use the custom domain specified in that configuration set.
This section contains procedures for setting up a subdomain on a server you own to automatically redirect users to the open and click tracking servers operated by SES. There are three steps involved in setting up these domains. First, you configure the subdomain itself, then set a configuration set to use the custom domain, and then set its event destination to publish open and click events. This topic contains procedures for completing all of these steps.
However, if you simply want to enable open or click tracking without setting up a custom domain, you can proceed directly to defining event destinations for your configuration set which enables event publishing that is triggered on the event types you specify, including open and click events. A configuration set can have multiple event destinations with multiple event types defined. See [Creating Amazon SES event destinations](event-destinations-manage.md).
## Part 1: Setting up a domain for handling open and click link redirects
The specific procedures for setting up a redirect domain vary depending on your web hosting provider (and your Content Delivery Network, if you use an HTTPS server). The procedures in the following sections provide general guidance rather than specific steps.
### Option 1: Configuring an HTTP domain
If you plan to use an HTTP domain to handle open and click links (as opposed to an HTTPS domain), the process for configuring the subdomain involves only a few steps.
**Note**
If you set up a custom domain that uses the HTTP protocol, and you send an email that contains links that use the HTTPS protocol, your customers may see a warning message when they click the links in your email. If you plan to send emails that contain links that use the HTTPS protocol, you should use an HTTPS domain for handling click tracking events.
**To set up an HTTP subdomain for handling open and click links**
1. Create a subdomain to use for open and click tracking links. SES recommends that this subdomain is specifically dedicated to handling these links, and that a subdomain is created for each AWS Region you send email in that you want to track.
1. Verify the subdomain for use with SES. For more information, see [Creating a domain identity](creating-identities.md#verify-domain-procedure).
1. Add a new CNAME record to your subdomain’s DNS settings that redirects requests to the SES tracking domain. The address that you redirect to must be the in the same AWS Region as your custom subdomain.
+ Use the [Tracking domains table](https://docs.aws.amazon.com/general/latest/gr/ses.html#ses_tracking_domains) in the AWS General Reference to select the tracking domain that's in the same region as your custom domain.
**Note**
Depending on your web hosting provider, it may take several minutes for the changes you make to the subdomain's DNS record to take effect. Your web hosting provider or IT organization can provide additional information about these delays.
### Option 2: Configuring an HTTPS domain
You can also use an HTTPS domain for tracking open and link clicks. To set up an HTTPS domain for tracking open and link clicks, you have to perform some additional steps, beyond those required for [setting up an HTTP domain](#configure-custom-open-click-domain-http).
**To set up an HTTPS subdomain for handling open and click links**
1. Create a subdomain to use for open and click tracking links. SES recommends that this subdomain is specifically dedicated to handling these links, and that a subdomain is created for each AWS Region you send email in that you want to track.
1. Verify the subdomain for use with SES. For more information, see [Creating a domain identity](creating-identities.md#verify-domain-procedure).
1. Create a new account with a Content Delivery Network (CDN), such as [Amazon CloudFront](https://aws.amazon.com/cloudfront), see [Get started with a basic CloudFront distribution](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/GettingStarted.SimpleDistribution.html).
1. Configure the CDN to the origin which is the SES tracking domain, such as `r.us-east-1.awstrack.me` for example. The CDN must point to the AWS tracking domain that's in the same region as your custom domain. The CDN must pass the `Host` header supplied by the requester to the origin, see this [AWS re:Post article](https://repost.aws/knowledge-center/configure-cloudfront-to-forward-headers) for more information.
+ Use the [Tracking domains table](https://docs.aws.amazon.com/general/latest/gr/ses.html#ses_tracking_domains) in the AWS General Reference to select the tracking domain that's in the same region as your custom domain.
1. If you use Route 53 to manage the DNS configuration for your domain and CloudFront as your CDN, create an Alias record in Route 53 that refers to your CloudFront distribution (such as *d111111abcdef8.cloudfront.net*). For more information, see [Creating Records by Using the Amazon Route 53 Console](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/resource-record-sets-creating.html) in the *Amazon Route 53 Developer Guide*.
Otherwise, in the DNS configuration for your subdomain, add a CNAME record that refers to the address of your CDN.
1. Acquire an SSL certificate from a trusted Certificate Authority. The certificate should cover both the subdomain you created in step 1 as well as the CDN you configured in steps 3–5. Upload the certificate to the CDN.
1. You can use the following curl command to validate that your newly created custom domain is using the correct region and HTTPS protocol. In the following example, everything is a literal except for the name of your domain:
```
curl --head https://custom.domain.com/favicon.ico
```
A response is returned as in the following example:
```
(python-sdk-test) jdoe@12a34567b89c BaconRedirectService % curl --head https://custom.domain.com/favicon.ico
HTTPS/1.1 200 OK
x-amz-ses-region: us-east-1
x-amz-ses-request-protocol: https
Content-Type: image/x-icon
Transfer-Encoding: chunked
Date: Fri, 30 Aug 2024 13:50:14 GMT
```
This response contains the following properties:
+ The `x-amz-ses-region` header value is the SES region which received the request.
+ The `x-amz-ses-request-protocol` header value is the protocol used for the request between the CDN and SES in the header.
If your setup is correct, the region should reflect the region your domain was created in and the protocol should be HTTPS.
## Part 2: Specifying your custom redirect domain and HTTPS policy through a configuration set
After you configure your domain to handle open and click tracking redirects, you must specify your custom domain and HTTPS policy in a configuration set.
When you send an email using a configuration set, if that configuration set is configured to use a custom redirect domain, the open and click links in that email automatically use the custom domain and HTTPS policy options specified in the configuration set.
You can complete this using the SES console or the [https://docs.aws.amazon.com/ses/latest/APIReference-V2/API_CreateConfigurationSet.html](https://docs.aws.amazon.com/ses/latest/APIReference-V2/API_CreateConfigurationSet.html) v2 API operation.
**To specify a custom redirect domain and HTTPS policy using the console**
+ While creating or editing a configuration set, use the [Tracking options](creating-configuration-sets.md#create-config-set-step-4) in Step 4 of [Create configuration sets](creating-configuration-sets.md) to specify your custom redirect domain and HTTPS policy options.
**To specify a custom redirect domain and HTTPS policy using the AWS CLI**
You can use the [https://docs.aws.amazon.com/ses/latest/APIReference-V2/API_CreateConfigurationSet.html](https://docs.aws.amazon.com/ses/latest/APIReference-V2/API_CreateConfigurationSet.html) operation in the SES API v2 and use the `TrackingOptions` property to specify your custom redirect domain and the HTTPS policy. You can call this operation from the AWS CLI as shown in the following example.
+ Create the configuration set in the AWS Region where you want to send and track email:
```
aws sesv2 create-configuration-set --cli-input-json file://create.json
```
+ In this example, the input file is using parameters of the [https://docs.aws.amazon.com/ses/latest/APIReference-V2/API_TrackingOptions.html](https://docs.aws.amazon.com/ses/latest/APIReference-V2/API_TrackingOptions.html) property—`CustomRedirectDomain` specifies the custom domain to use for tracking open and click links, and `HttpsPolicy` specifies an HTTPS policy option:
```
{
"ConfigurationSetName": "my-config-set",
"TrackingOptions": {
"CustomRedirectDomain": "marketing.example.com",
"HttpsPolicy": "REQUIRE"
},
"SendingOptions": {
"SendingEnabled": true
}
}
```
For the `HttpsPolicy` parameter, the following values can be specified to set the protocol of the open and click tracking links for your custom redirect domain:
+ `OPTIONAL` – (Default behavior) Open tracking links will be wrapped using HTTP. Click tracking links will be wrapped using the original protocol of the link.
+ `REQUIRE` – Open and Click tracking links will both be wrapped using HTTPS.
+ `REQUIRE_OPEN_ONLY` – Open tracking links will be wrapped using HTTPS. Click tracking links will be wrapped using the original protocol of the link.
## Part 3: Specifying open and click event types through a configuration set
After specifying your custom domain and HTTPS policy in the configuration set in the previous step, you must specify open and/or click event types to track in an event destination through a configuration set.
You can complete this using the SES console or the [https://docs.aws.amazon.com/ses/latest/APIReference-V2/API_CreateConfigurationSetEventDestination.html](https://docs.aws.amazon.com/ses/latest/APIReference-V2/API_CreateConfigurationSetEventDestination.html) v2 API operation.
**To select open and/or click event types using the console**
+ While creating or modifying an event destination, use [Open and click tracking](event-destinations-manage.md#select-event-types-step) in Step 6 of [Creating an event destination](event-destinations-manage.md#event-destination-add) to specify the event types.
# Specifying a configuration set when you send email
To use a configuration set when sending an email, you must pass the name of the configuration set in the headers of the email. All of the Amazon SES email sending methods—including the [AWS CLI](https://aws.amazon.com/cli), the [AWS SDKs](https://aws.amazon.com/tools/#sdk), and the [Amazon SES SMTP interface](send-email-smtp.md)—allow you to pass a configuration set in the headers of the email you send.
If you are using the [SMTP interface](send-email-smtp.md) or the [`SendRawEmail` API operation](/ses/latest/APIReference/API_SendRawEmail.html), you can specify a configuration set by including the following header in your email (replacing `ConfigSet` with the name of the configuration set you want to use):
```
X-SES-CONFIGURATION-SET: ConfigSet
```
This guide includes code examples for sending email using the AWS SDKs and the Amazon SES SMTP interface. Each of these examples includes a method of specifying a configuration set. To see step-by-step procedures for sending emails that include references to configuration sets, see the following:
+ [Sending email through Amazon SES using an AWS SDK](send-an-email-using-sdk-programmatically.md)
+ [Using the Amazon SES SMTP interface to send email](send-email-smtp.md)
# Viewing and exporting reputation metrics
Amazon SES automatically exports information about the overall bounce and complaint rates for your entire account to Amazon CloudWatch. You can use these metrics to create alarms in CloudWatch, or to automatically pause email sending using a Lambda function.
You can also export reputation metrics for individual configuration sets to CloudWatch. Exporting reputation data at the configuration set level gives you more control over your sender reputation.
This section includes procedures for exporting reputation data for individual configuration sets to CloudWatch by using the Amazon SES API.
## Enabling the export of reputation metrics
To start exporting reputation metrics for a configuration set, use the `UpdateConfigurationSetReputationMetricsEnabled` API operation. To access the Amazon SES API, we recommend using the AWS CLI or one of the AWS SDKs.
This procedure assumes that the AWS CLI is installed on your computer and properly configured. For more information about installing and configuring the AWS CLI, see the [AWS Command Line Interface User Guide](https://docs.aws.amazon.com/cli/latest/userguide/cli-chap-welcome.html).
**To enable the exporting of reputation metrics for a configuration set**
+ At the command line, type the following command:
```
aws ses update-configuration-set-reputation-metrics-enabled --configuration-set-name ConfigSet --enabled
```
Replace *ConfigSet* in the preceding command with the name of the configuration set for which you want to start exporting reputation metrics.
## Disabling the export of reputation metrics
You can also use the `UpdateConfigurationSetReputationMetricsEnabled` API operation to disable the exporting of reputation metrics for a configuration set.
**To disable the exporting of reputation metrics for a configuration set**
+ At the command line, type the following command:
```
aws ses update-configuration-set-reputation-metrics-enabled --configuration-set-name ConfigSet --no-enabled
```
Replace *ConfigSet* in the preceding command with the name of the configuration set for which you want to disable the exporting of reputation metrics.