SES Mail Runbook
AWS Simple Email Service handling all transactional and platform email for the verified thephenom.app domain.
Source:
asset-registry.yaml; host: email.us-east-1.amazonaws.com; SES type; thephenom.app domain verified
C2PA signed · SanMarcSoft AI content credential
What it is
AWS SES (email.us-east-1.amazonaws.com) is the email delivery infrastructure for the Phenom platform. It handles all outbound transactional email (user registration, notifications, password reset) sent from @thephenom.app addresses. The domain thephenom.app is verified in SES. NEST, the API, and the webmail service all use SES for outbound delivery.
Deployment chain
| Layer | Value |
|---|---|
| Endpoint | email.us-east-1.amazonaws.com |
| Region | us-east-1 |
| AWS profile | phenom |
| Verified domain | thephenom.app |
| Sending identity | no-reply@thephenom.app (or similar) |
| SMTP endpoint | email-smtp.us-east-1.amazonaws.com:587 (STARTTLS) |
| DNS records | DKIM CNAME records, SPF TXT record, DMARC TXT record |
Common operations
Check SES sending quota and stats
aws ses get-send-quota \
--profile phenom \
--region us-east-1
# Returns: Max24HourSend, MaxSendRate, SentLast24Hours
aws ses get-send-statistics \
--profile phenom \
--region us-east-1 \
--query 'SendDataPoints[-5:]'
Send a test email via AWS CLI
aws ses send-email \
--from "no-reply@thephenom.app" \
--to "sanmarcsoft@applepublic.com" \
--subject "SES Test - $(date)" \
--text "This is a test email from SES to verify thephenom.app sending." \
--profile phenom \
--region us-east-1
Check domain verification status
aws ses get-identity-verification-attributes \
--identities thephenom.app \
--profile phenom \
--region us-east-1
# Expected: "VerificationStatus": "Success"
Check DKIM status
aws ses get-identity-dkim-attributes \
--identities thephenom.app \
--profile phenom \
--region us-east-1
# Expected: "DkimEnabled": true, "DkimVerificationStatus": "Success"
Check if account is in sandbox
aws ses get-account-sending-enabled \
--profile phenom \
--region us-east-1
# Expected: true (sending enabled)
# If in sandbox, only verified addresses can receive email. Request production access via console.
List SMTP credentials (for services using SMTP)
# SMTP credentials are IAM user access keys with ses:SendRawEmail permission.
# List IAM users with SES access:
aws iam list-users \
--profile phenom \
--query 'Users[?contains(UserName,`ses`)].UserName'
View SES sending events (CloudWatch)
aws cloudwatch get-metric-statistics \
--namespace AWS/SES \
--metric-name Send \
--start-time "$(date -u -d '24 hours ago' +%Y-%m-%dT%H:%M:%SZ)" \
--end-time "$(date -u +%Y-%m-%dT%H:%M:%SZ)" \
--period 3600 \
--statistics Sum \
--profile phenom \
--region us-east-1
Verify it is working
# Check domain is verified and quota is available:
aws ses get-send-quota \
--profile phenom \
--region us-east-1
# Expected: SentLast24Hours < Max24HourSend
# Send a live test:
aws ses send-email \
--from "no-reply@thephenom.app" \
--to "sanmarcsoft@applepublic.com" \
--subject "SES healthcheck $(date)" \
--text "SES healthcheck OK" \
--profile phenom \
--region us-east-1
# Expected: message ID returned (no error)
Common failure modes
| Symptom | Likely cause | Remediation |
|---|---|---|
| Emails not delivered | SES account still in sandbox | Request production access in SES console |
| Bounces or complaints spike | Sending to invalid or unsubscribed addresses | Review bounce/complaint notifications in SES; clean mailing list |
| DKIM verification failed | CNAME records missing or propagating | Re-add DKIM CNAME records in Cloudflare; wait for DNS propagation |
| Sending quota hit | 24-hour send limit reached | Request quota increase in SES console; review sending patterns |
| SMTP auth failure from service | SMTP credentials rotated or wrong | Regenerate SMTP credentials from IAM; update service env vars |
| Emails going to spam | SPF/DKIM/DMARC misconfigured | Verify all three DNS records in Cloudflare; run mail tester |
Related
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.