Recently several Blumetech clients needed an SMTP relay server. In most cases a new application was installed and that application supported sending e-mails for alerts, reporting, etc. In order to send the e-mails an SMTP relay server was required.
In the good 'ole days setting up an SMTP server was fairly simple. Both Linux and Windows have had built-in SMTP servers for years. The install was easy and with a few configuration settings you were up and running.
Now with the rise in SPAM, setting up an SMTP server is pain. The initial setup of the server itself is straightforward, but now there is a whole list of additional requirements: SPF records, Firewall ports, TLS support, DNS entries, Reverse DNS entries, the constant fear of accidentally configuring an open relay, etc. etc.
The astute reader may suggest: "Why not use the existing mail server?" Well, with everyone outsourcing e-mail, the client may not even have an email server to relay through. Second, relaying through the existing email server makes support difficult. You now lose control of who did the message submission. Was it normal email or part of the relay? Of course detailed logging could save you but why give yourself the headache.
Enter Amazon Simple Email Service to the rescue. (And to be fair a whole list of other hosted SMTP solutions, but since I'm going to AWS for everything else they might as well host the SMTP relay too) AWS SES is a super cheap SMTP relay service. AWS handles all the upgrades, all the reverse DNS records, etc. Basically they make setting up an SMTP relay easy.
And once it's setup, you effectively never need to support SMTP relay again.
However there are some key difference between it and the traditional SMTP Windows Relay server
- TLS is required. Frankly all applications should support encrypting SMTP messages
- You don't get to pick the UID\Pass. AWS assigns you a UID and pass. The UID and passwords are very long and not something that I would hand out to end users.
- You need to go though a domain verification process to authorize sending from a specific domain. The process is very easy and in my mind provides a guarantee that the service doesn't become an open relay.
- You still need to update your SPF records. Any new email servers require an update to the SPF record
- By default you only get to send 200 messages/24 hours. You need to request additional throughput by filling out a form.