SES best practices and security
Keep sender reputation healthy, prevent abuse, and make sure your SES + Sessy setup stays reliable in production.
Protect public email-triggering flows
- Rate limit endpoints like signup, password reset, magic links, and invites.
- Add bot protection on public forms.
- Avoid blindly sending to untrusted or user-manipulated recipient lists.
Respect suppression and bounce signals
- Stop sending to addresses that bounced or complained.
- Persist suppression state in your app.
- Monitor bounce and complaint trends continuously.
Keep identity and DNS aligned
- Verify your domain identity.
- Enable DKIM and confirm it passes.
- Set SPF and DMARC.
- Prefer custom MAIL FROM for better alignment.
Secure your Sessy deployment
- Use HTTPS in production.
- Require auth for dashboard access.
- Expose only required webhook paths for SNS.
- Keep dependencies and images updated.