4

I verified my myemail@gmail.com email address on AWS Simple Email Service - but when I email myself, I get the warning:

Be careful with this message

This may be a spoofed message. The message claims to have been sent from your account, but 
Gmail couldn’t verify the actual source. Avoid clicking links or replying with sensitive
information, unless you are sure you actually sent this message. (No need to reset 
your password, the real sender does not actually have access to your account!)

If an email is sent from myemail@gmail.com to any other address, there's no warning. But I get the warning if myemail@gmail.com emails myemail@gmail.com

Does anyone know why this might be? I tried to look through the AWS SES documentation but could not find a potential fix.

Thank you in advance!

John Grayson
  • 1,378
  • 3
  • 17
  • 30

1 Answers1

0

I think this happens because the email is being sent by a third party (amazonses.com) and is missing signatures in the email header that indicate that the email is legit. I don't have a good understanding of how the pieces fit together or what Gmail uses to detect spoofing, but I think it's DKIM, SPF, or both.

In the AWS SES Verified Identities dashboard you can configure DKIM and a custom MAIL FROM domain (SPF). However, I think these solutions won't work for you because you're sending mail from @gmail.com and you're not the owner of that domain and you aren't able to add DNS records for it.

It's possible you won't be to solve this problem. It's kind of understandable to me: Gmail maybe doesn't want people sending email from their domain using SES. Gmail might want outgoing mail to be funneled through their own SMTP servers so they can e.g. make sure people aren't sending spam from their domain.

Possible alternatives:

  • You could buy your own domain and send mail from that. You would be able to configure DKIM and SPF in this case (though I suppose you might not need to? I don't know. I don't know what would cause a mail client to warn if the DKIM or SPF signature is missing).
  • Instead of using SES you could send mail through Gmail's SMTP server. Maybe one of these options.

Caveats: I'm not super familiar with this, I've just been looking into a bit recently and thought I'd share some info in case it helps others.

Mark Doliner
  • 1,543
  • 15
  • 17