Risk of compromised Amazon SES SMTP Credentials?
I host www.foo.com for a client. The website sends emails via postfix which has my Amazon SES SMTP Credentials configured and my SES has foo.com
as
a verified domain and this all works fine.
Now the client wants to send emails from her gmail account as [email protected]
(using gmail's "add another email address that you own" feature) so she has asked for the SMTP credentials. Other than hitting the sending limits of my SES account, what are the other risks if I share the smtp credentials of my SES account with her? Anyone know a better way to satisfy her request?
Possible dupe of If my SES SMTP credentials are compromised can my SES API usage (using access key+secret) be affected but I'm really looking for a list of other risks and ways to avoid them.
Set up a separate AWS account for your client, preferably billed directly to them. Problem solved.
Another solution is to create another SMTP user and restrict it to only one From email address.
After creating the SMTP user, head over to IAM console and overwrite the policy with this:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"ses:SendRawEmail"
],
"Resource": "*",
"Condition": {
"StringEquals": {
"ses:FromAddress": "[email protected]",
}
}
}
]
}