CX Works

A single portal for curated, field-tested and SAP-verified expertise for your SAP C/4HANA suite. Whether it's a new implementation, adding new features, or getting additional value from an existing deployment, get it here, at CX Works.

How to Set Up Amazon SES as Email Service Provider

Configure Amazon SES as E-mail Service Provider for SAP Marketing Cloud

E-mail marketing is still one of the most cost-effective marketing tactics that you can use to engage with your customers. For sending a high volume of e-mails, it is common practice to leverage E-mail Service Providers (ESP) for the send out process. A widespread solution is the Simple E-mail Service (SES) from Amazon which is built on the Amazon Web Services (AWS) infrastructure. If you are using SAP Marketing Cloud as a marketing automation platform, you will get an out out-of-the-box integration with Amazon SES. This article describes how to configure Amazon SES and how to establish the connection between Amazon SES and SAP Marketing Cloud.

Table of Contents

References

If you are about to start with the integration of Amazon SES with SAP Marketing Cloud, we highly recommend you to read through the following resources:

Architecture Overview

Before you start with any configuration activities, it is important to understand the target architecture and what kind of information will be exchanged between Amazon SES and SAP Marketing Cloud:

image 1: Architecture Overview for Amazon SES Integration


  1. E-mails are transferred to the Amazon SES server though a synchronous HTTPS call. Amazon confirms the messages and returns an outbound-id. This outbound-id is stored in SAP Marketing Cloud when creating the interaction with the interaction type: EMAIL_OUTBOUND.
  2. Next, Amazon sends the e-mails to the receiver's Internet Service Provider (ISP). If the e-mail is successfully delivered, SAP Marketing Cloud will not receive any feedback. If the receiver cannot be reached or the mailbox doesn't exist, the e-mail will bounce.
  3. For processing notifications (bounces or complaints), we configured Amazon SES in a way that those events are converted into notifications by using Amazon Simple Notification Service
    (SNS).
  4. Next, the notifications are pushed into a queue (SQS) to allow SAP Marketing Cloud to read the information in an asynchronous way. 
  5. Finally, a feedback collector job in SAP Marketing Cloud pulls the information from the queues.


In this example, we only created one SES account including the required artifacts. In a real customer case, you should consider the creation of two accounts (including artifacts): One for the quality stage and one for the productive stage. If you only want to work with one account, ensure you do not create dependencies between the quality and productive stage. Due to the nature of a queue, messages will be gone once they have been picked up. If two systems are connected to the same queue, they would interfere with each other. This means, if you work with one account, you should create at least two queues knowing the consequence is that your quality system will not be receiving any bounce/complaint information.

Configuration Steps

Amazon AWS Set Up

Create a User (IAM)

Amazon Identity and Access Management (IAM) is used to create a dedicated user for the API calls. The user will be stored in SAP Marketing Cloud and will be used for authenticating when calling the AWS APIs. 

During the user creation, choose the access type Programmatic access - as SAP Marketing Cloud is connecting to AWS through the APIs.


image 2: Creation of a API user in Amazon Identity and Access Management


Note down the Access Key ID and Secret Key as you will require it later when configuring the connection in SAP Marketing Cloud.

The user needs to have access to the SES and SQS APIs. You can either create your own policy and include the necessary authorizations or just assign the following AWS managed policies:

  • AmazonSQSFullAccess
  • AmazonSESFullAccess

image 3: Assignment of authorizations for API user


Create a Notification Topic (SNS)

Bounce and complaint information will be converted to notifications. Therefore, we have to define the notification artifacts first with Amazon SNS. Notification topics will convert bounce and complaint information into notifications and hand them over to the queue. From there, SAP Marketing Cloud will pull the information. 

For the creation of the notification artifact, choose to create a new topic and provide a meaningful name.


image 4: Creation of a SNS topic




image 5: Overview of the created SNS topic


Create Queues (SQS)

Now, we create a queue where the created notification topics will push their messages to. Choose to create a standard queue. We don't need to configure the queue in detail. Instead, it can be created with the Quick-Create Queue option.


image 6: Creation of a SQS queue for collecting bounce and complaint information


The feedback queue path needs to be provided to SAP Marketing Cloud as it is stating the endpoint where the bounce information can be picked up from SAP Marketing Cloud on AWS' side. The feedback queue path is the last individual portion of the URL queue at Amazon. For example, the path from https://sqs.eu-west-1.amazonaws.com/NNNNNNNNNNNN/ABC is /NNNNNNNNNNNN/ABC. Note down this information as well.

Now, we need to connect the created notification topic with our queue. Choose the Queue Actions menu and select the option to Subscribe Queue to SNS Topic:


image 7: Subscription of the queue to the SNS topic


In the Subscribe to a Topic popup, select the topic you previously created.


image 8: Selection of the created topic to be assigned to the queue


SES Configuration

Create and Verify Sender Domain

In the following step, we need to do the actual set up of the e-mail service. Therefore, we either have to verify a domain or an e-mail address and assign the SNS topic to them. You have the following options for the verification:

  • Domain: Verify a domain. You can use later on any e-mail address from the domain as the sender's address. This approach requires to add a Domain Verification Record as a TXT record to your DNS settings.
  • E-mail Address: Verify a single e-mail address that is going to be used as the sender's address. Amazon will trigger a real e-mail to that address to verify its existence.


In our example, we will verify a new e-mail address:


image 9: Overview of a verified e-mail address


More documentation on the verification process can be found here: Verifying Identities in Amazon SES.

The previously created SNS notification topic needs to be assigned to the e-mail address identity. This means, that for all e-mails sent through this address, the bounce/complaint information will be converted into notifications and put into the defined topic.


Authentication with SPF

Sender Policy Framework (SPF) is an e-mail validation standard that you should implement as it impacts your sender's reputation. Enabling SPF is fairly easy; you only need to add a record to your DNS configuration. Fore more information, please refer to the detailed guide from AWS: Authenticating Email with SPF in Amazon SES.


Authentication with DKIM

DomainKeys Identified Mail (DKIM) is a standard that allows senders to sign their e-mail messages. It is a best practice to implement it as it impacts your sender's reputation as well. Enabling DKIM also works by adding a generated TXT entry from Amazon to your DNS configuration. Fore more information, please refer to the detailed guide from AWS: Authenticating Email with DKIM in Amazon SES.


DMARC Configuration

We also recommend to set up Domain-based Message Authentication, Reporting and Conformance (DMARC) on your domain. Fore more information, please refer to the detailed guide from AWS: Complying with DMARC Using Amazon SES.

SES: Checklist

Once you are done with the previous configuration steps, prepare the following checklist. You will need this information when you configure SAP Marketing Cloud and establish the connectivity with Amazon SES.

  • AWS Region
  • IAM Access and Secret Key
  • SQS Queue Name
  • Sender Address

SAP Marketing Cloud Set Up

For details on the integration work required on SAP Marketing Cloud, please see the official product documentation: Integrate SAP Marketing Cloud with Amazon SES

Testing

After you have set up and integrated Amazon SES, you might want to test all of the use cases. Your test cases should at least cover the following scenarios:

  • Simple E-mail Outbound: Is the e-mail placed in the inbox? Is an interaction created in SAP Marketing Cloud?
  • Soft Bounces: Are soft bounce information retrieved by SAP Marketing Cloud and is a corresponding interaction created?
  • Hard Bounces: Are hard bounce information retrieved by SAP Marketing Cloud and is a corresponding interaction created?
  • Complaints: What happens in case a customer marks your message as spam? Do you receive the complaint notification and is an interaction created?

For testing all of the above scenarios, Amazon SES provides the AWS Mailbox Simulator. The Mailbox Simulator is very useful as you don't have to create fictitious e-mail addresses and the bounce scenarios do not impact your domain/IP reputation or daily sending quota.

Fore more information, please refer to the detailed guide from AWS: Testing Email Sending in Amazon SES


Conclusion

This article showed you how to set up Amazon Simple E-mail Service to be used as an E-mail Service Provider for SAP Marketing Cloud. You have learned that the concept leverages the native cloud services for notifications and queues and requires also some DNS configurations.