Send Cold Email Through AWS SES Without Writing Code
Complete AWS SES walkthrough from account creation to first campaign.
Why Use Amazon SES for Cold Email
Amazon SES for cold email is one of the most cost effective ways to send outreach at scale. When combined with an aws ses cold email platform like EmailQo, you get dedicated sending infrastructure plus the campaign management layer on top. SES stands for Simple Email Service and is part of Amazon Web Services. The primary advantage is pricing. AWS charges $0.10 per 1,000 emails with no monthly minimums and no per contact fees. For teams sending tens of thousands of emails per month, this is dramatically cheaper than per email pricing from other providers.
Beyond cost, Amazon SES gives you dedicated sending infrastructure. When you send cold email through own ses account, your emails are not routed through shared pools where another sender's bad behavior can damage your deliverability. You control the domains, the DNS authentication, and the sending reputation. This is the AWS SES cold email setup guide that covers everything from creating your AWS account to sending your first campaign.
One important note before you begin: SES is a sending infrastructure, not an outreach tool. You still need a campaign tool that connects to SES for managing sequences, follow ups, and replies. This guide covers the SES setup. Connecting it to your outreach tool is the final step.
Step by Step Amazon SES Setup
Step 1: Create an AWS Account
If you do not already have an AWS account, go to aws.amazon.com and create one. You will need a credit card for billing, but SES costs are minimal for cold email volumes. After account creation, navigate to the IAM section and create a dedicated user with only SES permissions. This follows AWS security best practices by limiting access to only the services you need. Do not use your root account credentials for SES.
Step 2: Choose Your AWS Region
Amazon SES is available in multiple AWS regions. Choose a region close to your recipients for the best latency, or use us east 1 (N. Virginia) which is the most commonly used SES region with the widest feature support. Remember that your SES configuration, verified domains, and SMTP credentials are all region specific. Everything you configure must be in the same region where your application connects.
Step 3: Verify Your Sending Domain
In the SES console, go to "Verified identities" and click "Create identity." Select "Domain" and enter the domain you want to send from. SES will generate DNS records you need to add: a TXT record for domain verification and three CNAME records for DKIM (Easy DKIM). Add all of these to your domain's DNS through your registrar or DNS hosting provider. The TXT record proves you own the domain. The CNAME records enable DKIM signing. Verification usually completes within an hour but can take up to 72 hours.
Step 4: Set Up SPF for SES
Add Amazon SES to your domain's SPF record by including their servers. If this is your only sending service, your SPF record should look like:
v=spf1 include:amazonses.com ~all
If you also send through Gmail or another provider, add their include as well within the same single SPF record. Your domain should only have one SPF TXT record total.
Step 5: Add a DMARC Record
Complete your authentication stack by adding a DMARC record. Create a TXT record at _dmarc.yourdomain.com with a value like v=DMARC1; p=quarantine; rua=mailto:dmarc@yourdomain.com. This tells receiving servers to quarantine any email that fails both SPF and DKIM checks and to send you aggregate reports about authentication results.
Step 6: Request Production Access
New SES accounts start in sandbox mode, which limits you to sending only to verified email addresses. To get aws ses sandbox removed cold email sending to anyone, you need aws ses production access cold email approval. In the SES console, go to "Account dashboard" and find the "Request production access" button. AWS asks you to describe your use case, expected sending volume, how you handle bounces and complaints, and what type of content you send. Be honest and specific. Mention that you send business to business outreach, that you verify email addresses before sending, and that you honor unsubscribes. AWS reviews requests manually, and approval typically takes one to three business days.
Step 7: Generate SMTP Credentials
To connect SES to your outreach tool via SMTP, you need dedicated SMTP credentials. In the SES console, go to "SMTP settings." Note the SMTP endpoint for your region, which looks like email-smtp.us-east-1.amazonaws.com. The port is 587 for STARTTLS connections. Click "Create SMTP credentials" to generate a username and password. These are different from your AWS IAM credentials. Save them securely because the password is shown only once.
Step 8: Connect SES to Your Outreach Tool
With your domain verified, DNS records configured, production access granted, and SMTP credentials in hand, you can now connect SES to your cold email platform. In your outreach tool, add a new sending account using SMTP connection type. Enter the SES SMTP endpoint, port 587, and the SMTP username and password you generated. Send a test email to confirm everything is connected and that SPF, DKIM, and DMARC all pass authentication checks.
Want every check on this page run automatically?
EmailQo runs SPF, DKIM, DMARC, blacklist, and content checks before every campaign — on your own Gmail, Outlook, or AWS SES sending account. Start the 7-day free trial, no card.
Start free trial →Common Amazon SES Mistakes
The most common mistake is trying to send from sandbox mode without realizing your account has not been approved for production. All emails to unverified addresses will bounce silently. If your test emails work but real campaign emails do not, check whether your account is still in sandbox mode.
Skipping warmup is another frequent error. Even though SES provides dedicated infrastructure, you still need to warm up new domains and IP addresses gradually. Email providers track sending patterns, and a new domain suddenly sending thousands of emails per day will trigger spam filters regardless of how clean your infrastructure is.
Ignoring bounce and complaint notifications from SES is dangerous. AWS monitors your bounce and complaint rates and will suspend your sending privileges if they exceed their thresholds (currently 5 percent for bounces and 0.1 percent for complaints). Set up SNS notifications for bounces and complaints so you can respond quickly to list quality issues before AWS takes action.
How EmailQo Works with Amazon SES
EmailQo connects natively to Amazon SES as a sending provider. You enter your SMTP credentials in EmailQo, and the platform handles campaign management, sequences, follow ups, and reply detection while SES handles the actual sending. AWS bills you directly at $0.10 per 1,000 emails. EmailQo does not add any markup to the sending cost. Every plan includes built in warmup for your SES connected accounts and pre send inbox health checks that validate your DNS records, scan for spam triggers, and check blacklists before each campaign goes out.
Related Resources
Keep the guide close — get deliverability tips monthly
One short, useful email per month covering SPF/DKIM/DMARC pitfalls, warmup, and cold-email content. No spam. Unsubscribe anytime.
By subscribing you agree to receive occasional tips at this address. See our Privacy Policy. Unsubscribe anytime from any email or at /unsubscribe.
Keep reading