When sending emails through Amazon SES, Gmail often appends a "via amazonses.com" label to the sender information. This occurs when Gmail detects that the email is being relayed through a third-party service, even if the email is properly authenticated with SPF and DKIM.
Gmail implements this feature to help users identify potentially suspicious emails. According to Google's documentation:
"Gmail checks whether emails are correctly authenticated. If your messages are sent by a bulk mailing vendor or by third-party affiliates, please publish an SPF record that includes the IPs of the vendor or affiliates which send your messages and sign your messages with a DKIM signature that is associated with your domain."
First, ensure your email authentication is properly configured:
// Example SPF record for your DNS (TXT record):
"v=spf1 include:amazonses.com ~all"
// Example DKIM setup in Amazon SES:
1. Go to SES → Domains → Verify a New Domain
2. Generate DKIM settings
3. Add the CNAME records to your DNS
To completely remove the "via" tag, you need to meet these requirements:
- Use your own domain in the "From" address (not an @amazonses.com address)
- Have both SPF and DKIM properly configured and passing
- Ensure your domain alignment matches (DMARC policy)
Adding a DMARC record can help establish full domain alignment:
// Example DMARC DNS record (TXT record for _dmarc.yourdomain.com):
"v=DMARC1; p=none; rua=mailto:youremail@yourdomain.com"
If you're still seeing the "via" label after implementing these measures:
- Verify all DNS records using tools like MXToolbox or Google Admin Toolbox
- Check your email headers for any authentication failures
- Ensure you're using the same domain in From, Return-Path, and DKIM
For programmatic sending, ensure your SDK configuration includes proper identity settings:
// Example Node.js SES v3 SDK configuration
const { SESClient, SendEmailCommand } = require("@aws-sdk/client-ses");
const client = new SESClient({ region: "us-east-1" });
const params = {
Source: "sender@yourdomain.com", // Must match verified domain
Destination: { ToAddresses: ["recipient@gmail.com"] },
Message: {
Subject: { Data: "Test email" },
Body: { Text: { Data: "This is a test email" } }
}
};
const command = new SendEmailCommand(params);
Many developers using Amazon SES notice that Gmail displays a "sent via amazonses.com" label even after implementing SPF and DKIM authentication. This occurs when Gmail detects the email originated from a third-party service rather than directly from your domain.
While SPF and DKIM are essential, Gmail's algorithm looks for additional signals of domain alignment:
- DMARC policy (even in monitoring mode)
- From: header domain matching DKIM signing domain
- Consistent envelope sender and header sender
Here's a full configuration example that removes the "via" indicator:
# SPF Record (DNS TXT)
"v=spf1 include:amazonses.com ~all"
# DKIM Setup (SES Console)
1. Verify your domain in SES
2. Generate DKIM records in SES console
3. Add CNAME records to your DNS:
# Example DKIM records
Host: k1._domainkey.example.com
Value: k1.dkim.amazonses.com
# DMARC Record (Recommended)
"v=DMARC1; p=none; rua=mailto:dmarc-reports@example.com"For AWS SDK users, ensure proper header configuration:
const params = {
Source: '"Sender Name" ',
Destination: { ToAddresses: [recipient] },
Message: {
Body: { /* ... */ },
Subject: { Data: "Test Email" }
},
// Critical for domain alignment
ConfigurationSetName: "your-config-set"
}; - Verify DNS records with
digor online tools - Check raw email headers for authentication results
- Ensure FROM address uses your verified domain
- Test with different email clients to isolate Gmail-specific behavior
If the issue persists after 48 hours of DNS propagation:
- Contact AWS Support with full email headers
- Submit feedback to Gmail through the "Report phishing" dropdown
- Consider using SES's domain verification feature