How to Fix Gmail Spam Filtering for AWS EC2 Instance Emails: A Developer’s Guide


2 views

Many developers migrating to AWS EC2 face unexpected email deliverability issues, particularly with Gmail's spam filters. Unlike traditional hosting, EC2 presents unique challenges:

// Typical SMTP configuration that might fail on EC2
const transporter = nodemailer.createTransport({
  host: 'email-smtp.us-west-2.amazonaws.com',
  port: 587,
  auth: {
    user: 'AWS_SMTP_USERNAME',
    pass: 'AWS_SMTP_PASSWORD'
  }
});

AWS IP ranges are often recycled and may have previous spam history. Key factors affecting deliverability:

  • EC2 instances share IP pools with other customers
  • Lack of proper reverse DNS (PTR) records
  • Missing or misconfigured SPF/DKIM/DMARC

1. AWS SES for Outbound Emails

The most reliable approach is using Amazon Simple Email Service (SES):

// Using AWS SDK for SES
const AWS = require('aws-sdk');
AWS.config.update({region: 'us-west-2'});

const ses = new AWS.SES({apiVersion: '2010-12-01'});

const params = {
  Destination: {
    ToAddresses: ['recipient@example.com']
  },
  Message: {
    Body: {
      Html: {
        Charset: "UTF-8",
        Data: "<h1>Your Email Content</h1>"
      }
    },
    Subject: {
      Charset: 'UTF-8',
      Data: 'Test email'
    }
  },
  Source: 'sender@yourdomain.com'
};

ses.sendEmail(params).promise()
  .then(data => console.log(data))
  .catch(err => console.error(err));

2. Configure Proper DNS Records

Essential DNS configurations for better deliverability:

; SPF Record
yourdomain.com. IN TXT "v=spf1 include:amazonses.com ~all"

; DKIM Record (generated by SES)
sesdomainkey._domainkey.yourdomain.com. IN CNAME ses-domain-key.us-west-2.amazonses.com

; DMARC Record
_dmarc.yourdomain.com. IN TXT "v=DMARC1; p=none; rua=mailto:dmarc-reports@yourdomain.com"

3. Request Removal from Blacklists

Check your EC2 IP against common blacklists (mxtoolbox.com) and request delisting if needed.

For cases where SES isn't suitable, consider these options:

# Postfix configuration for external SMTP relay
relayhost = [smtp.sendgrid.net]:587
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options = noanonymous
smtp_tls_security_level = encrypt

Implement these tools to maintain good deliverability:

  • Google Postmaster Tools
  • Microsoft SNDS
  • AWS SES sending metrics

Many developers running email services on AWS EC2 instances face deliverability issues with Gmail. Even after getting AWS SMTP limits removed, emails often end up in spam folders. This happens despite using the same domain and email configuration that worked perfectly on other hosting providers.

Gmail's spam filters are particularly aggressive with emails coming from cloud provider IP ranges. The main reasons include:

  • EC2 IP ranges are often flagged due to previous abuse
  • Lack of proper reverse DNS (PTR) records
  • Missing or incorrect SPF/DKIM/DMARC records
  • New IP reputation (your EC2 IP hasn't built trust yet)

Here's what you can implement immediately:

# Example SPF record for AWS SES (can be adapted for EC2)
"v=spf1 include:amazonses.com ~all"

# Example DKIM setup in Postfix
smtpd_milters = inet:127.0.0.1:8891
non_smtpd_milters = $smtpd_milters
milter_default_action = accept

For sending hundreds of emails daily, consider AWS Simple Email Service (SES) instead of direct SMTP:

// Node.js example using AWS SES SDK
const AWS = require('aws-sdk');
AWS.config.update({region: 'us-east-1'});

const ses = new AWS.SES({apiVersion: '2010-12-01'});

const params = {
  Destination: {
    ToAddresses: ['recipient@example.com']
  },
  Message: {
    Body: {
      Text: { Data: "Your email content here" }
    },
    Subject: { Data: "Important Notification" }
  },
  Source: 'sender@yourdomain.com'
};

ses.sendEmail(params).promise()
  .then(data => console.log("Email sent:", data.MessageId))
  .catch(err => console.error(err));

If you must use EC2 directly:

  • Start with small email volumes (50-100/day)
  • Ensure your emails have proper unsubscribe links
  • Monitor feedback loops with Gmail Postmaster Tools
  • Warm up your IP over 4-6 weeks

Don't overlook these critical DNS records:

# Example DMARC record
_dmarc.yourdomain.com. IN TXT "v=DMARC1; p=none; rua=mailto:dmarc-reports@yourdomain.com"

# Example PTR record (request through AWS)
123.45.67.89.in-addr.arpa. IN PTR mail.yourdomain.com.