Improving Mail Deliverability in WordPress with Amazon SES

Out of the box, WordPress doesn’t always do a great job of sending mail. This isn’t necessarily its fault – web server and DNS configurations matter a lot when it comes to sending high deliverability messages. Ensuring deliverability is especially important when it comes to eCommerce sites, but even a single missed lead capture form can cost your company a great sum in lost potential revenue. It’s an embarrassment when your legitimate mail gets in customers spam box.

One of the easiest and most reliable ways to improve your deliverability is by implementing a third-party mail sending service like Amazon SES. Although AWS in general can be quite confusing, once you’re set up, it just works. Since it’s a pay-as-you-go service, you will only be billed for messages you actually send. Most low-volume sites will cost less than a dollar per month.

So here’s how to set it up!

  1. Sign up for AWS if you do not have an account already.
  2. Set up a billing method to pay for the services you use.
  3. Navigate to the SES configuration panel, click on Domains, and press Verify a New Domain.
  4. Enter the domain you’d like to send mail from, and check Generate DKIM Settings. Press Verify This Domain to start the verification process.
  5. You will be shown a TXT record to set to verify your domain. You will also be shown three CNAME records to set up DKIM. Add all four of these records to your DNS configuration, and Amazon will periodically check to see when they’re all set up.
  6. You will also need to set up SPF at this time. If you already have an SPF record, add include:amazonses.com somewhere before the end (~all or -all). If you do not have an SPF record, you can add the following to only permit sending from SES: v=spf1 include:amazonses.com -all. There is more official information about SPF available here.
  7. Generate SMTP credentials in SES by clicking on the domain, and then selecting SMTP Settings on the left. Press Create SMTP Credentials and you will be walked through creating a special IAM user to only access Amazon SES for this domain. When you are shown your Access Key ID and Secret Key, save these as they make up your SMTP login.
  8. Open a support ticket using this form to request Production access to SES. Until Amazon removes the default limitation on your account you will not be able to send mail outside of your domain. Make sure not to force SMTP mail on WordPress until you’re notified you’re out of the sandbox, or messages will not be sent.
  9. On your WordPress site, install and activate WP-Mail-SMTP which will permit you to route WordPress mail over SMTP. Under Options -> Email, select Send all WordPress emails via SMTP. For the SMTP host, enter the region-specific hostname displayed on the SMTP Settings page in SES. You can use port 25, 465, or 587 in case one is blocked on your server. Select Use TLS Encryption, and enter your Access Key ID as your username and the Secret as your password. You are also encouraged to force a from address that matches the domain you are sending from.
  10. Use the Send a Test Message functionality to try out your new SES implementation. If the debug output starts with bool(true) – your message was sent successfully!

Install authbind on CentOS 7 x86_64: Download the RPM

Here’s the RPM for authbind 2.1.1: https://s3.amazonaws.com/aaronsilber/public/authbind-2.1.1-0.1.x86_64.rpm

Need a refresher? Most systems should permit installation directly from the URL, so try this:

sudo rpm -Uvh https://s3.amazonaws.com/aaronsilber/public/authbind-2.1.1-0.1.x86_64.rpm

This RPM was built using the authbind-centos-rpm project. There is not currently an easy-to-find repo for prebuilt RPMs for authbind. It doesn’t look like authbind is changing anytime soon (last updated a year or two ago) but if it does, note you’ll have to either compile from source yourself or find a new RPM to update it – your package manager will not handle it.

Enjoy, and stay safe while not running your scripts as root!

RHEL 7 t2.micro AWS EC2 AMI Costs 5x OSS Alternatives

I should have known, honestly. But Amazon makes it seem so affordable to license Red Hat. I thought “Hey, this is Red Hat. I’m a big Fedora user, and I build CentOS servers all the time. Surely Red Hat will be like any of those, just better!”

Unfortunately… I’d never licensed Red Hat previously and had no idea of its cost. Amazon currently lists the On-Demand t2.micro RHEL 7 AMI as a whopping $0.073/hr to run. This results in around a $52.56/month bill just for EC2. To compare, a CentOS t2.micro costs $0.013/hr (~$9.36/month) and has the same specs as the prior, 5.6 times as expense instance. If you don’t need to use Red Hat, for less money you could scale way up to a t2.medium which has 4x the memory of a t2.micro, 4x the rate of CPU credits, and 2x the vCPUs. Even that would only cost you $0.052/hr (~$37.44).

What does this mean for me? Well, I’m certainly not going to pay $640/yr to run pretty much the most bare-bones site I could have right now. And if I was going to spend $640/yr on anything, it wouldn’t be 80% licensing fees to Red Hat.

Please don’t take this as me dismissing Red Hat. They have been instrumental in the development of the OS’s I love so much, as well as the Linux community. I’m sure they’re a great company for enterprise-grade clients.

But now it’s time for me to rebuild my stack, on CentOS this time. I may shrink the server size even further and try out CloudFlare – it sounds like a perfect candidate for what I’m doing here.