Why You May Not Get Password Reset Emails Sent from AWS SES to Gmail
Looking for more details but appears that Google (or someone) is changing the IP address along the way and SPF fails
One of my stories on IPv6 and DNS Security.
Free Content on Jobs in Cybersecurity | Sign up for the Email List
I was working with a client on an AWS penetration test. I tried to do a password reset and wasn’t getting the email. Then I realized it was going to spam.
Initially I thought it might have to do with IPv6 but later the client came back and said that the failing IP address was not related to their addresses or SES at all. The problem is that somewhere between AWS and my email inbox, the sender became a Google address. My client suspects that Google is changing the IP address to one of their own.
You can see that by opening the spam message in gmail and choose Show Original. It will show you the details of the message, routing, and where the Google email address comes into play. The message was coming from SES but somehow by the time it came to me the message states that the sender IP address is not in the records for my client domain. It is a Google address — and not one which my client uses.
Initially I wrote:
Now I don’t use SES at the moment so I’m presuming AWS started using IPv6 records with SES, but it could have been some other server in the mix, so you’ll have to do your own investigation if you find your emails are going to spam and see this type of error message.
So here’s the other server in the mix.
And I’ve seen problems like this before. I was specifically trying to do a password reset and I didn’t think I got the email. Turns out it went to spam. However, in the past, I’ve try to do password resets with both Stripe and BuyMeACoffee and never got the reset email. I wonder if it was this same problem.
Here are some other interesting notes. Once I was using an email that was a “catch-all” email. I never got the message until I set up an alias. In that case, Stripe was trying to send me a message and said my emails were bouncing. In another case, I as using an alias and could not get them message. I never did hear how the company fixed that problem, if they did.
I’ve also implemented DNS securtity on some of my domains but not others. I am not sending any email from the domain that could not get the password reset, only receiving. So does DNSSEC come into play in that case? I don’t know but it’s about time I get around to setting that up.
I wrote about that and other things you can do to protect your domain names here:
Still not entirely sure what is causing this. Never enough time in a day and need to finish a report.
Follow for updates.
Teri Radichel | © 2nd Sight Lab 2023
The best way to support this blog is to sign up for the email list and clap for stories you like. That also helps me determine what stories people like and what to write about more often. Other ways to follow and support are listed below. Thank you!
About Teri Radichel:
~~~~~~~~~~~~~~~~~~~~
Author: Cybersecurity for Executives in the Age of Cloud
Presentations: Presentations by Teri Radichel
Recognition: SANS Difference Makers Award, AWS Security Hero, IANS Faculty
Certifications: SANS
Education: BA Business, Master of Software Engineering, Master of Infosec
Company: Cloud Penetration Tests, Assessments, Training ~ 2nd Sight LabLike this story? Use the options below to help me write more!
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
❤️ Clap
❤️ Referrals
❤️ Medium: Teri Radichel
❤️ Email List: Teri Radichel
❤️ Twitter: @teriradichel
❤️ Mastodon: @[email protected]
❤️ Facebook: 2nd Sight Lab
❤️ YouTube: @2ndsightlab
❤️ Buy a Book: Teri Radichel on Amazon
❤️ Request a penetration test, assessment, or training
via LinkedIn: Teri Radichel
❤️ Schedule a consulting call with me through IANS Research