Connecting Amazon SES
Plume sends through your own SES account using AWS SES v2. This page walks through credentials, domain verification, leaving the sandbox, and feedback.
Not on AWS? Plume also sends through any SMTP provider — Mailgun, SendGrid, Postmark, Resend, and more.
Your SES credentials — region, access key id, and secret — are entered in the app under Settings, not as environment variables. Plume stores them AES-encrypted at rest. Until you configure SES, Plume uses a built-in log provider that prints emails to stdout instead of sending them, so you can develop and test with zero AWS setup.
Create IAM credentials
Section titled “Create IAM credentials”In AWS IAM, create a user with programmatic access and attach a policy scoped to SES send actions. Plume only needs to send mail and read sending statistics.
{ "Effect": "Allow", "Action": ["ses:SendEmail", "ses:SendRawEmail"], "Resource": "*"}Enter the resulting access key id, secret, and region in Settings. Plume encrypts them before saving.
Verify a domain
Section titled “Verify a domain”Add your brand in Plume and it generates the DKIM and SPF records to publish at your DNS provider. Plume polls SES and flips the brand to verified automatically — usually within 30 minutes.
Leave the sandbox
Section titled “Leave the sandbox”Configure feedback
Section titled “Configure feedback”Bounce and complaint feedback reaches Plume through an SNS webhook. Point an SNS topic at Plume’s feedback endpoint:
POST https://your-host/webhook/sesNote that this is a root path (/webhook/ses), not under /api. Plume processes the SNS notifications and updates suppression automatically — see Tracking & suppression.