← Back to projects
7 min
SendScope: Monitoring and Alerting for AWS SES

SendScope: Monitoring and Alerting for AWS SES

An all-in-one platform to monitor AWS SES deliverability and receive automatic alerts when something unusual happens. Built after a leaked AWS key got our SES account suspended, blocking all transactional emails, because AWS itself has no workable solution for proactive monitoring.
  • .NET
  • C#
  • React
  • TypeScript
  • AWS

Table of Contents

  1. AWS Virtual Deliverability Manager: Dashboards Without Action
  2. What SendScope Is
  3. Real-Time Monitoring
  4. Smart Alerting
  5. Suppression List Management
  6. Sending Insights
  7. DNS Authentication Checks
  8. Digest Reports
  9. The Technical Side
  10. Why I Built It Myself
  11. Current Status

I once experienced a leaked AWS key. We found out when AWS suspended the SES account, which blocked all transactional emails across every piece of software we were running. That is not something you want to deal with, especially not at night or on a weekend.

After the incident was resolved by rotating all keys and requesting AWS to restore access, I started looking for a good solution to prevent this from happening again.

AWS Virtual Deliverability Manager: Dashboards Without Action

I discovered that AWS doesn’t really have a solution for this. In November 2022 they launched AWS Virtual Deliverability Manager (VDM). It lets you view various statistics and receive recommendations to improve deliverability. But these are just read-only statistics. You can imagine I’m not going to check these dashboards every hour, and of course the moment you’re not looking is exactly when an incident occurs.

When I searched online I couldn’t find any off-the-shelf solutions. There were some articles about cobbling together SNS topics that receive events you can then do something with, and setting up CloudWatch, but doing that for every AWS account, and writing a dedicated Lambda function or something similar for it, is a bit much. On top of that, it’s not very reliable either. A robust setup is required to be reliably notified when something is wrong with your AWS SES configuration.

That’s why I built SendScope.

What SendScope Is

SendScope is the all-in-one platform for monitoring AWS SES deliverability and metrics, with automatic alerts when something unusual happens. It fills the gap that VDM leaves open: where VDM shows dashboards but does nothing when things go wrong, SendScope proactively warns you before problems escalate into an account suspension.

The SendScope dashboard with real-time bounce, complaint, and delivery rates

The monitoring dashboard: bounce rate, complaint rate, and delivery rate in real time, with AWS limits as reference.

Real-Time Monitoring

The dashboard shows your bounce rate, complaint rate, and delivery rate in real time, with the AWS limits clearly visible alongside. You can see how each sender identity (domain and email address) is performing, view historical trends over periods from 24 hours to 2 years, and get a multi-account overview if you manage multiple AWS accounts. SendScope also checks whether your domains’ DKIM, SPF, and DMARC configuration is correct and alerts you if anything changes.

The multi-account dashboard with per-account health overview

The multi-account dashboard: events, deliveries, bounce and complaint rates, with per-account health badges.

Smart Alerting

This is the heart of SendScope. Ten types of alert conditions are available:

  • Rate thresholds: warnings when bounce or complaint rate reaches a threshold.
  • Reputation danger: detection when your reputation is at risk.
  • Quota usage: notification when you’re approaching your daily sending quota.
  • Volume spikes: detection of sudden spikes in sending volume that deviate from the normal pattern.
  • Sending silence: alert when emails unexpectedly stop being sent entirely.
  • Engagement drops: detection when open or click rates drop significantly.
  • Bounce subtype surges: warning when a specific type of bounce suddenly increases.
  • Suppression growth: notification when the suppression list grows unusually fast.
  • Authentication degradation: alert when DKIM, SPF, or DMARC authentication deteriorates.
  • Account health: notification when the account status changes.

I wanted to make it possible to receive notifications wherever you spend your time online: email, Slack, and Discord. Apprise is also supported, which on its own can reach a huge list of providers. If all of that still isn’t enough, you can also opt for a custom webhook, where you can specify your own URL, payload, and custom headers (including auth), with SSRF prevention of course.

Every alert rule can be tested before it goes live, and there is a cooldown mechanism to prevent you from being flooded with notifications.

Suppression List Management

The suppression list with search and filter options

Suppression list management: search, filter, bulk delete, and CSV export, with bidirectional sync to AWS SES.

Hard bounces and complaints are automatically suppressed as they arrive. The standout feature is the bidirectional sync with the AWS SES suppression list: your local list and the list in AWS stay automatically in sync, so every system agrees on who not to email. It also supports temporary suppressions with a configurable expiry, for cases where you want to temporarily block an address.

Sending Insights

Deliverability funnel and sending patterns

Sending insights: the deliverability funnel from sent to clicked, sending heatmaps, and domain breakdown.

SendScope shows the full journey of an email: from sent to delivered, opened, and clicked, as a visual funnel. Sending heatmaps show which days and hours see the most activity, a domain breakdown shows rates per recipient domain, and bounce reasons are categorized into permanent versus transient with subtypes. Volume anomaly detection automatically picks up unusual patterns.

DNS Authentication Checks

DKIM, SPF, and DMARC authentication status

Domain authentication: DKIM, SPF, and DMARC status per identity, with drift history.

SendScope continuously checks whether the DNS authentication of your sending domains is configured correctly. If something changes in your DKIM, SPF, or DMARC configuration (for example, due to a DNS change that accidentally overwrites a record) you get notified before it affects your deliverability.

Digest Reports

Besides real-time alerts, you can also receive periodic email summaries: daily, weekly, or monthly. Each digest contains your bounce and complaint rates, volume trends, top recipient domains, recent suppressions, and alert history, with a comparison against the prior period so you can spot trends early.

The Technical Side

SendScope is built on the same stack as Slicekit: an event-driven .NET 10 API with vertical slices, a React 19 SPA, and an Astro marketing site. SES events come in via SNS webhooks, and the app auto-configures SNS topics and subscriptions the moment you connect your AWS account. Monitoring data is processed through Wolverine CQRS and stored in PostgreSQL, with Redis as a caching layer.

Why I Built It Myself

The direct trigger was that incident with the leaked key. But the underlying reason is that there simply was no good solution out there. VDM shows statistics but doesn’t act on them. The cobbled-together combination of SNS, CloudWatch, and Lambda is fragile, difficult to maintain across multiple accounts, and nowhere near reliable enough to trust for critical email infrastructure.

I wanted something I could set up, that reliably watches, and that warns me in the right place before AWS intervenes. SendScope became that.

Current Status

SendScope is live and available in three tiers: a free Starter plan (1 SES account, basic email alerts), Pro at €29 per month (up to 5 accounts, all alert types, Slack, Discord, and digest emails), and Business at €79 per month (unlimited accounts and advanced anomaly detection). All paid plans include a 7-day free trial with no credit card required.

Have questions or feedback? Feel free to get in touch!

See demo
Have questions about this project?
[email protected]
Previous
SecShare: an open-source secret sharing tool
Next
Slicekit: A Full-Stack .NET + React SaaS Template You Own