How to Migrate From Amazon SES to Mailer To Go
Amazon SES is powerful and cheap, but it pushes a lot of undifferentiated work onto you: IAM policies, region choices, configuration sets, sandbox limits, and your own reputation monitoring. Moving your transactional mail to Mailer To Go is a controlled swap of DNS and credentials — the care goes into carrying your suppression list across and cutting over without losing reputation. Here’s the whole migration in order, with real config and a reversible rollout.
Still weighing it up? The Amazon SES alternatives comparison covers the why. This guide is the how.
Before you start: inventory what SES is doing for you
SES spreads configuration across several AWS surfaces. Capture all of it before you touch anything:
- Verified identities — the domains and email addresses you send from, and which region they’re verified in.
- Sandbox status — if your account is still in the SES sandbox, you’re already limited; migrating removes that constraint, but note your current sending quota and rate.
- Suppression data — SES keeps an account-level suppression list of addresses that bounced or complained. This must come with you; re-mailing a suppressed address destroys a new domain’s reputation instantly.
- How you send — SMTP (
email-smtp.<region>.amazonaws.com) or the SESv2 API/SDK (or both). - Configuration sets and event destinations — where your bounce/complaint/delivery events go today (SNS, CloudWatch, Kinesis).
- Rough daily/peak volume, for warm-up planning.
Step 1 — Create your Mailer To Go sending domain
Sign up at mailertogo.com and add a sending subdomain — we recommend mtg.yourdomain.com — rather than your root domain. It isolates reputation and, if you delegate it, lets us manage the DNS. See Why Mailer To Go sends from mtg.yourdomain.com.
Step 2 — Authenticate (SPF, DKIM, DMARC)
Publish the SPF and DKIM records from your dashboard, and a DMARC policy at your root. You already did the DKIM dance in SES (it generates CNAMEs per identity), so this is familiar territory — just new values. Keep both SES and Mailer To Go authorized on the domain during the overlap. Full walkthrough with real records and dig verification: Email authentication, end to end.
Step 3 — Swap your credentials
SMTP. The SES giveaway is a host like email-smtp.us-east-1.amazonaws.com and SMTP credentials that are IAM-derived (generated from a user, not your AWS access key). Point the same mailer at Mailer To Go instead:
# Before — Amazon SES
host: email-smtp.us-east-1.amazonaws.com port: 587
username: <SES SMTP username> (IAM-derived — not your AWS access key)
password: <SES SMTP password>
# After — Mailer To Go
host: smtp.mailertogo.com port: 587 (or 465 for SSL)
username: <MAILERTOGO_SMTP_USER>
password: <MAILERTOGO_SMTP_PASSWORD>
In Rails, that’s just new environment values — no code change:
# config/environments/production.rb
config.action_mailer.smtp_settings = {
address: ENV["MAILERTOGO_SMTP_HOST"], # smtp.mailertogo.com
port: 587,
user_name: ENV["MAILERTOGO_SMTP_USER"],
password: ENV["MAILERTOGO_SMTP_PASSWORD"],
authentication: :plain,
enable_starttls: true
}
API. If you call the SESv2 API or SDK, you can either point your mailer at Mailer To Go over SMTP (least code) or switch to the Mailer To Go REST API:
# Before — Amazon SES v2 (AWS CLI)
aws sesv2 send-email \
--from-email-address you@yourdomain.com \
--destination ToAddresses=user@example.com \
--content '{"Simple":{"Subject":{"Data":"Hello"},"Body":{"Html":{"Data":"Hi"}}}}'
# After — Mailer To Go REST API
curl -X POST https://api.mailertogo.com/v1/send \
-H "Authorization: Bearer $MAILERTOGO_API_KEY" \
-H "Content-Type: application/json" \
-d '{"from":"you@yourdomain.com","to":"user@example.com","subject":"Hello","html":"Hi"}'
No IAM users, policies, or regional endpoints to manage — one key and one endpoint. (Full language-by-language examples: Send email with the Mailer To Go API & SMTP.)
Step 4 — Import your suppression list (do not skip)
Export SES’s account-level suppression list before you cut over:
aws sesv2 list-suppressed-destinations --output json > ses-suppressed.json
Load those addresses into your Mailer To Go suppression list so anyone who bounced or complained on SES is never emailed again. This one step protects the reputation you built on SES.
Step 5 — Warm up and cut over gradually
A new sending domain has no reputation, so don’t flip everything at once — and this matters even more coming from SES, where a large existing volume can look like a spike to inbox providers if you move it all in a day. Run both providers in parallel and shift traffic in stages (10% → 25% → 50% → 100% over a week or two), starting with your most engaged mail (password resets, receipts). Watch bounce and complaint rates at each step, and keep SES ready to take traffic back until you’re fully cut over.
Step 6 — Verify, then decommission
- Send tests and confirm SPF, DKIM, and DMARC all PASS (Gmail → Show original).
- Recreate any event handling you relied on from SES configuration sets against your Mailer To Go webhooks, and confirm bounce/complaint events flow.
- Once 100% runs clean through Mailer To Go for a few days, remove the SES SMTP/IAM credentials and delete the identities — but leave SES’s DNS records in place for a week or two as a rollback safety net, then remove them.
Rollback
Because the switch is credentials + DNS, rollback is fast: point your mailer’s environment variables back at SES. Keeping both providers authenticated during the overlap is what makes that a one-line change instead of an emergency.
New to subdomain sending or authentication? Start with Why Mailer To Go sends from mtg.yourdomain.com and the SPF/DKIM/DMARC setup guide. Coming from a different provider? See Migrating from SendGrid and Migrating from Mailgun.