How to send email with AWS SES

Knock integrates with AWS Simple Email Service (SES) to send email notifications to your users.

In this guide you'll learn how to get started sending transactional email notifications with SES through Knock. We also cover provider configuration and additional data you can pass through to SES.


  • Attachments support
  • Link and open tracking
  • Per environment configuration
  • Sandbox mode

Getting started

You'll need to take some steps in AWS before you can configure your SES channel within Knock.


Verify a "From" address within AWS SES

You'll need to verify the "From" email address you plan on using to send emails with AWS if you haven't already. To do so, follow the steps outlined in AWS's guide to creating and verifying an email address identity.


Choose an AWS Authentication Scheme

Knock supports two authentication schemes with AWS SES:


Configuring SES in Knock

Now that you have a verified "From" address and either an AWS User's credentials or an AWS IAM Role to delegate to Knock, you're ready to configure your SES channel in the Knock dashboard under the Integrations > Channels section.

Here are a few other things to keep in mind once you have your SES channel configured in Knock:

  • SES sandbox mode. By default, AWS places all new accounts in the SES sandbox. While your account is in the sandbox, you can only send emails to verified email address—keep this in mind if you're testing in development before you've moved your account out of the SES sandbox. For more information on the SES sandbox and how to move your account out of it, see the SES sandbox documentation.
  • Deliverability tracking. We cannot currently track deliverability through SES channels. This means that all notifications sent through SES will show up as "Sent" in the Knock messages log, but not "Delivered."

Provider configuration

Access key IDstring*The access key ID from your AWS account
Secret access keystring*The secret access key from your AWS account
AWS regionstring*The region your AWS account is in
Open trackingbooleanShould the provider track opens on their service?
Link trackingbooleanShould the provider track link clicks on their service?
From email addressstring | liquid*The sender email address (can use Liquid tags)
From namestring | liquidThe sender name (can use Liquid tags)

Environment default settings

The following fields are optional and if set, will be applied to all email messages sent via this channel within the environment:

Reply-to addressstring | liquidThe reply-to email address (can use Liquid tags)
CC addressstring | liquidThe cc email address (can use Liquid tags)
BCC addressstring | liquidThe bcc email address (can use Liquid tags)
JSON overridesstring | liquidProvider API's paramater overrides

Additional data sent

Knock sends the following attributes along with your emails (all as Tags):

  • Sender: always set to
  • knock_message_id: the ID of the message this email is associated with
  • knock_workflow: the key of the workflow this message was generated from
  • knock_recipient_id: the Knock ID of the recipient this email is being sent to

You can learn about the role of these SES attributes in the AWS Simple Email Service (SES) API documentation.

Keep in mind that AWS SES tags can be up to 256 characters long of only ASCII letters (a-z, A-Z), numbers (0-9), underscores (_), or dashes (-). If your knock_recipient_id does not meet these requirements, Knock will truncate knock_recipient_id to 256 characters and remove any prohibited characters.
Check out the AWS Docs for more information.

Recipient data requirements

In order to send an email notification you'll need a valid email property set on your recipient.