I went into the AWS support process thinking the hard part was over. The email delivery pipeline for the kudos board was built and tested. The cron job was scanning the database every five minutes. The HTML email rendered correctly in my own inbox. All I needed was for someone at AWS to look at my case and approve it.
They looked at it. They said no.
The denial came back the day after I submitted my follow-up answers. No specific reason given, just that my request didn’t meet their requirements at this time and I could reapply in the future. I’d answered their questions honestly: expected volume (low), how addresses were collected (entered by someone who personally knows the recipient), bounce handling (SES event notifications), a sample of the HTML. Three days of back-and-forth, and no still came back.
I can’t be entirely mad at it. AWS gating production SES access makes sense from their side. The approval process exists because anyone with an account and a bad idea can start blasting mail. It just didn’t work out for me this time.
So I migrated to Resend.
Resend is a transactional email API with no approval queue. You verify your domain, get an API key, and call POST https://api.resend.com/emails with your content. The Authorization header takes the API key. The payload is JSON. No IAM user, no signed request headers, no sandbox period.
Verifying suricollab.com took maybe fifteen minutes: three CNAME records added in Squarespace DNS, waited for propagation, confirmed green. Then I updated both Edge Functions, swapping out the SES SDK calls for plain fetch. The functions got shorter. Everything I’d built for SES worked immediately for Resend, same cron job, same delivery logic, same six-minute turnaround on the test email.
I also wired Resend in as Supabase Auth’s custom SMTP for magic-link emails. Host is smtp.resend.com, port 465, password is the API key. The default Supabase shared SMTP had been getting rate-limited and landing in spam during testing. Custom SMTP through Resend fixed both problems at once.
The whole migration took under two hours. The SES infrastructure is gone now: IAM user, policy, SES sender identity, three secrets in the Edge Functions. All deleted. The DKIM CNAME records are still sitting in Squarespace DNS pointing at SES endpoints that no longer exist for my account, but they’re harmless and worth keeping for general email auth.
If I built this again, I’d start with Resend. Not because SES is inferior, but because SES puts a human approval gate between you and a working feature. For a side project where you want to move fast and find out if the thing is worth building, that gate is a real cost even if you never pay it.
Plan so that an obstacle isn’t a blocker.