All articles

Amazon SES Shared vs. Dedicated IP Addresses: How to Choose, Warm Up, and Protect Your Sending Reputation

5th July, 2026

Amazon SES Shared vs. Dedicated IP Addresses: How to Choose, Warm Up, and Protect Your Sending Reputation

Why Your IP Choice Is the Foundation of Your Sending Reputation

Every email you send through Amazon SES leaves via an IP address, and mailbox providers use that IP address as one of their primary signals when deciding whether your message reaches the inbox, the spam folder, or nowhere at all. Get the IP strategy wrong and you can find yourself throttled by Gmail, blocked by Outlook, or worse, facing an SES account review that pauses your entire sending operation. Get it right, and you establish a stable, trusted sending identity that compounds in value over time.

The mistake most teams make is treating the IP decision as a one-time configuration choice rather than an ongoing programme. They pick shared or dedicated on day one, forget about it, and only revisit the question once deliverability has already deteriorated. This guide takes the opposite approach: decision criteria first, warm-up mechanics second, then the monitoring discipline that must sit behind all of it regardless of which path you take.

The Three IP Options in Amazon SES: A Plain-English Comparison

When you create a new Amazon SES account, your emails are sent from IP addresses shared with other SES users by default. You can also lease dedicated IP addresses reserved for your exclusive use, at an additional cost. Within dedicated IPs there are two distinct models: standard and managed. Understanding what each one does, and does not, give you is the starting point for any sensible IP strategy.

Shared IPs are pre-warmed, cost nothing beyond your standard SES sending fees, and are actively managed by AWS to protect the collective reputation of the pool. Dedicated IPs (standard) give you full isolation and control at a flat rate of $24.95 per IP address per month, but require you to manage warm-up and scaling yourself. Dedicated IPs (managed) automate provisioning, warm-up, and scaling, with pricing starting at a $15 per month per account subscription fee plus $0.08 per 1,000 emails, decreasing at higher volumes through a tiered structure.

Shared IP Pools: The Right Default for Most Senders

Shared IP addresses suit senders whose volumes are unpredictable or irregular. With shared IPs you can increase or decrease your sending volume as the situation demands, without any warm-up obligation. AWS carefully manages the outbound traffic from shared pools to maximise their collective reputation, and because many SES customers are sending through them simultaneously, the pools carry a consistently high volume, which is itself a positive signal to mailbox providers.

The trade-off is that you do not own your reputation in isolation. Your deliverability can be influenced by the behaviour of other senders on the same pool, even if your own list hygiene is exemplary. In practice, AWS invests significant effort in protecting shared pool quality, and for senders who are not pushing large, consistent volumes, shared IPs remain the most sensible and cost-effective choice. If you do not plan to send large volumes of email on a regular and predictable basis, shared IP addresses are the recommended option.

Shared IPs are particularly well suited to transactional senders, early-stage businesses, seasonal campaigns, and anyone whose monthly volume sits below the threshold at which a dedicated IP would carry enough traffic to build and sustain a credible reputation on its own.

Dedicated IPs (Standard): Full Control, Full Responsibility

Standard dedicated IPs give you complete control over your sender reputation and enable you to isolate your reputation for different email programmes. Because you know exactly what mail is being sent from those IP addresses, troubleshooting deliverability issues becomes more straightforward. Many email certification programmes also require dedicated IPs as a condition of participation.

The cost is $24.95 per IP address per month, billed as a flat fee regardless of sending volume. That structure means standard dedicated IPs can become less cost-efficient than managed IPs at very high volumes, but for mid-to-large senders running a small, stable pool of IPs, the cost is predictable and often justified. One important caveat: if you are not sending a sufficient volume of email with a consistent pattern, a dedicated IP can actually harm your reputation rather than help it, because mailbox providers need to see regular, substantial traffic from an IP to form a positive view of it.

Standard dedicated IPs require a request through the AWS Support Center to provision, and you are responsible for configuring IP pools, managing warm-up, and monitoring performance. This option suits technically capable teams who want granular control, run predictable sending programmes at meaningful daily volumes, and have the operational capacity to monitor and respond to reputation signals.

Dedicated IPs (Managed): Automation at Scale

Dedicated IPs (managed) are automatically set up on your behalf by SES, warm up for each ISP individually, and auto-scale based on your sending volume to ensure your dedicated IP addresses are used optimally. You do not need to submit a support request; they are allocated automatically when you opt in and create a managed dedicated pool through the console, CLI, or API.

The intelligent, per-ISP warm-up is the standout feature. Rather than applying a single time-based ramp across all mailbox providers, managed IPs track the warm-up level for each ISP individually. If you have been sending heavily to Gmail, your IPs are considered warm for Gmail but cold for other providers. If your traffic mix then shifts to include a large proportion of Outlook recipients, SES ramps up traffic to Outlook slowly while continuing to deliver your Gmail traffic through your already-warmed dedicated IPs. This per-ISP awareness eliminates the most common mistake senders make when managing standard dedicated IPs manually.

The pool also auto-scales. You do not need to manually monitor whether you have the right number of IPs for your current volume. If SES detects that an ISP supports only a low daily send quota, the pool scales out to distribute traffic across more IP addresses. The managed option is particularly compelling for teams with irregular or growing sending patterns, those who lack the in-house expertise to manage warm-up manually, or those for whom the engineering overhead of standard IP management is not a good use of time.

How the Warm-Up Process Works

Mailbox providers will only accept a small volume of email from an IP address they do not recognise. When an IP is first allocated, it has no sending history, and ISPs will throttle or reject mail sent at high volumes from that address until they have seen enough consistent, well-received traffic to trust it. This gradual trust-building process is what warm-up achieves.

For standard dedicated IPs, Amazon SES automatically warms up your IPs by gradually increasing the number of emails sent through them according to a predefined warm-up plan. This process takes up to 45 days and progresses on a time-based schedule, independently of your actual sending volume. During warm-up, any email you send beyond the daily plan limit is routed through the SES shared pool so your dedicated IPs are not overloaded before they are ready.

For managed dedicated IPs, the process is adaptive rather than fixed. The warm-up adjustment takes into account actual sending patterns, and when sending volume to a particular ISP drops, the warm-up percentage for that ISP drops accordingly. In the early phases of warm-up, excess sends spill over into the shared pool. In later stages, excess sending is proactively queued and retried to protect deliverability rather than simply offloaded. Even after your dedicated IPs are fully warmed up, it is not guaranteed that all of your sending will flow through them one hundred per cent of the time, particularly if your volume fluctuates significantly.

The warm-up timeline also depends on which ISP you are targeting. For some providers you can establish a positive reputation in around two weeks; for others it may take up to six weeks. Rushing the process is the single biggest mistake senders make, and the consequences, whether throttling, filtering to spam, or IP blocklisting, are significantly harder to recover from than simply taking the time to ramp up correctly.

A Practical Warm-Up Guide: Week by Week

When warming up a new dedicated IP, always start with your most engaged subscribers: recent openers, active clickers, and people who have interacted with your brand within the last ninety days. High engagement during the early warm-up period builds trust with ISPs quickly and provides a buffer against the occasional bounce or complaint that may arise from less active segments.

In the first week, keep daily volumes modest, typically a few hundred to a couple of thousand emails per day depending on your total list size, and focus entirely on your highest-engagement segment. In weeks two and three, begin introducing less recently active subscribers in small increments, monitoring bounce and complaint rates daily before increasing volume further. By weeks four to six, you can begin approaching your target production volumes, but continue ramping gradually rather than jumping to full send volumes overnight.

Start with predictable, non-time-critical workloads such as newsletters rather than triggered, time-sensitive transactional flows. Batch event-driven messages that are not time-sensitive and spread them across the day to smooth out volume. Watch closely for blocking or throttling notifications in your bounce data; these are early signals that a particular ISP is not yet ready to accept your current volume, and the right response is to reduce sending to that ISP temporarily, not to push through.

After the warm-up period is complete, maintain a regular sending cadence to each mailbox provider you want to keep a positive reputation with. An IP that goes dark for extended periods loses the reputation it has built, and restarting from a cold state is as damaging as starting from scratch.

What Mailbox Providers Are Evaluating During Warm-Up

Mailbox providers are not passive observers during your warm-up period; they are actively making assessments about your legitimacy as a sender. The three metrics they weight most heavily are bounce rate, complaint rate, and engagement.

On bounce rate, your account should remain below 2% as a target. AWS will place your account under review if your bounce rate reaches 5%, and if it exceeds 10%, SES may temporarily pause your account's ability to send email. On complaint rate, the threshold for a healthy account is below 0.1%. A complaint rate at or above 0.1% triggers an account review, and a rate at or above 0.5% risks a sending pause. These are not soft guidelines; they are the hard thresholds SES applies automatically.

Engagement signals, principally opens and clicks, tell ISPs that your recipients actively want your mail. Sending to disengaged lists during warm-up suppresses these signals and amplifies the negative ones, which is why beginning warm-up with your best-engaged subscribers is so important. It is more important to warm up properly than it is to reach production sending volumes quickly.

Common Warm-Up Mistakes That Lead to Account Reviews

The most frequent mistake is importing a large, stale list and sending to it in full as soon as a dedicated IP is provisioned. Stale addresses accumulate hard bounces, spamtrap hits, and complaint rates that can trigger an SES account review within days. If your list has not been mailed in twelve months or more, treat it as cold regardless of how it was originally built.

A second common error is assuming that the 45-day automatic warm-up clock means the IP is ready for full production volume at the end of that period. The automatic process steadily increases the warm-up percentage over time, but a fully warmed IP is not a blank cheque for unlimited sending on day 46. Continue ramping gradually after the warm-up window closes rather than jumping to your full target volume immediately.

A third mistake is failing to separate email types during warm-up. Mixing your highest-complaint traffic, such as aggressive promotional campaigns, with your warm-up sends poisons the IP's early reputation. If you send both transactional and marketing email, warm up on transactional or highly engaged newsletter traffic first, and introduce marketing sends only once a stable reputation baseline exists.

Finally, many senders neglect to process bounces and complaints in real time during warm-up. In some situations, SES may pause your account without placing it under review first, particularly if the issue is very serious or if your account has previously been reviewed for the same problem. Acting quickly when signals deteriorate is far less disruptive than responding after a sending pause has already been imposed.

Monitoring Your IP and Domain Reputation After Warm-Up

Warm-up is not a one-time event after which you can stop paying attention. IP and domain reputation fluctuates with every campaign you send, every list segment you add, and every change in subscriber engagement patterns. The monitoring infrastructure you build during warm-up should remain in place permanently.

The SES reputation dashboard in the AWS console shows your current bounce and complaint rate status, and the account-level view provides a historical picture of how these metrics have progressed over time. Crucially, the reputation metrics page contains the same information that the Amazon SES team sees when assessing the health of individual accounts, making it a genuinely useful window into how AWS is evaluating your programme.

Amazon SES automatically publishes bounce and complaint metrics to Amazon CloudWatch, and you can use CloudWatch to create alarms that notify you when rates approach critical thresholds. Best practice is to set your CloudWatch bounce rate alarm at 3% rather than waiting for the 5% account-review trigger, and your complaint rate alarm at around 0.08%, well below the 0.1% threshold that prompts a review. This gives you a meaningful window to investigate and correct problems before they escalate to account-level consequences.

The Virtual Deliverability Manager (VDM) extends your visibility further. It provides a dashboard with time-series graphs showing delivery rates, bounce and complaint statistics, and engagement data, with the ability to drill down by ISP, sending identity, and configuration set. The VDM advisor flags infrastructure issues such as missing or misconfigured SPF, DKIM, and DMARC records, and can surface blocklist hits and spamtrap signals before they become acute. The global deliverability view within VDM extends visibility beyond SES itself, providing inbox placement rates and blocklist monitoring across the providers your domains send through. Note that enabling VDM doubles the message charge count for each email sent, which has implications for free tier usage and overall cost at scale.

For dedicated IP senders, monitoring per-ISP metrics is especially important. A problem with one ISP does not necessarily affect your standing elsewhere, and granular visibility lets you address the specific endpoint causing issues rather than adjusting your entire programme in response to a localised signal. Managed dedicated IPs surface per-ISP reputation data through CloudWatch metrics and built-in dashboards, making this level of analysis accessible without custom instrumentation.

A dedicated SES monitoring tool such as SES Monitor complements the native AWS tooling by consolidating bounce, complaint, and reputation signals into a single view with alerting that does not require you to build and maintain CloudWatch alarms manually. During and after warm-up, having real-time visibility into these metrics, with notifications you will actually act on, is the difference between catching a problem early and discovering it after your sending has been paused.

Decision Framework: Choosing the Right IP Type

The right IP strategy depends on three factors: your monthly sending volume, the predictability of your sending pattern, and your team's operational capacity to manage and monitor dedicated infrastructure.

If your monthly volume is below roughly 50,000 emails and your sending pattern is irregular or seasonal, shared IPs are the correct choice. The pre-warmed pool handles your traffic without any additional configuration, and the cost is zero beyond your standard SES sending fees.

If you are sending consistently at several hundred thousand emails per month or more, your cadence is predictable, and your team has the capacity to monitor reputation metrics and respond to incidents, standard dedicated IPs are worth evaluating. You take full ownership of your reputation, gain the ability to isolate sending streams into separate pools, and the flat $24.95 per IP per month cost is justified by the isolation and control you receive. Bear in mind that managed IPs begin to offer better cost efficiency at volumes above roughly ten million emails per month on a given pool.

If you want dedicated IP isolation but your sending volume is variable, you are growing rapidly, or you do not have the in-house expertise to manage warm-up schedules and per-ISP traffic optimisation manually, managed dedicated IPs offer most of the reputation benefit of standard dedicated IPs with significantly less operational overhead. The usage-based pricing model also means you are not paying for capacity you are not using.

One important consideration regardless of IP type: email certification programmes and compliance-sensitive industries such as financial services and healthcare often require dedicated IPs as a prerequisite. If your business operates in those contexts, the question is not whether to use dedicated IPs but which kind fits your operational model.

Conclusion: Alerting Is the Safety Net You Cannot Skip

Choosing the right IP type and executing a disciplined warm-up gives your sending programme the best possible foundation. But neither of those things protects you once you are in production unless you have monitoring and alerting in place that surfaces problems before they reach the thresholds that trigger SES account reviews or sending pauses.

Your minimum viable monitoring stack includes the SES reputation dashboard reviewed regularly, CloudWatch alarms on bounce and complaint rates set well below the critical thresholds, SNS event publishing configured on your configuration sets so you have raw event data available for investigation, and VDM enabled so you have per-ISP and per-identity visibility into how your programme is performing.

Whether you are on shared IPs relying on AWS to protect the pool, or on dedicated IPs carrying full responsibility for your own reputation, the principle is the same: you need to know when signals are deteriorating in time to act, not after the damage is done. Set up your alerting before your first production send, review it after every significant campaign, and treat any metric moving towards a threshold as an operational incident requiring immediate investigation. That discipline, more than any IP choice you make, is what keeps your sender reputation healthy over the long term.

Start protecting your SES reputation today

Connect your AWS SES account in a couple of minutes and get real-time bounce and complaint alerts before a problem becomes a suspension.

No credit card required · 2-minute setup · Cancel anytime