AWS Security ChangesHomeSearch

AWS ses documentation change

Service: ses · 2026-04-19 · Documentation low

File: ses/latest/dg/eb-filters.md

Summary

Added clarification about how recipient address matching works with subaddressing (plus addressing) in email filters.

Security assessment

This change provides technical clarification about email filter behavior. While it could help users configure more accurate filters, there's no security context or mention of vulnerabilities.

Diff

diff --git a/ses/latest/dg/eb-filters.md b/ses/latest/dg/eb-filters.md
index 83c16a149..3849f9f4f 100644
--- a//ses/latest/dg/eb-filters.md
+++ b//ses/latest/dg/eb-filters.md
@@ -113,0 +114,6 @@ Spamhaus Domain Block List [(if subscribed)](./eb-addons.html)
+###### Recipient address matching and subaddressing
+
+The _Recipient address_ property uses the full SMTP envelope recipient address exactly as received, including any subaddress extension (also known as "plus addressing"). For example, if a message is sent to `[email protected]`, the recipient address evaluated in the policy statement is `[email protected]`, not `[email protected]`.
+
+This means that an `EQUALS` or `CONTAINS` rule targeting `[email protected]` will not match `[email protected]`. If you need to match all subaddressed variants of an address, consider using an address list with wildcard entries (e.g., `user*@example.com`). Alternatively, `ENDS_WITH` with the domain (e.g., `@example.com`) can be used for broader domain-level matching.
+