Amazon SES

Overview

Amazon SES (Simple Email Service) is a cloud-based email delivery platform. While it is primarily a server-side service for sending transactional and marketing emails, its presence is detected on the web through tracking pixels embedded in delivered emails. These pixels measure whether recipients open emails and which links they click, providing email engagement analytics to the sender.

What This Script Does

Amazon SES itself does not load JavaScript on websites. Its web-detectable footprint consists of tracking pixels (1x1 transparent images) embedded in outgoing emails when the sender enables SES's open and click tracking features.

When a recipient opens an email, the tracking pixel loads from an SES tracking domain (typically a custom domain configured by the sender, or a default *.amazonses.com endpoint). This image request transmits:

• Recipient identifier — a hashed or encoded identifier linking the open event to the specific email address
• Message identifier — the unique SES message ID for correlating the event with the sent email
• Timestamp — when the email was opened
• IP address — the recipient's IP at the time of opening
• User agent — the email client or browser used to view the email

For click tracking, SES rewrites links in the email body to pass through an SES redirect endpoint. When the recipient clicks a link, the redirect logs the click event (link URL, timestamp, recipient identifier) before forwarding to the final destination URL.

SES does not set cookies in the recipient's browser — the tracking is entirely pixel-based and redirect-based. Each tracking event is a standalone HTTP request. SES does not build cross-site browsing profiles or participate in advertising networks.

The data collected is reported to the sender through SES's event publishing system (CloudWatch, SNS, Kinesis, or S3), where the sender uses it for email campaign analytics — open rates, click-through rates, and engagement patterns.

Consent & Compliance

Amazon SES is classified as marketing and analytics. The email tracking pixels measure engagement for campaign optimization, and email campaigns themselves are typically marketing communications.

Under the GDPR, email marketing requires prior consent under Article 6(1)(a), and the embedded tracking pixels are part of that marketing activity. The tracking pixel processes personal data (email address correlation, IP address, engagement behavior) for marketing analytics. Recipients must have consented to receive the marketing emails in the first place, and the tracking should be disclosed in the sender's privacy notice.

Under the ePrivacy Directive, the tracking pixel does not access or store data on the user's device (no cookies), so Article 5(3) is not directly triggered by the pixel itself. However, the tracking is part of a direct marketing communication, which requires consent under Article 13 of the ePrivacy Directive. The click redirect mechanism may interact with the browser in ways that warrant disclosure.

Under CCPA/CPRA, the email engagement data collected by SES tracking constitutes personal information (email address, IP, engagement patterns). If the sender uses this data for targeted advertising beyond transactional communications, it may constitute sharing under CPRA. Senders must disclose the tracking in their privacy notice and honor opt-out requests for marketing emails.

Should You Block This Without Consent?

Yes. Amazon SES tracking pixels serve marketing and analytics purposes — measuring email campaign engagement. While the pixels themselves do not set cookies, they are part of marketing communications that require consent. In a consent management context, SES tracking should be categorized with marketing email activities and disclosed to users. If the emails are purely transactional (password resets, order confirmations), the associated tracking may be reclassified as analytics only.