Easily Create Email Addresses for your Route53 Custom Domain
If you’ve ever bought a Custom Domain, chances are you wanted to have email addresses on it. Here’s a really easy way to set them up, using AWS.
Registering and validating custom email addresses in Route53 and Simple Email Service (SES) doesn’t need to be difficult. But there is almost no documentation to show you how to do this easily. Here’s a simple solution.
Buying a Custom Domain via the Route53 console on AWS is really easy. They cost anything from $9 up. With help from some good documentation, you can be set up in a matter of minutes.
Once you have your domain, you can get up and running with a static website quickly as well. As static websites become more and more popular there are lots of frameworks and guides to help you. For instance, this AWS guide will get you there in 30 minutes!
BUT!
As soon as you want to add email addresses to your Custom Domain, you hit a brick wall. The documentation dries up. The docs which are available make all sort of assumptions. For instance, you already have a mail server configured. But, what if you don’t?
WHY?
There are many reasons you may want to have email addresses on your custom domain. Perhaps its a personal website and you want to include your name? In my case, I am building a web app and want AWS Cognito to send its emails from my domain.
I want to achieve this:
- Create a Custom Domain example.com.
- Create a Web App which authenticates using AWS Cognito.
- Create an email no-reply@example.com on my Custom Domain.
- Have AWS Cognito send Sign Up emails from no-reply@example.com.
The scope of this post is step 3.
First the Building Blocks
Let’s assume you’ve got your Custom Domain already registered in Route53.
We will use the Simple Email Service (SES) to register the new email: no-reply@example.com.
We need to achieve two things:
- Verify the example.com domain inside SES.
- Verify the no-reply@example.com email address inside SES.
This looks simple enough, and it is. However, we have a few hurdles to jump to achieve this, particularly for point 2.
Verify a New Domain
In the AWS console, navigate to SES > Identity Management > Domains and click on “Verify a New Domain”.
In the form that pops up, simply type in the domain, e.g. example.com. This will be the same as you registered in Route53. Be sure to check the “Generate DKIM Settings” box. More info here.
Once you click “Verify This Domain” you’ll be greeted with a whole bunch of complicated-looking records and ids.
These records will allow us to do the following three things:
- Prove to SES that we own the domain we’re trying to use.
- Establish the DKIM records which will allow others to know who we are when SES sends emails for us.
- Have SES receive emails on behalf of our domain.
These records could be used by any Domain Registrar to achieve our goal. However, because we’re using Route 53, we can have AWS sort out all the wiring up for us. Just click “Use Route 53”.
EDIT: You may be asked to confirm the requirement for an MX record — being told that it will overwrite any existing MX records. Because you don’t have a mail server, you can go ahead and check this box.
Verification may take a few minutes to complete, but you’ll end up with something like this:
That’s it for the first step — we have a verified domain. In the next step, we will create and verify an email address: no-reply@example.com.
Verify a New Email Address
In the AWS console, navigate to SES > Identity Management > Email Addresses and click on “Verify a New Email Address”.
In the form which appears, just type in the email address you want to create, e.g. no-reply@example.com.
Click “Verify This Email Address” and you will be shown a message telling you a verification message has been sent to that email.
❓Wait, what? We don’t have an inbox for that email — how will I click on the verification link? 😕
Good point — and this is the real challenge.
Your email will now be sat in a state of “pending verification” indefinitely.
There is a good chance that, as I did, you’ve managed to get to this point already and then got stuck. It’s at this point that the trail disappears.
Don’t worry, hope is not lost. We can get that email verified with only a few more steps:
- Create an SES Rule Set, with a Rule to forward no-reply@example.com emails to a Simple Notification Service (SNS) Topic.
- Subscribe to the SNS Topic using our personal email.
- Extract the link and verify no-reply@example.com!
If you want to create multiple email addresses, then repeat the Verify a New Email Address steps for each address.
Creating an Email Receiving Rule Set
In the AWS console, navigate to SES > Email Receiving> Rule Sets and click on “Create a Receipt Rule”.
Enter each email address you need to verify. Note that the verification status is set to “Verified”. This is because our new domain is verified. Then click “Next Step”.
Add Action
This is the crucial bit. We are now able to tell AWS what to do with any emails which our new email addresses receive. This includes verification emails.
In this example, we’ll use the Simple Notification Service (SNS). When SES receives an email to no-reply@example.com, it will push that email on to an SNS Topic that we create here.
Choose SNS from the “Add action” dropdown. Select the option for creating a new SNS Topic and give it a sensible name. Select “UTF-8” encoding.
Next, give your new Rule a name. Click “Next Step”
You’ll then get the chance to review your new Rule Set before clicking “Create Rule”.
Subscribing to the SNS Topic
So far we have created a system which will push any emails received by no-reply@example.com to a new SNS Topic. Next, we must subscribe to that Topic, to gain access to those emails.
To do this we will subscribe using our personal email address, e.g. example@gmail.com.
In the AWS console, navigate to SNS > Topics and click on the Topic you created in the previous step.
Go to the “Subscriptions” tab and click on “Create Subscriptions”.
Leave the Topic SNS as default (this will be your new Topic). Then select “Email-JSON”. We choose JSON because the “Email” option will make not format links properly.
Enter your personal email address and click “Create Subscription”.
A few seconds later you will receive an email. This is to confirm your subscription. Within the email, find the link entitled “SubscribeURL” and click on it.
You’ll be redirected to a funny looking XML document. This is confirming that you have successfully subscribed to the SNS Topic.
If in doubt, you can check this at SNS > Subscriptions. You should see status “Confirmed” against your email address.
Everything is now in place for you to receive emails which are sent to no-reply@example.com. Now we can verify that email address.
Verify Email Address
Head back to SES > Email Addresses. You’ll see that the email address is still marked as “pending verification”. You will also see a link “resend”.
Click on the “resend” link. If everything is configured correctly, you will receive the verification email to your personal inbox! Hurray!
The email you receive will be rather horrible to read. Look through it for a phrase like:
If you requested this verification, please go to the following URL to confirm that you are authorized to use this email address
Immediately after this, you will see the verification link. Carefully copy the link. Note: do not include the “\\r\\n\\r\\n” characters.
Paste the link into your browser. You will see a message like this:
The verification status at SES > Email Addresses will also say verified.
Well done! You now have a verified email address on your custom domain. You can use this email address for whatever you need, via SES.
A Word on Automation
I am not a fan of doing any configuration via the AWS Console. Given the opportunity, I configure and deploy AWS Services using Cloudformation and Serverless Framework wherever possible. I’m a big fan of the consistency and the time saving that Infrastructure as Code offers.
In this instance, there is little Cloudformation support for what we are doing. Some of the resources are supported, such as SES Rule Sets and SNS Topics. But to wire all that together with the other elements is messy.
Because this is likely to be largely “one-off” actions, I am of the mind that automating this overcomplicates the process, especially for a tutorial like this. However, some people have done some good work around this. If you’re seeking an automated approach check out these posts:
- How to deploy AWS SES Domain Identities and DKIM records using Cloudformation by Mark van Holsteijn — he also provides code on Github.
- Verify Domains for SES Using Cloudformation by Simon-Pierre Gingras
This article on sending emails from your personal email, via your custom domain is also a very interesting read.
Until the next time…
Whether or not you choose to pursue the automation route, I hope that this tutorial has helped to get you over the hurdle of verifying custom email addresses.
