Easily Create Email Addresses for your Route53 Custom Domain

If you’ve ever bought a Custom Domain, chances are you wanted to have email addresses on it. Here’s a really easy way to set them up, using AWS.

Greg Farrow
May 31, 2020 · 8 min read

Registering and validating custom email addresses in Route53 and Simple Email Service (SES) doesn’t need to be difficult. But there is almost no documentation to show you how to do this easily. Here’s a simple solution.

Image for post

Buying a Custom Domain via the Route53 console on AWS is really easy. They cost anything from $9 up. With help from some good documentation, you can be set up in a matter of minutes.

Once you have your domain, you can get up and running with a static website quickly as well. As static websites become more and more popular there are lots of frameworks and guides to help you. For instance, this AWS guide will get you there in 30 minutes!


As soon as you want to add email addresses to your Custom Domain, you hit a brick wall. The documentation dries up. The docs which are available make all sort of assumptions. For instance, you already have a mail server configured. But, what if you don’t?


There are many reasons you may want to have email addresses on your custom domain. Perhaps its a personal website and you want to include your name? In my case, I am building a web app and want AWS Cognito to send its emails from my domain.

I want to achieve this:

  1. Create a Custom Domain example.com.
  2. Create a Web App which authenticates using AWS Cognito.
  3. Create an email no-reply@example.com on my Custom Domain.
  4. Have AWS Cognito send Sign Up emails from no-reply@example.com.

The scope of this post is step 3.

First the Building Blocks

Let’s assume you’ve got your Custom Domain already registered in Route53.

route53 dashboard showing one registered domain
Route53 Dashboard

We will use the Simple Email Service (SES) to register the new email: no-reply@example.com.

route53 and SES

We need to achieve two things:

  1. Verify the example.com domain inside SES.
  2. Verify the no-reply@example.com email address inside SES.

This looks simple enough, and it is. However, we have a few hurdles to jump to achieve this, particularly for point 2.

Verify a New Domain

In the AWS console, navigate to SES > Identity Management > Domains and click on “Verify a New Domain”.

verify a new domain

In the form that pops up, simply type in the domain, e.g. example.com. This will be the same as you registered in Route53. Be sure to check the “Generate DKIM Settings” box. More info here.

Image for post

Once you click “Verify This Domain” you’ll be greeted with a whole bunch of complicated-looking records and ids.

Image for post
Note: My records are deliberately blanked out

These records will allow us to do the following three things:

  • Prove to SES that we own the domain we’re trying to use.
  • Establish the DKIM records which will allow others to know who we are when SES sends emails for us.
  • Have SES receive emails on behalf of our domain.

These records could be used by any Domain Registrar to achieve our goal. However, because we’re using Route 53, we can have AWS sort out all the wiring up for us. Just click “Use Route 53”.

EDIT: You may be asked to confirm the requirement for an MX record — being told that it will overwrite any existing MX records. Because you don’t have a mail server, you can go ahead and check this box.

Verification may take a few minutes to complete, but you’ll end up with something like this:

domain verification complete

That’s it for the first step — we have a verified domain. In the next step, we will create and verify an email address: no-reply@example.com.

Verify a New Email Address

In the AWS console, navigate to SES > Identity Management > Email Addresses and click on “Verify a New Email Address”.

verify email address button

In the form which appears, just type in the email address you want to create, e.g. no-reply@example.com.

type in the desired email address

Click “Verify This Email Address” and you will be shown a message telling you a verification message has been sent to that email.

❓Wait, what? We don’t have an inbox for that email — how will I click on the verification link? 😕

Good point — and this is the real challenge.

Your email will now be sat in a state of “pending verification” indefinitely.

pending verification status

There is a good chance that, as I did, you’ve managed to get to this point already and then got stuck. It’s at this point that the trail disappears.

Don’t worry, hope is not lost. We can get that email verified with only a few more steps:

  • Create an SES Rule Set, with a Rule to forward no-reply@example.com emails to a Simple Notification Service (SNS) Topic.
  • Subscribe to the SNS Topic using our personal email.
  • Extract the link and verify no-reply@example.com!

If you want to create multiple email addresses, then repeat the Verify a New Email Address steps for each address.

Creating an Email Receiving Rule Set

In the AWS console, navigate to SES > Email Receiving> Rule Sets and click on “Create a Receipt Rule”.

create a receipt rule

Enter each email address you need to verify. Note that the verification status is set to “Verified”. This is because our new domain is verified. Then click “Next Step”.

Image for post

Add Action

This is the crucial bit. We are now able to tell AWS what to do with any emails which our new email addresses receive. This includes verification emails.

In this example, we’ll use the Simple Notification Service (SNS). When SES receives an email to no-reply@example.com, it will push that email on to an SNS Topic that we create here.

Choose SNS from the “Add action” dropdown. Select the option for creating a new SNS Topic and give it a sensible name. Select “UTF-8” encoding.

creating an sns topic

Next, give your new Rule a name. Click “Next Step”

give the rule a name

You’ll then get the chance to review your new Rule Set before clicking “Create Rule”.

Subscribing to the SNS Topic

So far we have created a system which will push any emails received by no-reply@example.com to a new SNS Topic. Next, we must subscribe to that Topic, to gain access to those emails.

SNS can push messages directly to a personal email

To do this we will subscribe using our personal email address, e.g. example@gmail.com.

In the AWS console, navigate to SNS > Topics and click on the Topic you created in the previous step.

click on the new SNS topic

Go to the “Subscriptions” tab and click on “Create Subscriptions”.

click create subscription

Leave the Topic SNS as default (this will be your new Topic). Then select “Email-JSON”. We choose JSON because the “Email” option will make not format links properly.

Enter your personal email address and click “Create Subscription”.

create a subscription

A few seconds later you will receive an email. This is to confirm your subscription. Within the email, find the link entitled “SubscribeURL” and click on it.

sns subscription confirmation link

You’ll be redirected to a funny looking XML document. This is confirming that you have successfully subscribed to the SNS Topic.

xml confirmation

If in doubt, you can check this at SNS > Subscriptions. You should see status “Confirmed” against your email address.

email address confirmed

Everything is now in place for you to receive emails which are sent to no-reply@example.com. Now we can verify that email address.

Verify Email Address

Head back to SES > Email Addresses. You’ll see that the email address is still marked as “pending verification”. You will also see a link “resend”.

the resend link

Click on the “resend” link. If everything is configured correctly, you will receive the verification email to your personal inbox! Hurray!

The email you receive will be rather horrible to read. Look through it for a phrase like:

If you requested this verification, please go to the following URL to confirm that you are authorized to use this email address

Immediately after this, you will see the verification link. Carefully copy the link. Note: do not include the “\\r\\n\\r\\n” characters.

Paste the link into your browser. You will see a message like this:

message indicating that the email address is now verified

The verification status at SES > Email Addresses will also say verified.

Well done! You now have a verified email address on your custom domain. You can use this email address for whatever you need, via SES.

A Word on Automation

I am not a fan of doing any configuration via the AWS Console. Given the opportunity, I configure and deploy AWS Services using Cloudformation and Serverless Framework wherever possible. I’m a big fan of the consistency and the time saving that Infrastructure as Code offers.

In this instance, there is little Cloudformation support for what we are doing. Some of the resources are supported, such as SES Rule Sets and SNS Topics. But to wire all that together with the other elements is messy.

Because this is likely to be largely “one-off” actions, I am of the mind that automating this overcomplicates the process, especially for a tutorial like this. However, some people have done some good work around this. If you’re seeking an automated approach check out these posts:

This article on sending emails from your personal email, via your custom domain is also a very interesting read.

Until the next time…

Whether or not you choose to pursue the automation route, I hope that this tutorial has helped to get you over the hurdle of verifying custom email addresses.

ResponseTap Engineering

The things we do and the way we do them at ResponseTap…

Medium is an open platform where 170 million readers come to find insightful and dynamic thinking. Here, expert and undiscovered voices alike dive into the heart of any topic and bring new ideas to the surface. Learn more

Follow the writers, publications, and topics that matter to you, and you’ll see them on your homepage and in your inbox. Explore

If you have a story to tell, knowledge to share, or a perspective to offer — welcome home. It’s easy and free to post your thinking on any topic. Write on Medium