The Startup
Published in

The Startup

AWS, MX Records, and Minding Gaps

For the longest time, I used to avoid setting up custom, domain specific email addresses on domains I owned. There were a couple of reasons for this.

One, I figured that since everyone is already familiar with GMail and it has achieved such cachet that even Yahoo launched Ymail, I wasn’t really losing a lot by not having personalized email addresses.

Two, in my limited experience in trying to setup email addresses I owned — basically setting up email on my domain by clicking on some barely understood sequence of cPanel checkboxes/radiobuttons — I had come to realize that I seldom actually used these special email addresses because reading those emails without proper spam filters in a unfamiliar (i.e., non-GMail) UX was annoying to say the least.

That has changed after I moved my personal website off Linode to AWS.

The confidence I gained from dicking around on the AWS console made me wonder if I should get myself an email address.

Simple Email Service

AWS has this wonderful utility called Simple Email Service which makes the process of setting up your own mail server a cinch. Philosophically, SES is a transactional email service— think marketing or 1:N communication. It closer to MailChimp than GMail. I’ll have more to say about this later.

From my newbie perspective, the only issue with SES is that its documentation, like a lot of AWS documentation, is needlessly dense and mystifying.

For example, take a look at the below screenshot. At first glance, you would be hardpressed to explain why Identity Management, so easily confused with IAM and Security, has a place in the left menu.

Courtesy: My personal image library

In fact, Identity Management could be better thought of Domain or Email Verification because that is what it is.

It is a way for SES to determine whether you own either the @domain or a one/more FROM emails you wish to use to send emails through SES.

Recall from above that generally SES, like Mailchimp, is used to send or receive mass emails. One option is to verify a handful of FROM email addresses which you can use to send emails. The other option is to verify an entire domain by creating the proper MX, TXT, and CNAME DNS entries on your nameserver. Once the domain is verified, literally any email can be use to send emails. SES will handle them all with grace. This is probably what allows Mailinator to supply us with unlimited disposable email addresses.

One HUGE issue with SES is that natively you can’t view incoming emails. Think about what I just said. SES provides no way for your to easily see emails sent to your personalized email address!

The best you can hope for is to save inbound emails to an S3 bucket and use SNS to directly notify you when an email is received.

Each email saved to S3 is basically a .eml file — though inside S3, they file is called .dms. You can download the .dms file, rename it to .eml and open it in Mail or Outlook.

This really is about sounds tedious as it sounds :).

For a second, I thought I had discovered a gap in the AWS offering where an enterprising entrepreneur — me? — could provide a SaaS to convert .dms emails into readable, human friendly HTML.

Alas, that was not to be.

With WorkMail, lAWS, that relentless Stairmaster of cloud solutions, has solved this problem.

Your inbound emails can be automatically forwarded to an inbox contained inside yet another AWS SaaS called WorkMail which provides a full, industrial grade inbox solution. Their pricing for this service is an ultra aggressive $4/month/user for 50GB of space.

The other, FREE, solution is this open source workaround. It uses Lambda functions to listen to notifications from SES when a new email arrives, then it goes to the S3 bucket where the email has been saved, extracts the contents of that email and forwards it to GMail.


  1. Setting up your own mail service using SES is easy. I wasn’t even using Route 53 and it took me roughly 2–3 hours to get everything set up. There is one gotcha in this — you cannot have a CNAME and an MX record having the same root key, i.e., you cannot have a CNAME record where -> valueA and an MX record = -> valueB. Since the LHS of the assignments are the same, your name server is probably going to refuse. More details here.
  2. If you want a professional inbox, go with WorkMail. It’s really nice.
  3. If you don’t want to give more money to AWS, use the FREE, open source AWS Lambda SES forwarder to forward inbound emails to your preferred GMail etc account.

This story is published in The Startup, Medium’s largest entrepreneurship publication followed by 337,320+ people.

Subscribe to receive our top stories here.




Get smarter at building your thing. Follow to join The Startup’s +8 million monthly readers & +756K followers.

Recommended from Medium

One to Many / Part 1

❔ re:compass #44: A Good Question

OKRs and How to Use Them for Your Growth Team

How To Build A Community Centered Product

Are You a Minimalist Mom or Maximalist Mom?

0% women is not the “right direction”​. — and how to fix it.

myfirstminute in conversation with Matt Mullenweg

Web 3.0 vs Elon Musk: Why Elon Musk is jittery aboutWeb3.0?

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Sai Ramachandran

Sai Ramachandran

I am the founder of which lets you write and post to your blog from Gmail. You can also reach me at

More from Medium

5 Most important AWS Services for web developers

AWS services

I was charged a bill in AWS EC2 instance during my free tier…. but how you can prevent it!

A comprehensive guide on AWS and services it provides

Getting started with AWS lambda and serverless framework