AWS SES + Gmail = Free Business Email ID

Publish Date: Sep 12 '20

176 32

My website is hosted on AWS Free Tier, and I wanted to create a free company/business email address for people to contact me. If you are already on AWS, and want to create an email address like contact@simplq.me it doesn't cost anything.

What you need:
1) An AWS Account
2) A domain name (simplq.me in my case)
3) Gmail account (Other email services should also work)

What you don't need: A GSuite Account

(If your domain is on Google Domains, setting up email forwarding is easy.)

I've covered all the necessary steps in brief, but if you need help or get stuck somewhere, let me know in the comments.

If you want two way communication, not all regions support it. I set this up in us-west-2 (Oregon) even though my website is hosted in ap-southeast-1 (Singapore).

Setup SES - Simple Email Service

On AWS Console, switch to us-west-2, go to SES, and verify your domain:

If your DNS is managed by Route53, Amazon can automatically update the entries, click on "Use Route53" button on the next page. Otherwise, you have to manually set the entries in your current DNS registrar.

Verify Your Current Email

This step is easy, your current Gmail address that you want Amazon to relay all communications to, verify it with SES.

You'll get a confirmation email, as part of the verification process.

Configure SES Email Forwarder

In the coming steps, we will configure SES to trigger a lambda which will forward emails to our personal email.

Create a blank Node.js 12.x runtime Lambda function with no triggers in the same region, and use this file as the function code.

There is a config object in the code which requires some tweaking:



var defaultConfig = {
  fromEmail: "contact@simplq.me",
  subjectPrefix: "",
  emailBucket: "<s3-bucket-name>",
  emailKeyPrefix: "mails/",
  allowPlusSign: true,
  forwardMapping: {
    "contact@simplq.me": [
      "<your-gmail-id>@gmail.com"
    ]
  }
};

fromEmail should be the business email which your customers would see. We will later create an S3 bucket to store our emails. Choose a bucket name and give it as emailBucket. In the forwardMapping section, you should configure the gmail address which you verified in the previous step.

arithmetric/aws-lambda-ses-forwarder is a awesome repo, it supports many more configurations, you should check it out if you want to create and forward multiple emails, or forward emails to multiple people.

Attach this policy to the service role of the Lambda, to give it access to the S3 bucket, and also SES:



{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "VisualEditor0",
            "Effect": "Allow",
            "Action": [
                "s3:PutObject",
                "s3:GetObject"
            ],
            "Resource": "arn:aws:s3:::<s3-bucket-name>/*"
        },
        {
            "Sid": "VisualEditor1",
            "Effect": "Allow",
            "Action": "ses:SendRawEmail",
            "Resource": "*"
        }
    ]
}

Create a Rule in SES

This ties everything together, go back to SES console and create a new Email Receiving -> Rule Set. You will set a rule, where you configure two "Actions", one to save all emails to a S3 bucket which you can create from this screen, and another to trigger the Lambda created in the previous setup to forward the mails. Use the below screenshot as reference:

At this point, if you send an email to your business email, the personal Email ID should receive it. Test and make sure that it works, use Cloudwatch Logs for the lambda to debug in case of issues.

Configure Gmail

Next is to add this new email as a new identity to your Gmail account. Go to SES's SMTP Settings and create a new SMTP Credential.

At the end, you'll get a username and a password, which you should add to your Gmail Settings:

Last Step - Verification

Initially your newly configured Amazon SES service will be quarantined (sandboxed) by Amazon as a measure of protection against possible abuse and spam. To remove it from quarantine and allow normal mailing, as the last step, you need to open a support ticket to Amazon and fullfill a request. Otherwise you will see how the emails you send bounce with the following error message:



554 Message rejected: Email address is not verified. The following identities failed the check in region ...

They approved within minutes in my case. Go to Sending Statistics section to raise a request:

That's it! Your business email is ready to use. Let me know in the comments section if you face any issues. Hope you enjoyed it.

If you want to reach out to me for consulting or mentoring, you can book a slot here.

Comments 32 total

daltonfury42Sep 12, 2020
Another similar article, in case you got stuck: infra.engineer/aws/11-using-gmail-...
Chris ShortSep 13, 2020
Is this working again?

Was broken for a bit.
- daltonfury42Sep 13, 2020
  I was able to set it up yesterday. So is working, I guess
Meir GabaySep 13, 2020
An honest question - is this better than using Google's MX records in Route53? I'm trying to understand the benefits of this method

Ref - support.google.com/a/answer/614969...
- daltonfury42Sep 13, 2020
  I've not gotten chance to play with GSuite / GApps for business much, but I am guessing this works only when you have a paid GSuite Account?
  
  This solution is when you have a free personal Google account. Please correct me if I am wrong, though.
  - Meir GabaySep 13, 2020
    I think you are right, my assumption was that you have a GSuite account since you talked about a "company/business email address". I don't think it's possible to use MX records with a personal account, thanks for the clarification
    - daltonfury42Sep 14, 2020
      Hey. Thanks for pointing this out.. I'll edit the post to make this clear.
Sebastian WeigandSep 14, 2020
Pro-tip: You can do all of this with built-in functionality with Google Domains, where you can establish mail aliases and forwarding rules from your custom domain. There's no need for extra complication or additional services.

See this article for more information.
- daltonfury42Sep 14, 2020
  Yep, if your are willing to transfer your domain to Google Domains, this is looking very easy!
- Anurag SinghSep 24, 2020
  Thanks for this info, i was using improvmx till now even though I have a google domain.
Lewis CowlesSep 14, 2020
I sort of love you for this, but you can setup any email host just using route53 and likely own less of a footprint, and escape gmail
- daltonfury42Sep 15, 2020
  Hey. I want to give this a try, can you give me a rough idea. Can I do this using my personal gmail account? Otherwise which mailbox providers allow this?
  - Lewis CowlesSep 15, 2020
    Sure, so I don't know how much you understand DNS, but the way I use a shared host to do this is to tell them I'm hosting a domain with them. I don't change the nameservers, because I love AWS and am cheap.
    
    I can then go into their DNS settings, take out the MX records and place them into my AWS.
    
    You can use AWS UI to do this, or Terraform, or any other IaC tooling that integrates with your cloud provider (doesn't have to be AWS, can be Azure, GCP or DigitalOcean AFAIK)
    
    There are some gotchas. I don't think Heroku supports, but you can have heroku only own a CNAME.
    Also you should not move other subdomains like webmail to your domain. Let the shared host do that with SSL and all the bells and whistles to secure your email from attackers. You can also front that with SES and forwarding rules, although I was gutted to see that.
ypkSep 15, 2020
Your S3bucket Permissions throws an error: "Missing required field Principal"
- daltonfury42Sep 16, 2020
  Hi,
  
  Can you add SES as a principal to your bucket's policy? In my case, since I created the bucket from within SES, the policy was set for me.
  
  stackoverflow.com/questions/418192...
  - ypkSep 18, 2020
    I've followed other tutorial linked in one of the replies. Yes you can add principal as it did allow me to.
    
    I'll be honest, this instructions are not walk in the park, I was expecting a push button solution.
andrewrookeSep 17, 2020
While this may be a good way to get started quickly, have you thought through the implications for SPF and DMARC ?

Every time i create a business domain and email service, I ensure I configure SPF and DMARC (and ideally DKIM) to secure my email service.
wandetriNov 2, 2020
Hi Thanks for this trick
Its Working!
but there is a problem, all of my sent email goes to Promotion tab in gMail Inbox

edit
After I modify the email content to longer and more 'personal' instead of 'Test Email', it goes to my main inbox.

Thanks!
VictorNov 21, 2020
We don't need to create a MX record?
- daltonfury42Nov 25, 2020
  Yes, you need to if you want to receive emails. This is covered in the Setup SES section
erandindJan 6, 2021
Hi,
Thanks for the tutorial.
I need to forward emails to gmail account as you mentioned.
first I tried the AWS documentation aws.amazon.com/ru/blogs/messaging-... for this.

I'm getting emails to AWS - S3 bucket
SES also seems to work properly, I assume. ( I'm getting notifications through SNS),
But non of the emails are forwarded to my gmail account.

So I thought the issue is with LAMBDA FUNCTION I added (according to the AWS blog.

SO I tried the above LAMBDA FUNCTION,
Created RECIPT RULES, S3 bucket, IAM POLICY

But still I'm not getting emails to my Gmail.
It stops at the S3 bucket. I'm getting the notification with the receipt.

I followed the troubleshoot as well.
Can you please suggest a solution to this issue. I'm not a coder. I'm just following the steps and changing details.
- daltonfury42Jan 16, 2021
  Hi @erandid,
  
  Coder or not, best way is to look at some logs. Do you have cloudwatch logs for the lambda..? Else set it up and can you see if there are any clues there?
Sowmen RahmanFeb 10, 2021
Also, for people who’re setting up their hosted zone for the first time may not be aware of the 1$ charge, so look out for that guys!
Shreyash GuptaMay 18, 2021
Hi,

I am the Co-founder of Looseleaf which is a startup in the education sector of India. We currently want to get our domain emails using the AWS SES. I would like to ask if you would be interested in helping us out as it seems that you know what you are doing. Let's discuss further details below!
Contact Email: officiallooseleaf@gmail.com
Our website: looseleaf.in
- daltonfury42May 21, 2021
  Hi Shreyash,
  
  I'd be happy to help. Let's connect this weekend.
  - Shreyash GuptaMay 21, 2021
    Just send me an email with your times that you can hop on a google meets call this weekend and then we will go on from there!
EricJul 28, 2021
Excellent! except the missing bucket creation+permission part as described on stackoverflow, thank you
OmNov 18, 2021
Is this for free plan on AWS, will i not be charged for sending emails from outside AWS with Gmail client
Jörg RechApr 1, 2022
Hi! Just implemented it for one of my domains and it works really well - thank you! One question though: Do I need to "register" every name of a domain at Gmail or should it work out of the box? For example:

I have the following config in the Lambda code:
forwardMapping: { "@<MY_DOMAIN>.com": [ "<ME>@gmail.com" ] }
However, only @.com is forwarded to Gmail (where I added this email address) but emails to info@.com is only stored in S3 but not forwarded.
- Chris HayesJul 22, 2024
  For what it's worth - I haven't had that issue, it works as wildcard for me with all the email addresses I don't specifically mention.

Aftab NaveedDec 26, 2023

I just tried configuring it on my GMAIL account, I was able to make the AWS SES part working and can see emails arriving to my S3 bucket, however when I try to connect my Gmails' "Send mail as " I get this error

Authentication failed. Please check your username/password.
Server returned error: "DNS Error: DNS type 'aaaa' lookup of smtp.email-smtp.us-east-1.amazonaws.com responded with code NXDOMAIN DNS type 'a' lookup of smtp.email-smtp.us-east-1.amazonaws.com responded with code NXDOMAIN, code: 553"

Ankush JainDec 17, 2024
Created a video tutorial on the same topic inspired by this blog.

Creating Business Emails using Amazon SES | Sending & Receiving Emails with Amazon SES

youtube.com/watch?v=LhkXP9Oli7U

Add comment

daltonfury42 @daltonfury42