AWS – Verifying Outgoing SES Email Addresses Without an Email Server
Recently I was working on an internal business application for my company, Rackspace. We have the need to send outgoing emails (as most applications need).
Sending outgoing SES emails requires a validation on the FROM email address, and our controlled domain, let’s call it beta.thing.rackspace.com, didn’t have the need for a full email server. Validating email@example.com did pose a problem. To validate, an email is sent to the address being validated with a link to click that confirms you have access to this email. We needed a way to capture this validation email without an email server.
My colleague recommend this little trick. It involves leverage SES incoming rulesets, an sns topic and an sns connection. DNS ownership is already validated through Route53 and Route53 controls all DNS records for beta.thing.rackspace.com.
First we’ll setup a SNS topic that we can send any incoming emails to:
Then we’ll setup a subscription that forwards all messages received by the topic to an email address I do have access to:
Finally, we’ll setup a RuleSet in SES to forward incoming emails to our SNS topic:
Click the Create a Receipt Rule and add the email address being validated:
Once added, validate you own the domain by following the steps described. This typically means adding a TXT record to Route53 and adding a MX record for incoming emails.
Click Next to decide what to do with the incoming emails. Choose SNS and pick your SNS Topic you created in the previous step:
Click Next Step and setup some of the rule’s metadata:
Click Next Step again. Review your setup and then click Create Rule:
Now you should be all setup. Go ahead and validate your email address (again, in SES):
The email address should be sent to your domain (in my case: beta.thing.rackspace.com), the SES Rule Set forwards it to SNS and then SNS sends it to your email address.
There you go! Validate an email address without having an email server.