Setting up SES for email sending AND receiving
Setting up Amazon SES to send and receive emails:
# WARNING: Amazon SES only supports receiving emails in a small handful of regions. Make sure you set it, and anything else you need to link to it (e.g. SNS) up in a supported region to avoid frustration later.
- Register your domain in Route 53 (or transfer it).
- In Amazon SES, create a new verified identity for your domain. Choose Easy DKIM and make sure both 2048-bit RSA and "Publish to Route 53" are enabled. Optionally enable custom MAIL FROM domain, but we'll need to change this later anyway.
- Create an S3 bucket to store your received emails. Unlike other stuff connected to SES, this doesn't have to be in one of the supported domains mentioned above. We'll modify the access policy for this bucket later.
- Go into the Amazon SES console -> email receiving (if it doesn't show up in the navigation panel, you aren't using a supported region).
- Create a rule set, and take note of its name. Don't create a receipt rule yet - it will fail, as we need to modify the S3 bucket policy first.
- Modify your S3 bucket's JSON access policy, as described in this link: https://docs.aws.amazon.com/ses/latest/dg/receiving-email-permissions.html. You haven't created a receipt rule yet, but put the name you will use in the policy here, and then we'll be able to create a receipt rule with that name.
- Create a receipt rule for your rule set. Optionally give it recipient conditions if you want, and for actions, select Deliver to S3 bucket. Specify the bucket you created, a prefix (optional), and if you want, an SNS queue to publish to as well.
Before this will work, we need to modify or create an MX record for the domain in Route 53.
- This link has some information: https://docs.aws.amazon.com/ses/latest/dg/receiving-email-mx-record.html ; however, note that the MX record must be for the root domain, NOT a subdomain like "mail.<domain>". Make sure the value of the MX record is set to an inbound SMTP server (e.g. inbound-smtp.us-east-1.amazonaws.com).
Sending and receiving emails should now work. To get information about failed email sends, hard bounces and the like, you need to set up SNS and SQS to handle that.