You want free email for your domain (you@yourdomain.com), don’t you? Of course you do. And chances are your shared hosting provider has this service available to you. However, as we know for my recent article
Firing Bluehost–How I Doubled My Site Speed Using AWS and Other FREE Services
Your shared hosting provider is most likely slowing your site down, reducing your rank in Google’s SERPs, and is wholly incompetent when it comes to handling anything but the most basic support requests. That’s why I moved this site off of Bluehost’s shared hosting and it is why you should move yours.
One of the biggest problems that needed addressed during the move was what to do about email. I have several different email addresses at several different domains. I wanted all the email to show up in the same box, be labeled as the the account it was sent to, and automatically reply with the address to which it was originally delivered. Tall order, right? Oh, and I want to do all of this for free. Here are the services that we’re going to use:
Gmail
If you don’t have a free email account at GMail I would like to personally welcome you to the 21st Century. GMail is hands down the best free email service on the web. ‘nuff said.
Google Domains
Google Domains BETA is providing registrar service. It’s $12 / year for a .com, which is probably cheaper than your current host. The interesting thing here for our purposes is that they provide free email forwarding for up to 100 addresses per domain. Say what?
Even if you’re moving your domain hosting elsewhere I highly recommend moving your domain registration over to Google. The idea behind Google Voice is: The last phone number you’ll ever need. I think we should look at Google Domains the same way. Why do we drag our domain registrations from webhost to webhost with our websites? It just doesn’t make any sense.
Amazon Simple Email Service (SES)
Did I say FREE? I may have been pulling your leg a little. My total bill for email services for 7 domains with Amazon SES last month was $0.01. That’s right, 1 cent. And that’s just because I’m using the service from outside the AWS Cloud. If you’re inside the cloud you can likely stay within these free tier parameters:
If you are an Amazon EC2 user, you can start sending with Amazon SES for free. You can send 62,000 messages per month to any recipient when you call Amazon SES from an Amazon EC2 instance directly or through AWS Elastic Beanstalk. Additionally, you can also receive 1,000 messages per month for free on Amazon SES. Many applications are able to operate entirely within this free tier limit, and it does not expire after a year.
Got it? Good. Now let’s take a look at getting all of these services working together to provide domain email service. I actually have a new domain Raft for Fun that I’ve been tinkering with that doesn’t have email service yet. Let’s walk through the steps of getting it setup. I’m going to assume that you already have a GMail account and take it from there.
Setup Google Domains Email Forwarding
Head on over to domains.google.com. Once you have moved your domain or registered a new one, click on email settings and add the following info like so:
If you have not previously registered the account you’re forwarding to you’ll have to go through a standard email verification process. Note, after you have forwarded your first address in the domain Google Domains automatically sets up Synthetic DNS records for email service:
Give it a test. You should now receive email for you@yourdomain.com in your GMail Account. That’s the easy part.
Sending Mail With Amazon Simple Email Service (SES)
If you don’t already have an AWS account head on over to aws.amazon.com and create one.
One thing to be mindful of is that when you first create an SES account it will be sandboxed. This means that SES will only send email to approved and verified addresses. You can find instructions on the SES console homepage to “free” your account from the sandbox.
The first thing you want to do is verify your domain. Click “Verify Domain” in the Console, enter your domain name, and you’ll get this box:
The important information here is the Domain Verification Record. Head back over to Google Domains > DNS Settings > And create a new text record like so:
After a few minutes your domain should show in SES as verified.
While your waiting. Head to the “Email Addresses” section of SES and verify your email address.
This is another standard email verification process. Once your finished verifying your email address check back and make sure that your domain has been successfully verified. If both are successful (and you are no longer sandboxed) you are now ready to send email. Let’s create our SMTP Credentials. In the SES console go to SMTP Settings > Create My SMTP Credentials > Click Create in the Bottom Right Corner You should get something like this:
Save that and we’re back to GMail. Remember, we can already receive mail because we setup forwarding in Google Domains. Now to send mail, in GMail, we’re going to click on the Gear > Settings > Accounts and Import > Send Mail As > Add Another Account You Own. Input your information as follows:
These are the credentials from the previous step.
You will once again be prompted to verify your email account. After you verify that’s it. You can now send and receive your domain email right from your GMail account.
The very last thing to do is go back to your GMail settings and set GMail to reply using the address the email was originally sent to:
You’re done.
Conclusion
It’s a little bit of work, but using this method I have setup free email for multiple addresses at multiple domains that all lands in the same place, is marked with where it was sent to, and automatically replies from the address it was sent to. What more can you ask for from almost free?
Kenny Lange says
Another great post, Brandon! I am curious about your migration that you mentioned at the top of the post since you covered the creation of a brand new email address.
What was the email downtime, if any, with this type of move?
Also, I (along with a few clients) utilize Google Apps for Work, are the steps the same?
Thank you!
Doug Mehus says
Great post but I’m confused on AWS’ Free Tier. The SES service doesn’t expire after 12 months but EC2 does. Can you still use the SES service for domains you’ve created within the Free Tier’s limits (which seem fine for personal, home use) after 12 months?
Also, your tutorial appears to show the process in utilizing Google’s Gmail as the front end and Amazon’s SES as the POP3/IMAP/SMTP server, which is all well and good assuming you want to continue using Google’s Gmail as your front end. Does Amazon SES not include some sort of basic, web-based e-mail interface one can utilize or would one have to set up a separate Amazon service to be able to install, let’s say as an example, Zimbra, Horde, SquirrelMail or Roundcube (or some other open source e-mail software – which would you personally recommend?)? How difficult would that be? I don’t mind following an existing tutorial as I’m familiar with setting up various services on a Linux box remotely through SSH (i.e., Vanilla’s forum software, phpBB, phpMyAdmin and a few others? Also, if using Amazon SES, do you have to use Amazon to host your DNS service and, if so, is Amazon’s DNS service included within the free tier?
Any information appreciated. :)
I currently use Google Apps for Domains or whatever’s it called now, limited to 25 free email accounts but it’s closed to new sign-ups (for free), I believe. :(
Cheers,
Doug
Brandon Edward says
For your first question, I don’t think SES is ever actually included in the free tier, but at a penny per 1,000 messages or whatever it is it might as well be free.
Or the second question, close, but no cigar. I’m using SES to send email. Google domains is aliasing and forwarding email, and GMail is receiving that mail and acting as the mailbox.
AWS does have a native email client you can use with SES:
https://aws.amazon.com/workmail/
That sort of takes the free out of it though.
You do not need to host your DNS with AWS to make this work. In this example my DNS is hosted by Google.
Hope that helps.
Jacob Jimenez says
Hi Brandon, can you help me? Your tutorial looks great, but I have a question about it: This will only works with domains.google.com? can I use another DNS manager? for example I have my domains right now at GoDaddy, in the future I want to transfer to Amazon AWS, but now with your tutorial I don’t know if transfer it to Google or to Amazon…. Thanks.
Brandon Edward says
Jacob,
As long as you can setup the email forwarding and the necessary DNS records with your current provider it should work just fine. I just happen to use Google Domians.
Thanks for stopping by.
Brandon
Carlos says
Regarding moving SES out of sandbox: “You can find instructions on the SES console homepage to “free” your account from the sandbox.”
Can you give me an example of how you described your SES Use Case in the support form? Did you just write you intend to use it simply for sending and receiving personal email? Or use it for marketing purposes (with estimated usage statistics etc.)?
As far as I can tell SES is not really meant to be used just for personal emails, but for mass marketing. Although I’d like to use SES for sending marketing emails, I’m not quite there yet and would just use it for personal mail. If I write this into the Use Case form, I’m not sure if they’d accept it.
Brandon Edward says
WordPress blog notifications should do…
Carlos says
Thanks for replying. This is what I ended up using, it was confirmed in a few hours:
“I’m requesting moving SES out of the sandbox environment. I’m starting a weekly newsletter to my personal blog’s subscribers and would like to use SES to send them emails. Initially, a max desired send rate of 1 email / second would be more than enough.
Best regards,”
Brandon Edward says
Awesome. I also use the WP SES plugin to send all WordPress notifications through SES. Works like a charm…
Umar Nawaz says
Brandon i am newbie with the email stuff….I am planning to launch my ecommerce website….my website is located on ec2 instance and my domain name is registered with godaddy….what is the best possible way to achieve my target.I want to have info sales support emails with my domain name next and able to send and recieve emails also and order confirmation email to customers.
Brandon Edward says
That is the purpose of this tutorial. If you’re using Google Domain you can just forward all domain email to one gmail address. That way you get support, info, sales, everything. Or you can split them up to go to separate email. Whatever works best for you. I’ve done it both ways without any trouble.
Doug Mehus says
Brandon, thanks for your reply. Yeah, a penny (or even less than a couple bucks) a year to send mail through SES might as well be free. I see you’re using SES for the SMTP server and using Gmail to alias/forward your messages – I remember in the “old days” (i.e., more than 15 years ago), mail forwarding for custom domains was kind a clunky, “low rent” way of having personalized e-mail (i.e., the e-mail address(es) and the extra mail servers displayed in the message header). Has it improved? And, with SES, if you wanted to have multiple e-mail accounts on the same domain name, this would be possible, presumably, by creating the “user” and their password and then that user just sets up the aliasing/forwarding with their Gmail (or Outlook) e-mail account?
If you wanted to use a free web-based e-mail add-on, like Horde or SquirrelMail, which AWS “instance” or service would I need to use to set that up and what I am looking at roughly, annually, for, let’s say, up to 10 e-mail accounts (on one or different domain names) with the ~1000 messages sent that you quoted earlier? We’d have to incorporate messages received, though, too, so let’s factor in, hrm…maybe 2000 messages (including spam)? My Gmail address gets lots of spam because it’s a prime domain name with LOTS of users so the spambots can just add a bunch of dictionary combinations of letters. My Google Apps grandfathered free account (up to 25 accounts on 1 domain, I think) gets 0 spam.
In terms of Amazon’s DNS, though, I think it’s in the “free” tier, right?. Have you used it and how decent is it? I’m mostly using Uniregistry’s and Cloudflare’s DNS servers currently.
Cheers,
Doug
Doug Mehus says
On the first point, re-read your tutorial – wait, it looks like we’re creating the accounts on the custom domain with Gmail and TXT record in the DNS zone file that allows Google to access your Amazon SES SMTP server is what allows the messages through the server, right? So, if you had two Gmail accounts on the same custom domain, would you have to have two TXT records or do you still have to create an SMTP account on Amazon SES as well?
Cheers,
Doug
Doug Mehus says
On my last reply, nevermind. I get it now. My question is, let’s say for a small business, community group, club, etc., you’d need to have that one domain name shared across Gmail accounts. Can the TXT record be shared with other Gmail users?
If so, sweeeeetttt! :)
Cheers,
Doug
Doug Mehus says
Awww…crap…I didn’t realize you had to use Google Domains, too, to create an e-mail forward!? I thought they were set up in Amazon SES! I’ve already done the Amazon SES and DKIM signing domain verification in my zone file on Uniregistry’s nameservers but Uniregistry doesn’t appear to offer e-mail forwarding. They have web forwarding and web redirects. Can I use an e-mail address in the web forward, perhaps?
I really don’t want to set things up and migrate my nameservers to Google Domains or to Amazon DNS. :(
Harumpf.
Cheers,
Doug
Brandon Edward says
That’s going to be based on your registrar. I imagine a lot of them do provide a simple email forwarding service. For instance, if you have your domain registered with GoDaddy you would:
Go to Workspace email, expand and click “set up” then set up “Free Account forwarding with domain”
Doug Mehus says
Sorry for the multiple posts, Brandon, doesn’t look like I can edit my last one – at least you’ve unmoderated me as an established commenter on your blog! ;)
I just did a nslookup on “raftforfun.com” to see your DNS zone file and see what type of DNS record is used for e-mail forwards…looks like you’re using Google Apps for e-mail? I don’t see your Amazon SES records. Did you switch? :(
I’ve set my MX record to Amazon SES…can’t I set up the e-mail forwards in AWS?
Cheers,
Doug
Brandon Edward says
So, I buy my domains through Google Domains, which allows you to set up easy forwarding. I just forward mail going to @raftforfun.com to my private email address @gmail.com. I then use SES to reply to those email so they come from @raftforfun.
Edit: That’s cover in the “Setup Google Domains Email Forwarding” section
Doug Mehus says
That’s not what your zone file shows though. It’s showing you’ve got a Google Apps account set up for mail for “raftforfun.com,” i.e. there’s no Amazon SES TXT or MX records.
I switched my nameservers for “mehus.ca” to Amazon Route 53, please tell me they support creating e-mail forwarding records, either natively within the UI or can I set up a type of DNS record as an e-mail forwarding record manually (i.e., a TXT record, perhaps?)?
Cheers,
Doug
Brandon Edward says
Yes, my zone file shows MX records for Google servers. That is because I’m using Google Domains email forwarding as outlined in the “Setup Google Domains Email Forwarding” section of this post. As I mentioned, “after you have forwarded your first address in the domain Google Domains automatically sets up Synthetic DNS records for email”
I’m not entirely sure what you’re asking in the second part, but as far as I know SES is designed to send mail, not to receive it. AWS has the WorkMail service, which is designed to receive mail. I don’t believe that is free though. It also wasn’t very well developed the last time I played with it.
Doug Mehus says
Brandon,
As to the first part, ah, I get you. Thanks.
As to the second park, what I was asking is if there was to create so-called synthetic DNS records for e-mail as raw DNS records. Is this allowed within a DNS zone file?
Google Domains doesn’t allow externally-registered domain names to use their DNS hosting service so that’s out. Uniregistry doesn’t have e-mail forwarding so that’s out too. I’ve migrated my nameservers a second time to NameCheap’s FreeDNS service but still waiting for the e-mail forwarding TXT record to be set up.
Yours doesn’t have the Amazon SES MX record, is that because you’re using Google Domains to create your e-mail forwards?
Are you aware of how to use Amazon SES for e-mail receiving capabilities? It’s definitely for the technically-inclined but I bet they offer an e-mail forwarding capability within AWS, probably even SES, but I don’t get how to use it. :(
Cheers,
Doug
Doug Mehus says
Okay, just switched my nameservers to Amazon Route 53 but now I’m wondering what type of DNS record to use for e-mail forwarding and, if Route 53 doesn’t support e-mail forwarding, how can I possibly get this working without using Google Domains as my nameservers? :(
Cheers,
Doug
Brandon Edward says
Router 53 is a DNS service, not an email forwarding service…
Doug Mehus says
Right, Route 53 is also their domain registration service, too, but since Google Domains doesn’t allow you to currently host domains registered elsewhere so I was (hoping) Route 53 offered an e-mail forwarding service. Google Domains, and NameCheap, simply integrate their DNS and e-mail forwarding service into the same UI.
Is the reason you don’t use the Amazon SES MX record because you’re using Google Domains?
And, are you aware of an Amazon e-mail forwarding service or receiving service, not their web-based client WorkMail but if they offer such a service and, if it’s Amazon SES Receiving, how does that work?
Cheers,
Doug
Brandon Edward says
I am not aware of a traditional email forwarding service in AWS aside from their WorkMail service. There is a receiving component of SES, but not in the traditional sense. I’m not sure it’s going to do what you want it to do, but the documentation is here
Again, I use the Google MX records because Google is handling my mail forwarding.
Doug Mehus says
Yeah, I found the Amazon SES documentation but I’m not sure either nor do I want to spend the time “learning” it to try and see if it does. Thanks though!
NameCheap.com’s e-mail forwarding doesn’t seem to be working so, unless Uniregistry adds e-mail forwarding, Cloudflare does the same or I switch to Google Domains (not going back to GoDaddy), I’ve suspended this project indefinitely know.
Thanks Brandon! :)
Cheers,
Doug
Doug Mehus says
The other option was setting up an Amazon EC2 instance and running my own web server and mail server and, while I like their hourly billing idea, it works out to $16-17 per month so not really worth it. I could probably get a shared web hosting account with unlimited e-mail hosting for ~$5-7 per month. And, at the end of the day, I still have my Google Apps free account associated to one of my domains. :)
Cheers,
Doug
Brandon Edward says
They have a free tier for VPS. You might find this useful: Firing Bluehost–How I Doubled My Site Speed Using AWS and Other FREE Services
Doug Mehus says
Thanks Brandon. Oops, I replied to that post accidently.
If someone absolutely preferred a web-based control panel, in theory, they should be able to install an open-source panel (i.e., Webmin, off the top of my head) and phpMyAdmin for MySQL administration on AWS EC2, correct?
Cheers,
Doug
Brandon Edward says
That’s correct. I’ve used webmin for various tasks over the years. It works okay.
Carlos says
I haven’t read all of your comments and I’m not at all sure what you’re trying to accomplish, but I think you want to use SES as a type of an email server for sending and receiving email for your domain (having gmail or something like that as the end destination)?
What you actually need is to set up a Lambda script to forward the emails back to your gmail account. I don’t think it’s covered in this post, but this post does: http://www.daniloaz.com/en/use-gmail-with-your-own-domain-for-free-thanks-to-amazon-ses-lambda/ . I used that but had some issues, read my comments at the bottom of the post.
Brandon Edward says
Thanks Carlos. I believe that is exactly what Doug was looking for.
Doug Mehus says
Thanks Carlos and Brandon…I saw something about a Lambda script in the Amazon SES description for its “receiving” function. So, in that case, my MX record would be set to Amazon SES but I’d first need to correctly set up the S2 bucket with the various “rules” and then develop the Lamda script, it sounds like. Is it very hard to learn? My programming experience is almost nil and basically limited to very basic Linux shell scripts.
Cheers,
Doug
Carlos Kynäslahti says
It’s very simple, you do not need to know how to code. Just follow the instructions in the post I linked to and read the comments from the bottom I wrote.
Doug Mehus says
Thanks Carlos. I saw your initial comment and that you solved your own problem that had to do with a commented out field that should also have the entry within the enclosed quotation marks removed as well. That’s helpful that you posted your solution, too.
~$15 USD per month for an Amazon EC2 “micro” instance is not free but certainly reasonable when you consider what you’re getting…one wonders for small businesses, why they’d even pay $99 USD (or more) per month anymore for a SoftLayer dedicated server?
Although you resolved your own problem, what made you switch to an Amazon SES/Gmail forwarding solution instead, was it purely one of cost savings?
Cheers,
Doug
Carlos says
I didn’t switch. I already had my WordPress site hosted on AWS but never configured an email address for my domain. I looked into Hover’s (my domain registrar) service for that, but then I read about the SES thing. I figured that If I already have my website hosted on AWS, why not do the mail thing too. Also an opportunity to learn more about AWS.
Doug Mehus says
Ah, so you’re still using the Amazon for forwarding your e-mail messages then? Basically, you just needed this tutorial for the Amazon SES set-up and that sort of thing but haven’t integrated the Google Domains hosting and forwarding of your e-mail messages.
Cheers,
Doug
Dan says
Thanks for the post. The Synthetic Records part is showing differently for me in Google Domains for the domain and doesn’t let me add Dynamic DNS. When I go to add it, I just get the message “Failed to save changes”. I also never receive the domain verification email I sent (never receive it in Gmail). Think it may be due to my using an old Gmail legacy account and now GSuite (is that what your actually using here?). Is frustrating, as I have about a dozen domains and want to use Gmail as the one Inbox for all. For several, Gmail adds the “on behalf of generic@domain.com attached to the email sent (which I don’t want). If you don’t have a solution to, guess I’ll have to go to using GSuite.
Sid says
Interesting! I’ve been using Google Apps Standard free edition for many years for 1 domain account with aliases and several other domains under it but it adds the “on behalf of” to emails. I’ve considered going to GSuite to prevent this and also give me all that it provides. Any reasons why you didn’t go that route (other than the extra expense)?
Sid says
I get as far as the last Gmail step after entering the SMTP server information, I get
Authentication failed. Please check your username/password. I’m entering it correctly. Thoughts?
Turner Kirk says
First of all THANK YOU!!! for posting this. Although it seems there is now one more step that needs to be completed for this to work. Perhaps you will want to update this post.
In order to actually send e-mails of all types, you will need to edit some parameters in the “IAM” settings in AWS.
Go to “Services->IAM” in AWS and click on “Users”.
Click the username you set up in SMTP settings earlier.
In the “Policy Name” column you should see one policy called “AmazonSesSendingAccess”
Twirl down the arrow next to that policy and click “SES” in the “Service” column
You will probably only see one action “SendRawEmail”, which is the root of the issue. There are now more actions that need to be added.
To do this, click “Edit Policy” and twirl down the arrow next to “SES” in the “visual editor”
click the “Actions” category and type “email” in the “filter” box
Now click the check box next to “SendEmail” and you might as well add “SendTemplatedEmail” as well
Click “Review Policy” at the bottom of the page
And now click “Save Changes”
That should complete the process of allowing you to send e-mail from that address. Chances are Amazon will continue to add new stuff that breaks this flow. All in the name of progress HA!
Turner Kirk says
CRAP! Actually this didn’t help. I’m still having the problem where e-mails I send are rejected.
THIS IS THE E-MAIL RESPONSE I GET
You’re sending this from a different address or alias using the ‘Send mail as’ feature. The settings for your ‘Send mail as’ account are misconfigured or out of date. Check those settings and try resending.
The response was:
554 Message rejected: Email address is not verified. The following identities failed the check in region US-EAST-1:
in the above response e-mail, the is a placeholder for the e-mail of the person I was trying to send too
Perhaps something has changed since this post was written.
Turner Kirk says
LOL! Ok I solved my own problem. I guess I glossed over the part of your tutorial about how to get out of the sandbox. WHOOPS!!
Thanks again for posting this. Super helpful and will save me money!
Jagster says
A nice post, but bad news are it is outdated. Gmail doesn’t offer TLS and port 587 anymore, just POP3.
Jagster says
Never mind my earlier post ;) I was working totally wrong setting. Well, it is late night here so perhaps that was the reason… So, delete this and earlier, please.
Sorry!