System accidents
Opinions, among other things, that someone decided were worth putting online.
[homepage][blog][[email protected]][RSS] (the “RSS” feed is actually in Atom format)
Hybrid (cloud) email
Hi, so this post will be edited as I work on the project. The project isn’t complete yet, but I am currently looking for employment, and I want to demonstrate my skillset a bit, so I’m just going to post the very simple architecture that I’ve used to more or less achieve unlimited custom domain emails.
Porkbun was used for domain registration because they are very cheap, and yet fully featured. Cloudflare is of course still the cheapest option, offering ICANN prices, but I did not choose them for only one reason, which is that cloudflare doesn’t let you use a custom authoratative name server for your domain, locking you to cloudflare name servers. I have great respect for cloudflare still, and even configured my domain in porkbun to use cloudflare as authoratative name servers.
The idea here is to use SES as SMTP server for sending email. I chose this approach over a fully self-hosted option for two reasons:
- I can leverage the reputation of IP pools owned by SES for sending emails
- I don’t have to worry about missed emails because Amazon will save them for me
From what I’ve heard, IP is one of the biggest factor in email rejection, and can cause a rejection even if SPF, DKIM, and DMARC are configured properly with strict policies and even if you have an old sending domain. For example, spamhaus has an ASN drop list, and there is some contention about whether inclusion in this even legal: see spamhaus conflicts on wikipedia for more info. At my old employer, RingCentral, we had to get our IPs removed from Spamhaus’s blacklist a few times.
Another problem with receiving emails on a residential IP is that everyone knows your IP. Also, if your email-receiving server is down, you will miss emails.
Finally, I didn’t want to choose a cloud-hosted virtual machine because of costs and complexity of hosting an email server.
So the design is simple:
- Send emails using SES
- Store emails in S3
- Send webhooks to residential IP when new object in S3 is created
- Pull email from S3 when webhook is received
- Move emails to appropriate folder for dovecot to process
- Configure your email client to use dovecot as IMAP server and SES as SMTP server
- Get a job offer hopefully, or just see how many emails you end up creating.
I will share the terraform for cloudflare and AWS at some point, and provide more info on dovecot configuration. You may also consider using mailcow which includes dovecot among other applications.
If you plan on creating a bunch of custom emails, I recommend creating a subdomain for email sending, so you avoid my mistake of thinking that SES email receiving supported wildcards.
Next steps + future improvements to this post:
- Notification of failed webhook delivers from SNS
- Encrypting the emails at rest in S3 using my own GPG key.