Stem the email marketing tide using masking
This story presents a proof-of-concept that allow me to give a unique email address
email@example.com when subscribing to mailing lists, and registering unimportant accounts.
anything can be any word that I decide on the spot when I give the address. The emails are forwarded to my normal email address — and if I find that I am receiving too many, I can unsubscribe and blacklist the address…
As an added benefit, I am now using a different password and email address when registering on websites… That should keep me safer.
The views/opinions expressed in this story are my own. This story relates to my personal experience and choices and is provided in the hope that it will be useful but without any warranty.
I like to subscribe to news, forums, etc. But, I have been pwned… and I do not read most emails — just casually scan through subjects to see if anything spike my interest… I can unsubscribe, but I have the impression that these emails just keep on coming. I recently started to use a brand new email address — that I would like to keep clean and hence have been looking for a way to control who I give this email address to.
A hacker news post  got me onto email masking. Google led me to the AWS blog post (Forward Incoming Email to an External Destination ) and this implementation.
AWS Infrastructure Diagram
The diagram below shows the AWS infrastructure used in the implementation of the email masking service — namely, receiving and storing the email, checking the address and forwarding it if appropriate.
The AWS infrastructure consists of:
- A route53 record to direct incoming mail to the SES service;
- SES rules that handle incoming emails to
[email protected]save them to S3 and invoke a lambda function;
- A lambda function that processes the incoming email, and forwards it to my normal email
[email protected]if the incoming email address
[email protected]is not blacklisted.
I personally use terraform to manage the AWS infrastructure, but one can create it via the console easily — it is the same infrastructure as described in  — or using any other Infrastructure-as-Code tool.
The main elements of the terraform script read as follows:
- SES rule: The following script sets a SES rule that handles any incoming email with an address
@mydomain.com. The rule has 2 actions. The first action save the email to an S3 bucket
aws_s3_bucket.x.id— this bucket is created using an
aws_s3_bucketresource and, importantly, a policy is applied to that bucket that allows write, aka
PutObjectaction, from SES. The second action triggers the lambda function
aws_lambda_function.x.arn. The rule is assigned to the rule set
aws_ses_receipt_rule_set.mail.idthat is defined using an