1

I'm setting up an email service with AWS SES (Simple Email Service).

When SES receives an email sent to, e.g. [email protected], it will perform some action.

To prevent anyone from triggering the action, I check the from address is a known user.

However, anyone could create their own email server and send emails using a fake from account.

Is there anyway that I can verify that the from address is actually a known user? If not, what work arounds might exist?

Note: the actual action taken will be to forward the received email to a list of many other people. It doesn't need super secure.

mdsimmo
  • 133
  • 3
  • There are a variety of methods for doing this. What research have you done and what have you tried? – music2myear Apr 14 '23 at 15:11
  • @music2myear Thanks for the feedback - I've done more research and posted some possible solutions as an answer. If you know of any others solutions, please post them. – mdsimmo Apr 16 '23 at 10:18

1 Answers1

0

After some more research, here are several approaches I've found

  1. Send a reply email back to the email sender, with a link requesting to confirm the action.
  2. Make the user digitally sign the email.
  3. Check the domain/IP/MX records as per this question.
mdsimmo
  • 133
  • 3