I don't want my Amazon Simple Email Service (Amazon SES) identity to receive emails from a certain domain or email address. How can I block those emails?

To prevent certain domains or email addresses from sending emails to your Amazon SES identity, follow these steps:

1.    Create an AWS Lambda function to process incoming email messages, evaluate the sender's email address or domain, and then drop the message if the sender matches a specific domain or email address.

2.    Create an Amazon SES receipt rule that routes all incoming email to the Lambda function.

3.    Check the function's Amazon CloudWatch Logs to verify the emails being blocked.

Note: You incur Amazon SES and Lambda charges when you add the Lambda action on the Amazon SES receipt rule.  

Create an AWS Lambda function

1.    Open the AWS Lambda console.

2.    Choose Create function.

3.    For Name, enter a name for your function. For example, you can enter "SESReceiptRule".

4.    For Runtime, choose Node.js 6.10.

5.    For Role, choose Create a new role from one or more templates.

6.    For Role name, enter a name for your role. For example, you can enter "SESReceiptLambdaRole".

7.    Choose Create function.

8.    Under Function code, enter the following code:

'use strict';

const AWS = require('aws-sdk');

exports.handler = (event, context, callback) => {
    console.log('Blocking email filter starting');

    const sesNotification = event.Records[0].ses;
    const messageId = sesNotification.mail.messageId;
    const receipt = sesNotification.receipt;
    const mail = sesNotification.mail;  
    // Convert the environment variable into array. Clean spaces from it.
    var blockingListString = process.env.blockingList;
    blockingListString = blockingListString.replace(/\s/g,'');  
    var blockingListArray = blockingListString.split(",");

    // Check if the mail source matches with any of the email addresses or domains defined in the environment variable
    function isListed() {
        var length = blockingListArray.length;
        for(var i = 0; i < length; i++) {
            if (mail.source.endsWith(blockingListArray[i]))
                return true;
        return false;

    console.log('Processing message:', messageId);

        // Processing the message
    if (isListed()) {
            callback(null, {'disposition':'STOP_RULE_SET'});
            console.log('Rejecting messageId: ', messageId, ' - Source: ', mail.source, ' - Recipients: ',receipt.recipients,' - Subject: ', mail.commonHeaders['subject']);
    else {
        console.log('Accepting messageId:', messageId, ' - Source: ', mail.source, ' - Recipients: ',receipt.recipients,' - Subject: ', mail.commonHeaders['subject']);

9.    Under Environment variables, for Key, enter "blockingList".

Note: There's no limit to the number of environment variables you can create as long as the total size of the set doesn't exceed 4 KB. For more information, see Rules for Naming Environment Variables.

10.    For the Value of "blockingList", enter a comma-separated list of the email addresses and domains that you want to block. For example, enter "example.com, JohnDoe@example.com".

Note: You can edit the list of email addresses and domains without changing the Lambda function code.

11.    Choose Save.

Create an Amazon SES receipt rule

1.    Open the Amazon SES console.

2.    In the navigation pane, choose Rule Sets.

3.    Choose View Active Rule Set.

4.    Choose Create Rule.

Note: You can also choose to update an existing rule with the same values described in the following steps.

5.    For Recipients, enter the email addresses or domains associated with your Amazon SES identity.

Important: Enter the email address or domain that you want to prevent from receiving emails from specific senders. Don't enter the email address or domain that you want to block emails from. For example, if your Amazon SES identity uses the email address "JaneRoe@example.net" and you want to block emails from "example.com", enter "JaneRoe@example.net".

6.    Choose Next Step.

7.    For Add action, select Lambda.

8.    For Lambda function, select the function that you created.

9.    For Invocation type, select RequestResponse.

10.    Choose Next Step.

11.    For Rule name, enter a name for your rule.

12.    For Rule set, verify that your active rule set is selected. An active rule set includes (Active) in the name.

13.    For Insert after rule, select <Beginning>.

14.    Choose Next Step.

15.    Choose Create Rule.

Check the function's Amazon CloudWatch Logs

After you set up the Lambda function and Amazon SES rule, follow these steps to verify the emails being blocked:

1.    Open the CloudWatch console.

2.    From the navigation pane, choose Logs.

3.    From the list of log groups, choose your Lambda function's log group. For example, choose /aws/lambda/name_of_your_function.

4.    Choose the log stream that you want to check. The log stream displays the email messages and domains being processed by the Lambda function, similar to the following: 

14:08:25 START RequestId: aa939984-1b9b-11e7-83d2-efc6877bdc9b Version: $LATEST
14:08:25 2017-04-07T14:08:25.957Z aa939984-1b9b-11e7-83d2-efc6877bdc9b Blocking email filter starting
14:08:25 2017-04-07T14:08:25.958Z aa939984-1b9b-11e7-83d2-efc6877bdc9b Processing message: jc0iurgrtkrsrs7f5pk0rsmf4r3q0poikdjfdi01
14:08:25 2017-04-07T14:08:25.959Z aa939984-1b9b-11e7-83d2-efc6877bdc9b Rejecting messageId: jc0iurgrtkrsrs7f5pk0rsmf4r3q0poikdjfdi01 - Source:
user@example.com - Recipients: [ 'user@domain.com' ] - Subject: This is an unwanted message
14:08:25 END RequestId: aa939984-1b9b-11e7-83d2-efc6877bdc9b

Did this page help you? Yes | No

Back to the AWS Support Knowledge Center

Need help? Visit the AWS Support Center

Published: 2017-08-11

Updated: 2018-11-09