diff --git a/infrastructure/email.tf b/infrastructure/email.tf
new file mode 100644
index 00000000..9c8b2c74
--- /dev/null
+++ b/infrastructure/email.tf
@@ -0,0 +1,62 @@
+resource "aws_ses_domain_identity" "getstronger" {
+  domain = "getstronger.pro"
+}
+
+resource "aws_route53_record" "ses_verification" {
+  zone_id = aws_route53_zone.getstronger_pro.zone_id
+  name    = "_amazonses.getstronger.pro"
+  type    = "TXT"
+  ttl     = 600
+  records = [aws_ses_domain_identity.getstronger.verification_token]
+}
+
+resource "aws_ses_domain_dkim" "getstronger" {
+  domain = aws_ses_domain_identity.getstronger.domain
+}
+
+resource "aws_route53_record" "dkim" {
+  for_each = toset(aws_ses_domain_dkim.getstronger.dkim_tokens)
+  zone_id  = aws_route53_zone.getstronger_pro.zone_id
+  name     = "${each.value}._domainkey.getstronger.pro"
+  type     = "CNAME"
+  ttl      = 600
+  records  = ["${each.value}.dkim.amazonses.com"]
+}
+
+resource "aws_route53_record" "spf" {
+  zone_id = aws_route53_zone.getstronger_pro.zone_id
+  name    = "getstronger.pro"
+  type    = "TXT"
+  ttl     = 600
+  records = ["v=spf1 include:amazonses.com ~all"]
+}
+
+resource "aws_iam_policy" "ses_send_email" {
+  name        = "SES_Send_Email_GetStronger_Pro"
+  description = "Allows sending emails via SES for getstronger.pro"
+  policy = jsonencode({
+    Version = "2012-10-17",
+    Statement = [
+      {
+        Effect   = "Allow",
+        Action   = "ses:SendEmail",
+        Resource = "*"
+      }
+    ]
+  })
+}
+
+resource "aws_iam_user" "ses_user" {
+  name = "ses_user_getstronger_pro"
+}
+
+resource "aws_iam_user_policy_attachment" "ses_policy_attach" {
+  user       = aws_iam_user.ses_user.name
+  policy_arn = aws_iam_policy.ses_send_email.arn
+}
+
+resource "aws_iam_access_key" "ses_user_key" {
+  user = aws_iam_user.ses_user.name
+}
+
+
diff --git a/infrastructure/variables.tf b/infrastructure/variables.tf
index 463e180d..027e7798 100644
--- a/infrastructure/variables.tf
+++ b/infrastructure/variables.tf
@@ -20,3 +20,15 @@ variable "aws_region" {
   type        = string
   default     = "eu-west-2"
 }
+
+output "ses_access_key" {
+  value       = aws_iam_access_key.ses_user_key.id
+  description = "Access Key ID for SES user"
+  sensitive   = true
+}
+
+output "ses_secret_key" {
+  value       = aws_iam_access_key.ses_user_key.secret
+  description = "Secret Access Key for SES user"
+  sensitive   = true
+}