We are seeing an issue with sending DKIM-signed messages via SES, specifically message we send via SES has non-ASCII characters and according to https://datatracker.ietf.org/doc/html/rfc2047#section-4.1 there are two options for encoding non-ASCII characters: B (base64) or Q (quoted) encoding.
The issue that we are seeing is when we send B encoded headers SES changes them to Q encoded headers which breaks our DKIM signature that we apply to the message before passing it to SES.
For example we sent a message with From set to:
From: =?UTF-8?B?S3VuZHN1cHBvcnQgQm9yw6Vz?= info.xxxxx@email.xxxxxxxxxxxxxxxx
which arrived at the destination inbox as:
From: =?UTF-8?Q?Kundsupport_Bor=C3=A5s?= info.xxxxx@email.xxxxxxxxxxxxxxxx
Our DKIM signature signs From,To,Subject,Reply-To and this is broken when SES decodes and re-encodes (my guess) the message.
Needless to say messages end up in spam or rejected because DKIM fails.
Could someone from AWS please take a look at this and comment ? This issue is really impacting since SES makes changes to headers so it breaks DKIM.