SES Email Receiving not saving to S3 bucket

I've followed this instruction set to the letter;

https://repost.aws/knowledge-center/ses-receive-inbound-emails

But the bucket didn't have a test email, so I followed the troubleshooting at;

https://repost.aws/knowledge-center/ses-troubleshoot-inbound-emails

And still no emails. I'm at a lost for what I'm missing here. My domain is hosted through Route 53 and has the MX records, dig confirmed this, although I'm confused as the dig only replies MX for (subdomain)(domain).com and not (domain).com, but sending email to that subdomain.domain from a third party gives a 550 error of no mail server whereas domain.com will eventually return a send failure, but no bounces or failures from SES. The instructional MX value it gives is "10 feedback-smtp.us-east-2.amazonses.com", however on the email receiving help page the value is "inbound-smtp.us-east-2.amazonaws.com". I've put both versions into my MX records to see if either worked, and still nothing. My S3 bucket has the exact configuration the above link provides, and I've triple checked to make sure all the info has been correctly replaced, and it has the SES_SETUP object in it. I have a configuration set for redirects that use the same domain name so emails sent don't show the SES tag. The Email-Forwarding rule has an active status, with no recipient conditions, TLS optional, and the only action being to save to the S3 bucket. Default encryption to the bucket is through S3 managed keys and not KMS. All services are on us-east-2, which I confirmed has email receiving capabilities.

EDIT: I did click "Publish records to DNS" since I'm using route 53 next the custom MAIL FROM domain, and it did it automatically the first time, but didn't seem to work. So after much tinkering, I believe the 'behavior on MX failure' setting was set to default MX, and I couldn't find what the default was. After setting it to reject on MX failure it now shows temporary failed.

From what you said it seems I need to verify 'subdomain.domain.com' as another verified identity, instead of just 'domain.com', is that right? When verifying a new identity, it forces a subdomain, so the MAIL FROM is always an extra subdomain, and its set to auto publish those records to route 53. With this exact setup it added the setup file to S3 from SES earlier, but it seems due to MX failure behavior change to reject its now failing.

EDIT 2: I misunderstood how subdomains are created in route 53. I wrongly assumed they would be created automatically from the record publishing, but I need to create a second hosted zone, with subdomain.domain.com, and move the MX there record instead of my original hosted zone. After this, I verified that subdomain, without a custom MAIL FROM. Both domains return the proper dig response. The main domain is now showing verified even with reject message behavior. Sending emails to @subdomain.domain.com still fails with a mailbox not found, and sending to just @domain.com has not replied failure yet, but nothing saves to S3 still. Continues to happen if the MX record is moved back to the main domain zone. This is message I usually get when sending to @domain.com after some time;