SES inbound SPF/DKIM verification

Yes, Amazon SES does verify SPF and DKIM for incoming emails by default.

When SES receives an incoming email, it automatically checks if the email's SPF and DKIM signatures are valid. If the signatures are valid, SES marks the email as authenticated and adds some additional headers to the email, which include information about the authentication results.

These headers can be used by your application to verify that the email was sent by an authorized sender and that the message wasn't tampered with durin g transmission.

Here are some examples of headers that SES adds to incoming emails:

• Authentication-Results: contains information about the results of the SPF and DKIM checks.
• X-SES-Spam-Verdict: contains information about whether the email was marked as spam or not.
• X-SES-Virus-Verdict: contains information about whether the email contained a virus or not.

In addition to the authentication headers, SES also provides information about the message envelope and the IP address of the sender. This information can be accessed through the Amazon SES API or the Amazon SES console.

To retrieve this information, you can use the "GetRawMessageContent" API action, which returns the raw, MIME-formatted content of an email message. You can then extract the message envelope and IP address information from the email headers.

References:

1. Amazon Simple Email Service (SES) - https://aws.amazon.com/ses/
2. Authenticating Email with DKIM in Amazon SES - https://docs.aws.amazon.com/ses/latest/dg/send-email-authentication-dkim.html
3. Authenticating Email with SPF in Amazon SES - https://docs.aws.amazon.com/ses/latest/dg/send-email-authentication-spf.html
4. Amazon SES API v2 Reference - https://docs.aws.amazon.com/ses/latest/APIReference-V2/Welcome.html