Why didn't my inbound emails on Amazon SES arrive or save to my Amazon S3 bucket?

Resolution

To resolve Amazon SES inbound emails that didn't arrive or save to the Amazon S3 bucket, check the following settings in your configuration.

Amazon SES domain verification

To receive inbound emails on SES, make sure that you complete the verification process for the domain that you want to use to receive emails.

Verify the MX record exists

To receive inbound emails on SES, you must add a mail exchanger record (MX record) to your domain's DNS configuration. Be sure to include an SES email receiving endpoint in the domain's DNS configuration.

Run the following command for your operating system (OS) type to check whether an MX record exists.

Linux, macOS, or Unix

Run the following dig command:

dig MX example.com +short

Note: Replace example.com with your domain.

Example successful output:

example.com. 60 IN MX 10 inbound-smtp.eu-west-1.amazonaws.com

Windows OS

Run the following nslookup command:

nslookup -type=MX example.com

Note: Replace example.com with your domain.

Example successful output:

Non-authoritative answer: example.com MX preference = 10, mail exchanger = inbound-smtp.eu-west-1.amazonaws.com

Note: If there are more than one MX records for your domain, then make sure that the record for inbound emails (SES) has the highest preference. The number before the MX record indicates preference. The lower the number, the higher the preference.

Example MX inbound record preference:

10 inbound-smtp.us-east-1.amazonaws.com20 mail-host1.example.com

If the MX record doesn't exist, then add an MX record to your domain's DNS configuration. Be sure to include an SES email receiving endpoint in the domain's DNS configuration.

Receipt rule settings

Confirm that the receipt rule that you use to send inbound emails to Amazon S3 are in an active rule set. The rule must be in an active rule set to apply to your emails.

Note: Amazon SES runs receipt rules based on the order that you configured on the rule set. For more information, see Creating rule sets and receipt rules.

S3 bucket permissions

To send inbound emails to the S3 bucket, you must grant Amazon SES the required permissions on the bucket policy.

Review the bucket policy to confirm that Amazon SES has permissions for s3:PutObject. Additionally, modify any "Effect": "Deny" statements in the bucket policy that deny Amazon SES permissions for s3:PutObject explicitly.

AWS KMS server-side encryption

If you activate server-side encryption with AWS Key Management Service (AWS KMS), then give Amazon SES permission to use your AWS KMS key. Be sure to add the kms:decrypt policy action.

IP address filter for Amazon SES email

If you set an IP address filter for inbound emails to Amazon SES, then check your configuration requirements. Make sure that your inbound emails are from IP addresses allowed by your filter.

Email file size

To store an inbound email in an S3 bucket, make sure that the file size of the is 40 MB or less. The total size of the email can't exceed 40 MB which includes headers. For more information, see Email receiving quotas.

Related information

How can I use Amazon SES to receive inbound emails, and then store those emails on Amazon S3?

Setting up Amazon SES email receiving

Giving permissions to Amazon SES for email receiving