Awazon publishes its address list with a PGP signature. Verifying that signature proves the addresses came from the market and that nobody edited them in transit. It is the deeper of the two checks and you do the setup once.
Fetch the market public key from two independent places, cross-check the fingerprint, and import it into GnuPG. Then save the signed list and run the verify. Look for the line that says the signature is good and names the market key. A warning that you have not certified the key is normal. A bad-signature line means the list was altered, and you trust none of it.
The signature proves where the list came from. The next check proves the specific address you land on is genuine.