I have a question about the security of the emails in the amazon ses. According to their docs and verification here: https://docs.aws.amazon.com/ses/latest/DeveloperGuide/send-email-authentication-spf.html and https://docs.aws.amazon.com/ses/latest/DeveloperGuide/send-email-authentication-dmarc.html
They advise to publish the record to consisting of this:
"v=spf1 include:amazonses.com ~all"
However, doesnt that make Your domain to be accessible for all of the accounts using the AWS SES? Isnt this a bit of a security issue?
This validates that emails are allowed to be sent from SES. Its primarily you acknowledging that Amazon is allowed to send emails on your behalf.
Additionally a username/password via SMTP or IAM credentials via AWS api are used to send the email, these are the validation step from the AWS perspective.
See more: https://en.wikipedia.org/wiki/Sender_Policy_Framework