DMARC fail, but DKIM and SPF are passing
DMARC does not test if SPF or DKIM has passed, but one of them must both pass and be aligned with the domain used in the
From: header. Here, SPF passed with
eu-central-1.amazonses.com and DKIM with
amazonses.com. They are not aligned with i.e. do not match your
example.com, so DMARC fails.