A assumed that email sent to G Suites addresses was protected by DMARC. Am I (1) wrong, (2) was this email really sent from someone inside Amazon, or (3) is there some other explanation?
Conversation
This Tweet was deleted by the Tweet author. Learn more
In this case, it's DMARC for amazon.com that matters, since that's the domain that this email is (claiming to be) from.
1
2
This Tweet was deleted by the Tweet author. Learn more
DMARC / DKIM / SPF policy for arstechnica.com is for emails sent from arstechnica.com. It's important to set that up even if you don't use a domain for email to prevent other people from using it. The domain that matters here is amazon.com though.
I thought the whole reason admins chose to use G Suites is so they didn't have to do stuff like set up DMARC. Not so?
1
1
For sending email, you definitely still need to set up DMARC / DKIM / SPF, but I assume G Suite makes that easy to do. You need to set this up for domains even if you never intend to use them to send email. I don't understand the claim it has to be set up to verify for receiving.