A assumed that email sent to G Suites addresses was protected by DMARC. Am I (1) wrong, (2) was this email really sent from someone inside Amazon, or (3) is there some other explanation?
Conversation
This Tweet was deleted by the Tweet author. Learn more
In this case, it's DMARC for amazon.com that matters, since that's the domain that this email is (claiming to be) from.
1
2
This Tweet was deleted by the Tweet author. Learn more
DMARC / DKIM / SPF policy for arstechnica.com is for emails sent from arstechnica.com. It's important to set that up even if you don't use a domain for email to prevent other people from using it. The domain that matters here is amazon.com though.
1
I thought the whole reason admins chose to use G Suites is so they didn't have to do stuff like set up DMARC. Not so?
1
1
This Tweet was deleted by the Tweet author. Learn more
This is for protecting your domain from being used to send fake emails. It's relevant even if you don't use your domain to send emails, since if you don't do it, other people can use it as a fake source for emails. I don't see what it has to do with verification of received mail.
1
This isn't to configure how G Suite handles your received mail. It's generic configuration to tell how other servers handle mail that claims to be from your domain. The only part that's specific to G Suite is that Google needs to be considered a valid source for the emails.
You then get reports from email providers about emails they received from your domain, which checks they passed and what they did with them based on your configuration. If it's not set up for arstechnica.com, it should be, so people can't send fake email from it.
1
It's not to control how received emails are validated. That's done internally by whatever software you're using to receive the mail. There's no reason it would need to be in a DNS record. The DNS record is for other people to check what's expected for emails from that domain.