I have seen many security reports come to say that various websites do not support DMARC. However, I am very concerned that it is "scareware" and does not solve a problem and only tries to bring a large consulting businesses to "help", also given some articles that say it does not fully prevent email spoofing.
I was wondering, given how much backing this protocol has, why are Google and Microsoft not suggesting their new GSuite and Office365 customers to set it up from the beginning? If done from the start, there would be no costly changes for companies to do it at a later stage?
