Good practice... if use too much... the company is not going to run smoothly, read the source code of an email just to check for anomalies :S ... need to check via another channel (message) like "You sent that email?". I am pro paranoid guys... but companies don't work well with that kind of people.
Discussion
Of course, you have to find a balance 😂, but the target of these attacks is people with little knowledge, to begin with, they do not access by https, that should make them suspicious. I also commit some spelling mistakes deliberately, apart from the fact that the domain is not the same!