Just got a purported email from Amazon that ... I'm 99.99% is phishing, but it has to be the best phish email I've ever seen...

It passes everything!
- DMARC clean
- DKIM clean

Gmail even puts the special blue "check" by the sender with a tool-tip that says they've *verified* the sender is `amazon.com`.

But the email doesn't add up. It claims it's a password reset, but doesn't give a link and instead a code?

And it has a *link* I can click to *deny* the reset? I have never seen that.