I don't know what the security situation is like at Godaddy, but I'm sure there's some amount of investment needed to roll that out broadly without accidentally breaking existing employee workflows.
And my point still stands re: insider attack. At least at Google, anyone could ostensibly register HappyHolidays@google.com (or some variation if it's already taken) as an alias or a mailing list, which removes the need for spoofing.
Not if they've properly deployed DKIM and SPF - which, if they have a phishing problem, should have been among their top priorities.