Why does a deauth attack work on WPA2 despite encryption?

Why does a deauth attack work on WPA2 despite encryption?

Given that WiFi packets should be encrypted if WPA2 is used, why is it that a deauth attack can be successful? Shouldn't the machine know that the message is illegitimate due to the fact that it would not be encrypted, having come from a fake source?