Forum Discussion
Antispoofing
Recently we have been having a lot of issues with spoofed emails. The Return-Path address will normally be a gmail address and the From address will be example@mydomain.com asking for one of our user...
EASchmitt Have you checked your SPF Records (if not already) . Spoofing generally happens when you have SPF Records setup incorrectly.
To stop spoofing, the email filtering industry has developed email authentication protocols such as SPF, DKIM, and DMARC. DMARC prevents spoofing examining a message's sender - the one that the user sees in their email client (in the examples above, this is service.outlook.com, outlook.com, and accountprotection.microsoft.com) - with the domain that passed SPF or DKIM. That is, the domain that the user sees has been authenticated and is therefore not spoofed. For a more complete discussion, see the section "Understanding why email authentication is not always enough to stop spoofing" later on in this article.
However, the problem is that email authentication records are optional, not required. Therefore, while domains with strong authentication policies like microsoft.com and skype.com are protected from spoofing, domains that publish weaker authentication policies, or no policy at all, are targets for being spoofed.
https://docs.microsoft.com/en-us/office365/securitycompliance/anti-spoofing-protection
Pls see the article and compare your current settings to block these spoof emails.
Cheers !
Ankit Shukla
