I'm hoping the community can help me shed some light on a recent email spoof. Yesterday my client woke up to find hundreds of bounced failure notices.
The client did not personally send any of these emails. Each failure notice had a different reply-to address i.e.
xyxyxs@client-domain.co.uk trg@client-domain.co.uk hjd@client-domain.co.uk
The various reply-to addresses suggest that only the clients domain had been spoofed and not a specific email account (i.e actual-email@client-domain.co.uk).
I know if your email account has been spoofed, it's game over and you need to create a new email address. However, a specific address hasn't been targeted. Am I correct in thinking that I do not need to delete and create a new email address? I also assume the domain would have been widely blacklisted? Should I move hosting companies and would this make a difference?
Either way, I'll be implementing DKIM.
Sorry for so many questions, I'm just a little lost as the spoofer didn't target a specific email address.
Thanks