0

Today while working at my company, we saw allot of automatic reply emails coming into one of our group inboxes (i.e. info@company.com). We suspect that this email address is being used in a phishing campaign and the automatic replies were from potential victims. We have the SPF and DMAC setup for our domain and thought this would prevent any such emails since it didnt come from us.

Am I wrong in this assumption or is there a way that they can still use our domains?

user92592
  • 125
  • 5

1 Answers1

3

Unfortunately, if the receiver does not submit dmarc reports, and does not validate SPF or DKIM, it may still receive the spam e-mail, which would result in that.

There is no way to disallow a 3rd party sending mail purporting to be from your e-mail, it is up to the recipient to decide, after evaluating the validations you specify your domain includes (DKIM/SPF and DMARC) to decide it it will accept the e-mail

ColtonCat
  • 738
  • 3
  • 7