A spammer seems to be running spam through SES and spoofing our domain.
We are using SPF and DKIM so I’m not sure what is going on.
This is our SPF record:
v=spf1 a mx include:amazonses.com include:_spf.google.com include:secureserver.net ~all
I had one of the recipients of the spam send me their header file. I've attached the results from Google's Email Header Analysis Tool for both the spam email and a legit email from our domain.
Here's the analysis of the spam email headers:
Here's the analysis of the legit email headers:
As can be seen in the reports, the SPF and DKIM results show as “neutral” for the spam email and “pass” for the legit email. The spam one also gets routed through a third party server that looks suspect.
Does anyone have any ideas what might be going on and how to stop it?