Some of my users got emails pretending to be from the admin, but looking into the source of these emails, the From header was modified to mislead the users, but the return-path still holds the real sender email address.What is the best way to deal with this? Is it a good idea to match the From header with the Return-path, if yes how?
Do you have milters verifying SPF, DKIM and DMARC? This would detect if the From: header is "authorized".
