>>>> Are you using DKIM / SPF for your domain? I mean, why do you accept >>>> email apparently from your own domain when it does not come from one of >>>> your authorised servers? >>> >>> because the From header has nothing to do with the envelope sender and >>> so not with SPF and spoofing protections >> >> True, but given that the original poster said nothing about the envelope >> sender, we don't know what that is. I'd be prepared to bet that implementing >> this would improve his server's operation, though.
>but he talks about From-Headers Yes. Based on his original email where it was "showing" the From address, that would imply the From: visible in the mail client or webmail interface. This spoofing can be blocked with a DMARC DNS record. DMARC is a combination of SPF and DKIM plus From: header spoofing check. You must get SPF and DKIM setup before adding the '_dmarc' DNS record for the sending domain. DMARC (the '_dmarc' DNS record) = visible From: header check SPF = envelope-from header check DKIM = authentication of sending mail servers using signing https://dmarc.org/wiki/FAQ#What_type_of_illegitimate_email_does_DMARC_address.3F DMARC is very powerful and very complicated to setup but worth it. One of the best features of DMARC is the reporting so you can see if your own servers are setup properly and see how many other bad servers are spoofing your domain every day. Reporting can be setup very easily and is a good starting place with no risk. _dmarc.example.com IN TXT "v=DMARC1; p=none; rua=mailto:em...@example.com"; Setup the above DNS record for your domain and wait for the XML reports to start coming in. I setup a script to POP the email from my report mailbox and import the XML into a database for a basic web page report. You can also us https://dmarcian.com/dmarc-xml/.
