I have a SPF, DKIM, and DMARC in my DNS records, but spammers still impersonate my email address with phishing mails every day. How do I stop them?

Question

My email is powered by MS Exchange, and every day my inbox and junkbox receive multiple phishing emails that appear to be from my own name, domain, and/or full email address. When inspecting the headers, half of them have my correct email address in the "From" line and "Return Path". The attackers aren't merely aliasing me; my email address IS the sender address. Some other domain is in the "Received" lines. The other phishing mails appear to be impersonating other people's email addresses, whose reputations will be tarnished when recipients block or report the phishing mails. I believe my email identify is similarly being used for phishing attacks on other people. My question is how are these messages getting through to incoming email folders when I have a functioning DMARC record? Even if spoof mails go to someone's junk box, can't it still end up hurting the reputation of the sender email? How do we stop this?

Answer 1

Hi @Jess Rabourn ，

Are you currently using Exchange Online or Exchange server?

Can you compare if there is any difference between the message headers of spam and regular mail?

---

If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment". Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread