@Pero ,
Have you modified the default receive connectors or created any custom receive connectors for anonymous relay in your environment before the issue occurred?
As per your concern regarding the "Default Frontend receive connector", would you please run the command below and have a look at the current settings:
Get-ReceiveConnector <ConnectorName> | Format-List name,Enabled,Bindings,RemoteIPRanges,PermissionGroups
Note: Please remove any personal information involved when sharing the output.
Besides, for current situation, agree with Edward that it's highly recommended to set up SPF to help validate outbound email sent from your custom domain. You can also have it setup along with DKIM, DMARC to help prevent spoofing phishing.
If an Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.