Hi all, I’m not sure if this is the right place to post my question but am using mailcow.
I have SPF, DKIM, and DMARC set up with strong settings. SPF is set to reject and I only have one MX record pointing to my static IP. DMARC is also set to reject. DNS is protected with DNSSEC. The DKIM key as published in my DNS records is less than two weeks old.
I have noticed in my DMARC reports that over the last few days there have been two emails sent from unauthorised IP addresses that have passed DKIM and DMARC.
In both cases the from: domain is showing my domain name. For the unauthorised IP addresses the envelop from: domain is blank.
Can anybody explain what is happening here?