The IP it came from was outside my network.
I think it's just a spoofing email. I had not actually seen on, so that
raised my alarm, but I think it's ok. I need to go through and make sure
my SFP and DMARC are sound. I just checked my DKIM couple days ago, so
that's good.
Thanks for the replies.
On 10/25/21 4:59 AM, post...@ptld.com wrote:
My concern is that the email APPEARED to come from me! I was listed
as the sender.
Any email server can send any email claiming to come from anyone. DKIM
Signatures and SPF records working together with DMARC provides a way
to verify if a sending email server is authorized to send an email on
behalf of the address used. If your server is not using, checking and
validating DMARC then anyone can easily send you or send someone else
an email claiming to be from you. Doesn't mean they compromised or got
inside of your system or account. They just slapped your name on the
"outside of the envelope".
Was the connecting client server IP your servers IP? The IP of the
connecting client in the logs is who really sent the message, not the
arbitrary email address slapped in the Envelope-From, From header or
Sender header.
