
Ask HN: What should I do next about email spoofing? - lovelearning
Hi HN,<p>I have owned my domain name for about 6 years now and integrated it with GSuite (previously &quot;Google Apps for Business&quot;) for about the same time.<p>I recently received a spam mail from my own official email address.<p>After some research, I was surprised to learn how easily anybody&#x27;s official-looking email address can be spoofed. GSuite doesn&#x27;t go out of its way to advise the average customer of this possibility in their documentation [1]. I have no idea how long my email address had been misused and wouldn&#x27;t know about it either had I not received spam from my own address.<p>I have now setup SPF, DKIM and DMARC for my domain, and am receiving daily aggregate reports from Google, and occasionally from Yahoo. Volume of spoofed emails is low - about 6 to 8 emails according to Google&#x27;s reports. WHOIS lookups say senders are from all around the world - Kosova, Iran, Vietnam, India, Brazil, Czech Republic, etc. They all look like regular ISP IP addresses, except for one which seemed to be a corporate address.<p>My question is what next - what exactly should I do with those spoofing IP addresses in the reports?<p>Another question - I have set DMARC disposition to &quot;reject&quot;. Does it ensure that spoofed emails are always rejected by every receiving mail server, or is it merely a hint?<p>[1] : https:&#x2F;&#x2F;support.google.com&#x2F;a&#x2F;answer&#x2F;53295?hl=en
======
mkarliner
You may want to have a look at ondmarc.com

