Hello All,
One of the users has received a spoofed email from a similar domain name as ours but instead with a .com.
Spoofed domain; domain.com (we don't own this domain)
Our domain: Domain.co.uk
The user has replied (thought it was from her boss) and i can see from the logs the email is sent successfully. From further investigation i found the delivery address is different for the domain.com from their Mx record. How is this possible?
Reply Delivered to: 64.98.36.4
Actual MX for domain.com: 208.44.162.49
What i don't understand is if the user replied the email shouldn't have relayed successfully as this is spoofed and not the actual delivery address for this domain (domain.com)?