1 article with this tag
A suspicious email that appears to come from your own domain is usually not a breach — it's a forged From, because SMTP lets anyone write the From line. Reading the headers (Authentication-Results, Received, Reply-To) tells a breach from a forgery. The main reason it reaches your inbox is a missing DMARC policy. Fix it with SPF → DKIM → DMARC (p=none → reject).