False emails claiming to be from our team but not from our domain

[KimGrant]

This situation is causing considerable concern. Numerous customers have emailed, inquiring if “we changed our promo strategy” due to receiving emails that appear to be from us. These emails share the same layout, branding, and subject tone; however, the reply-to address is some unfamiliar live address.

We utilize Mailchimp, and our domain is secured using DKIM and SPF protocols. There is no evidence of any irregularities in our logs. I suspect someone may have scraped our previous newsletters and is using this information to spoof our communications for their spam campaign. A colleague has suggested consulting CyberClaims.net, as they reportedly track cases of email spoofing to determine if there is a connection to affiliate fraud or brand defamation.

My primary concern is not the potential loss of traffic but the perception that our organization is disseminating unprofessional content.

 

[BrittingLee]

If the communication is transmitted from a different domain, neither SPF nor DMARC protocols will detect such occurrences. It is advisable to ascertain the particulars and establish contact to forward the emails, determining whether they contain affiliate or phishing links. At this juncture, you may decide on the necessary course of action.

Furthermore, it may be possible to determine which email service provider (ESP) is being utilized and file an abuse report with them.

 

[IHeartJoe]

If they have copied your layout and are utilizing your tone, that does not constitute random spam; rather, it constitutes targeted impersonation. They are attempting to damage your reputation.

 

[tremblay]

In truth, this particular form of spoofing is remarkably facile to execute. DomainKeys Identified Mail (DKIM) and Sender Policy Framework (SPF) protect the sender's identity rather than the recipients of the spoofed communication.