Email spoofing is unfortunately a really common act of maliciousness that we see pretty frequently regardless of the authorized mail server. It’s why SPF records and DKIM are becoming more popular. Those should be in place in your DNS entries but if you aren’t sure, just reach out and we can add them. The receiver, however, may not have strong enough spam settings to honor them and so the messages may still end up in their inbox.
If someone who received the message header information from one of the emails and send that to us, we can determine what IP address this in fact came from and assist in reporting it to the corresponding abuse email. Mail programs are all different but here is how you view that in Mac Mail: https://support.apple.com/guide/mail/show-detailed-email-headers-mlhlp1089/mac
Here is how to do it in Outlook: https://support.microsoft.com/en-us/office/view-internet-message-headers-in-outlook-cd039382-dc6e-4264-ac74-c048563d212c
Your contacts could have also been extracted from your computer. you may want to run an antivirus or scanner on your computer just to make sure that you, aren’t in fact vulnerable at that level. Anything that checks for malware, spyware and adware should work.
If you’re email account wasn’t in fact compromised, nor your computer; then there are still ways we see people targeted by spoofing. There are no definitive ways to prevent someone from harvesting your email address from the internet somewhere and using it for spam.
Here are a few places spammers may acquire your email address. There are programs and software designed to do nothing else but scavenge the internet for email addresses:
- On a website contact page Mailing lists. Some of them are legitimate, but others may sell your information
- Anything you post online with your email address in it.
- One of your contact’s computer may become compromised and your information is taken from their contact list