Spoofing protection (again)
Hello. Thanks to this email tester I uncovered, that the Mailbox.org doesn't check SPF, DKIM, and DMARC records, which is terrible and may lead to dire consequences if I wouldn't constantly check the original headers of each letter.
I have turned on every possible protection to strict mode on my custom domain, even copied and changed SPF record to make it stricter:
v=spf1 ip4:188.8.131.52/25 ip4:184.108.40.206/24 ip4:220.127.116.11/24 ip4:18.104.22.168/21 ip6:2001:67c:2050::/48 ip4:22.214.171.124/24 mx -all
But again, some server was still able to spoof my domain and sent a letter to me in the form of "Boss <firstname.lastname@example.org>", pretending to have rights to send letters from my domain. After I checked the headers, I realized that the Mailbox.org completely doesn't check SPF, DKIM, and DMARC records.
My question is, why a paid mail service hasn't implemented phishing protection, like did the free mail services Protonmail, Tutanota, Gmail, and others?
Please, do not refer to German sources, articles and videos - I'm an international customer with English language proficiency.