Someone is sending spam emails from my email address. And it looks like these emails have DKIM.
How is this can be possible if they doesn’t have access to that email?
(my emails handles by something like google and i changed passwords to that account)
Answer
The problem was that DKIM just signs the domain from which emails have been sent, but it doesn’t guarantee it was your domain.
So i should set DMARC policy + SPF to prevent occurrence of such situation in the future.
Attribution
Source : Link , Question Author : Eugene , Answer Author : Eugene