We have mail server in gsuite using our primary domain. say abc.com. To help prevent spoofing on emails sent from our domain, We have enabled SPF, DMARC, and DKIM security methods on Gsuite. All the email sending from domains abc.com is now monitored with DMARC reports enabled.
Similarly, we would like to ask about securing subdomains level spoofing. One of our customers reported spoofing emails from subdomains, for eg: an email pretends to from one of our subdomains xyz.abc.com. Below is the exact example;
---------- Forwarded message ---------From: IG <wordpress@xyz.abc.com>Date: Wed, Nov 18, 2020 at 1:13 PMSubject: "your boredom solution"To: <support@abc.com>We have not set any email server on our subdomain xyz.abc.com, But spammers used the subdomains to send emails on our behalf. I am aware that I can add a subdomain on the Gsuite and generate the DKIM and DMARC records for it after adding MX records. But I am sure that is not effective for this kind of subdomain level spoofing since we have a large no of subdomains and spammers can use any one of them for spoofing.I have no plans for mail server setup for our subdomains for security since we are not sending or receiving any emails from those subdomains. We have primary domain as mail server.
Please assist us. It would be grateful if you could help us to know that how can I prevent these types of fraudulent emails from spammers to our customers. Also, I am aware that they can use any prefix to our domain to send an email. How I can act to prevent spammers who forge my subdomains to send fake messages that appear to come from my organization. Please let me know if there are tools available, that we need to implement to mitigate this risk.