Recent industry changes by Apple, Google and Yahoo have meant many queries at work as we have ramped up our SPF, DMARC and DKIM settings to prevent spammers spoofing our domains.
In short, 3rd party suppliers that provide web services for us are no longer able to just spoof our domains and need to register their email servers on our DNS SPDF record as an authorised sender. Many question why they need to do this, when its worked for years and trying to point out that was was ok in 2014 is not okay now in 2024 if we want to stop the spoofers and spammers trying to snare our users that rely on our services.
NCSC provide a service to report phishing emails to them as report@phishing.gov.uk and tools to check how secure a domain is when you want to see how likely it is to be spoofed, ie sent pretending to be someone else, available here.