How Can I Stop Phishing Emails from My Own Domain?

Have you set up SPF and DMARC records for your domain? These can really help in stopping email spoofing. You might want to check the source of the emails using tools like MXToolbox to see where they're really coming from. Also, there's a great guide on SPF and DMARC from Cloudflare that you could check out.

It sounds like your email might be getting spoofed. If the envelope-from address is being abused, you're likely dealing with a direct send exploit. I recommend looking up that term for guidance on how to configure your settings to prevent it.

Consider switching from GoDaddy to a better email provider if you're seeing consistent issues. GoDaddy's email hosting can be tricky, and their tools for managing SPF and DMARC can be cumbersome. Look into alternatives that offer better support for email security.

You're not alone; I faced this issue with M365 as well. Make it a goal to enable SPF, DKIM, and DMARC for your domain this week. It's straightforward and provides a layer of protection against those impersonation attacks. I found a helpful tutorial that walked me through the setup process.

Verifying your SPF, DKIM, and DMARC settings is key. If these aren't configured correctly, spoofing can happen easily. You should also check the M365 Defender admin panel for any outbound emails from your accounts. Most likely, there won’t be any malicious ones sending them out; it’s just an impersonation.