https://portal.smartertools.com/community/a92629/fake-messages-from-smartertools_com.aspx 

I am quite curious though how they were able to send an email to my business account, my personal account and a test account that all had SM licenses attached to them... Where exactly did they get the email addresses from?

Hi echoDreamz, great question!!!

yeah they sent the same message to multiple people on my mail server

What was the source IP? I didn't get any of these but curious to check my logs and see it there were any attempts to deliver it.

-edit- Never mind. I found it.

Two attempted deliveries on my system but none passed through. Both attempts were on very old, deleted accounts. One of the two accounts was deleted over five years ago.

Below is the HEADER info from the email. That should help.

Return-Path: Received: from mout.kundenserver.de (mout.kundenserver.de [217.72.192.75]) by mail....com with SMTP    (version=TLS\Tls12    cipher=Aes256 bits=256);   Mon, 3 Feb 2020 22:48:12 -0800 Received: from smartertools.com ([77.68.93.180]) by mrelayeu.kundenserver.de (mreue108 [213.165.67.119]) with ESMTPSA (Nemesis) id 1N79ly-1jbbTz0tPI-017TS0 for ; Tue, 04 Feb 2020 07:48:03 +0100 From: Smartermail Message Protection To: bob@....com Subject: New protected message for bob@....com Date: 4 Feb 2020 06:48:02 +0000 Message-ID: <20200204064802.E3DA1C52CCB2BE36@smartertools.com> MIME-Version: 1.0 Content-Type: text/html Content-Transfer-Encoding: quoted-printable X-Provags-ID: V03:K1:BJ+c9kMd0d87gcnwMfYnYkQMyAHFeycw2jQhm/CsLKEtCOW3kKs zXwNgAuz5p+jNixBUv+NH6XcbZ4IHvD1/TCYknJUV1H3D0MZYeenetDZeoMvm5KoXyhSJH6 QffE6V1pCuxPbHCLxL/F1+LW7ZLodzGedj4EfhClmTYAGLDZk31p0HGcvx0GOCqR+B26VgH HV+RoLgAKlxrljj9ChROA== X-Spam-Flag: NO X-UI-Out-Filterresults: notjunk:1;V03:K0:ORM17s7AS58=:UNExaYc5umbK1ZKGq8ZeAg qGEY3HV5l6PG38KYHNkCOM6lH+yJu5gOCAF+njsjvld76QaKYn72QgysPWL5EnKqbh1c7ndZR TDeXWZZ6nf7HKZROyeNyM1mPEzvCCGT7UsM/5tTWpu+5rKcUAkTMljnPFsU+Gfcz8vWd82MDF 5G49lkPCrov1k0TTtZn37XEXTG/thF+cny6MYiUU/7SSZ9ZVSI1vrIlwP/67l937UWfGe73n+ 0XSZq5a2Pag2eYt/jK2e1n3mrkAqSsa1FMDjVO/kz7Cou+//LhJvEAAT/s3lqN2S8gPkQObIy XBcBIoPW+y+vOvTXA5abGWu6epPI5s64EOzhHmZmrA9zpTYOp/KgpzfoBxPyOLDj9HLfMtJ/B 9NWOV6lpukM0dJbCtxZCmR7qioRa2k+eIL/hRCx+kg7as1LZw1E8KHPo6t1w6dz7VuffP3YRj FzyQpkmZhmfXVLjk3Rh1CaSV4AvP9RhlxhyjX/2WC/sDwTCpE/sOvT9XmFEyLcqBsmKFY7FPl UbQ7DemCy/nh2OraHQ3lhlBJtm1H0Mzh2BKtl6WeBY1g91CLEE2hLmzoQjCFrVJoxbhqgyqUK 10FqPE7rL/8uVTg4lC5YgswAH/7/+7FrPgidkVTrWTlW+ESkmtBOUypPATII58eIAFJ95cvMP r0aIV++66lTIOIaaC0cLKXPHr7yAQjbl+y+P3Ja4KmQn7+UWHg0rhO9C7WA0yl4gyYM3Csgj4 taY0i+LWe9OT1EolQSTktzmb6vs2NYthf2kJtQC0WjizvIsGMS9fLJx7mhRWmE0bJE0cdjWrb oLu+p2wcX/f3lpv3QulauoJq/Q6C9dboIZwnYobu43jNIWz/PJOZx9Gx2zVIRaZdfAgsr2fHQ ukv11SnUp9zqYPNYCAGmUJZv95zfxY00rRYSlTPirZOGnUTuGHnToChxtnldCP/7ppNUFNlxE VyHW5zYO1evIT3u2qcORUxksv4YeLA84I7O26w6u0OEIgcMdzJBKiBf2NxGDpzTK4zxIahXKV QafnQrRWicQWtfAGCpP2/4i+424NPzB9n1WWlcObjR4a X-SmarterMail-Spam: SPF_SoftFail, Reverse DNS Lookup [Passed], Message Sniffer 0 [code:0], ISpamAssassin 0 [raw: 0], DK_None, DKIM_None X-MessageSniffer-ResultCode: 0 X-SmarterMail-TotalSpamWeight: 3 X-Antivirus: Avast (VPS 200203-2, 02/03/2020), Inbound message X-Antivirus-Status: Clean

Thanks, Andrea. That's encouraging. 

Regarding the SPF spam settings. Here are my settings. The problem is, the score must be 15 or higher to be marked Spam. Would you recommend adjusting my settings so these types of spoofing emails do not get through?

For us, we block on SPF failures and give spam weight to soft fails.

OK thanks. I will try that.