Hey Brantz,
This is most commonly caused by missing DNS records and bad settings or a compromised account on the domain.
Let's start with settings.
- Do you have Require SMTP authentication turned on for the domain? This is located in Manage->Domain.com->Secuirty
- Do you have "Enable domain's SMTP auth setting for local deliveries" turned on? If not then it doesn't require authentication to login as one of your users and send an email to a local user. This is located in Settings->Protocols->SMTP-IN.
- Do you have good password requirements and is everyone on your domain in compliance with your policy? You can change this by domain by going to Manage->Domains->Domain.com->Password requirements or you can change it for all domains by going to Settings->Password Requirments.
- Do you have DMARC enabled? This is located in Settings->Antispam If this is disabled then your DMARC policy will not be followed.
Let's move to the DNS part next. Do you have SPF, DKIM, and DMARC setup for your domain?
If not then I recommend doing so and once you verify that all is working change the DMARC policy to reject that way external emails with your email address will be rejected.
Please let me know if this helps.
Thanks,
Zach Sylvester
Software Developer
SmarterTools Inc.
www.smartertools.com