I am trying to figure out why some emails are not getting stopped by the spam filter and am looking for some help and guidance from the community. We have some emails from a domain: unitecreative.ca who’s been complaining about phishing scams getting through roughly once to twice a day. The email looks something like this, with a .doc file attachment, but changes over time (language, content): ========================================================================== From: David Niemela <firstname.lastname@example.org> <email@example.com> Date: November 15, 2018 at 10:35:02 PM EST To: firstname.lastname@example.org Subject: Your David Niemela Statement Good Afternoon, I have sent email to you confirming last invoice. Best Regards, - David Niemela email@example.com ========================================================================== That being said, they are getting emails from “themselves” at least that is in the From Address. So for instance, David Niemela, who is an employee of unitecreative.ca is the “from” on emails, even though the actual sender is: "firstname.lastname@example.org" for example. The PMG doesn’t think this is a problem and sends the message through with the attachment to the end user, which is someone else at unitecreative.ca mx1 pmg-smtp-filter: 2D0235BEE3AF1A3F2E: SA score=0/5 time=1.403 bayes=4.9960036108132e-16 autolearn=no autolearn_force=no hits=BAYES_00,DKIM_INVALID,DKIM_SIGNED,HEADER_FROM_DIFFERENT_DOMAINS,RCVD_IN_DNSWL_NONE,SPF_PASS My question is how do I configure the server to reject these types of emails since they are frustrating to the person receiving them? Currently my Block Spam is at a level of 5. Should I turn this down more to 4 or 3? I don’t want to block legitimate email though at the same time, so before I modify that section, I’m looking at pointers from anyone whose seen this similar type of spam getting through. Thanks for any help you can provide!