19Oca
Should I take action if I receive a phishing email that passes all email sender checks?
I received an email that passed all the email sender checks (spf, dkim, dmarc), and the sent-from domain is a legitimate domain from a legitimate company. However, the email content itself was suspiciously phish-y. I even started to write a reply email advising they were mistaken, until I noticed that the reply-to was actually to another email domain. The reply-to domain goes nowhere and it's just a registered name with no hosted website, making me conclude this was indeed a phishing email.
Seeing that the legitimate companies' email security was compromised somehow, should I inform them? If so, how? Any information to give to the legitimate company about the phishing email?
