Hello everyone,
For about a month, if not more, we have been receiving the same email, EVERY minute.
It isn’t even considered spam by the system! In short I route it to the trash but I’d like to set up an automatic rejection. Is that possible?
Our address boutique@domaine.com is on OVH Exchange and the email in question is attached.
The sender is supposed to be our own address...
Can you find a solution for me?
DKIM and SPF are enabled.
I also receive the same ones, but rather between 3 and 5 per week, not every minute!
Could you extract the headers of two of them and compare to see if there’s any duplication when they arrive at OVH?
Hi,
in addition to the control given by @fritz2cat
In Exchange you have these options that you can enable
But be careful, that certainly means (I don’t know) that you will also no longer receive legitimate emails that are misconfigured.
Which legitimate server nowadays doesn't use SPF+DKIM?
I don't know what makes you say that it's not active.
Hello TTY, DKIM and SPF are already active but without results.
Hello, here is the full header:
Received: from DAG21EX3.indiv2.local (172.16.2.213) by DAG21EX3.indiv2.local
(172.16.2.213) with Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.2562.37 via Mailbox
Transport; Wed, 20 May 2026 13:42:48 +0200
Received: from CAS27.indiv2.local (172.16.1.27) by DAG21EX3.indiv2.local
(172.16.2.213) with Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.2562.37; Wed, 20 May
2026 13:42:48 +0200
Received: from [198.163.194.101] (198.163.194.101) by ex2.mail.ovh.net
(172.16.1.27) with Microsoft SMTP Server id 15.2.2562.37 via Frontend
Transport; Wed, 20 May 2026 13:42:45 +0200
Received: from qmormkw ([40.61.147.73]) by 48911.com with MailEnable ESMTP; Wed, 20 May 2026 16:42:47 +0500
Received: (qmail 48387 invoked by uid 483); 20 May 2026 16:42:45 +0500
From: boutique@bc-elec.com
To: boutique@bc-elec.com
Subject: YOU PERVERT! I RECORDED YOU!
Date: Wed, 20 May 2026 16:42:47 +0500
Message-ID: 4838761.48387@48911.com
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="yzr483874838"
Return-Path: boutique@bc-elec.com
X-MS-Exchange-Organization-Network-Message-Id: 89c1c5ba-f492-4d17-8f9c-08deb664ea80
X-MS-Exchange-Organization-AVStamp-Enterprise: 1.0
X-MS-Exchange-ABP-GUID: 34ccf053-2850-476c-9647-a5592acadea1
DKIM-Signature: v=1; a=rsa-sha256; d=bc-elec.com; s=ovhex65036-selector1;
c=relaxed/relaxed; t=1779277368; h=from:to:subject:date;
bh=O2FgQDpUe66FLBprl0mVmTXO5MNvo/5tM9aBtv8d3rM=;
b=fUalnFmT0X+jv9z15TcouHIrEMkRI4Z+JE5fk7i663WPTDKIB0gjD6HMYXxQCpqoLizPuDWTcjrC1QoodFEpZSQZ/uXYTe5+mupgq9myRDjro930ooFlf4nLCfVUnVLtR6Ayr/tjAQuZtRHKCAU2THymMxSgSjYsMW3b73diVcVr27KN/dxy/RFa+996mMLMfdHKjRWpRluAYnhNJCuyBVydp4oAEbwCSEU2+1iOnUHVEEyIwSzSlxldv6GVxagwB2qVtrm0KsnpuVr79AZgEIL/LEJY/5M2uJLL/wAqiJ6emMew+HYug4SqC839FqGaKxWExufrZWA9CiW2C0L9Gw==
X-MS-Exchange-Organization-AuthSource: CAS27.indiv2.local
X-MS-Exchange-Organization-AuthAs: Anonymous
X-MS-Exchange-Transport-EndToEndLatency: 00:00:02.8062921
X-MS-Exchange-Processed-By-BccFoldering: 15.02.2562.037
Hello,
I’m having some issues with your email. It is DKIM‑signed by OVH’s Exchange server, using this key
ovhex65036-selector1._domainkey.bc-elec.com. 60 IN CNAME ovhex65036-selector1._domainkey.90118.cy.dkim.mail.ovh.net.
Normally only outbound mail is signed. You should open an incident ticket with OVH: "why did the server sign and authenticate an incoming message? Moreover, this email is spoofed—it pretends to be from me."
For your domain, you have set the MX to: 10 ex2.mail.ovh.net.
By using this MX instead of the recommended values mx0.mail.ovh.net to mx5.mail.ovh.net, you skip a step and bypass the antivirus and antispam. You avoid SPF and DMARC validation, so everything gets through without any checks.
On the OVH side it's hard to get support. Apparently you have to pay for it? Their explanations point to the forum... How convenient!
Regarding the MX:10, is that at the domain's DNS zone level?
Hello,
Yes, the MX records that determine which server incoming mail should be presented to are declared in the DNS zone.
Hello, I modified the MX in the DNS zone:
IN MX 1 mx0.mail.ovh.net.
IN MX 5 mx1.mail.ovh.net.
IN MX 50 mx2.mail.ovh.net.
IN MX 100 mx3.mail.ovh.net.
And apparently I hardly have this email in my spam or inbox anymore...
Thanks 
If you have any other recommendations, feel free to let me know.
@fritz2cat world champion
@GuerricR mark the post as resolved.