[Sephr]

> "I figured if it was coming from you it would be real."

You should set up a strict DMARC policy (p=reject) to prevent people from spoofing your email address. It appears that you have not[1].

Additionally, you should harden your SPF record: change ~all to -all.

[1]: https://dmarcian.com/record-tools/azinman.com

[azinman2]

It's not a spoof when you're phished and hand over your credentials.

It also was my mom that was phished, not me.

[Sephr]

Sorry, I don't think you understand.

I'm saying that people cannot send emails to your mother pretending to be you if you were to implement the changes I have suggested.

I didn't say you were phished, I said you were spoofed. Judging by your first comment, your email address being spoofed is how your mother was phished.

[azinman2]

I do understand :) Perhaps my first comment was not clear. She never received anything from me. I'm not involved at all. It was her friend that got originally phished, which then sent a legitimate email (from an SPF record perspective) to her, which then phished her credentials, and so forth.