We have seen a new (to us) attempted email phishing attack. The attacker set up an account with a hosting company that provides legitimate bulk email services. They configured it so that the emails appear to come from our company domain. The actual phishing email was blocked as we have a DMARC "reject" policy in place, but the purported originator (our CEO) received a bounceback message which caused some confusion.
My idea is that we should have the option to suppress bounceback messages for emails that appear to come from our company domain and are sent to our company domain i.e. appear to be internal emails. The only time you might need a bounceback message for this scenario is if you are configuring a new email service e.g. for marketing, otherwise these bounceback messages serve no purpose.
Regards
Steve