figure out some ways to handle phishing / scam attempts

we are getting complaints from our users about phishing and scam attempts. this ticket will try to document those and possible workarounds.

ideas:

• report issues upstream when SPF/DKIM checks out
• implement incoming DNS checks (DKIM, SPF, etc: #40539 (closed))
• implement spamassassin filtering?
• implement body checks to bounce some content, e.g. on From or specific Subject headers...