DKIM, DMARC, and (hard) SPF records on CiviCRM servers
TPA-RFC-44 emergency procedures (#40981 (closed)) was adopted, let's move on with the first step:
SPF (hard), DKIM and DMARC (soft) records on CiviCRM
Deploy DKIM signatures on outgoing mail on CiviCRM
Deploy a "soft" DMARC policy with postmaster@ as a reporting endpoint
Harden the SPF policy for to restrict it to the CRM servers and eugeni
This would be done immediately.